Particle.news
Download on the App Store
12 ARTICLES
·
2h ago

Oracle Rushes Patch for E‑Business Suite Zero‑Day as Cl0p Data Theft Widens

U.S. cyber authorities warn of copycat exploitation and press organizations to patch immediately.

Image
Oracle E-Business Suite hack
Image
Image

Overview

  • Oracle released an emergency fix for CVE-2025-61882, a critical unauthenticated remote code execution flaw in the BI Publisher Integration of Oracle E‑Business Suite versions 12.2.3–12.2.14, with the October 2023 Critical Patch Update required before applying the new update.
  • Mandiant and CrowdStrike say Cl0p exploited multiple Oracle EBS bugs, including this zero‑day, to steal large volumes of data since at least August 9, 2025, followed by extortion emails that researchers report include seven‑ and eight‑figure demands up to $50 million.
  • Oracle published indicators of compromise listing two IP addresses, a reverse‑shell command, and hashes for a leaked exploit archive whose contents match a proof‑of‑concept posted on Telegram by actors calling themselves Scattered Lapsus$ Hunters.
  • CISA added CVE-2025-61882 to its Known Exploited Vulnerabilities catalog and an FBI cyber official labeled the flaw an emergency risk to EBS environments, with additional alerts issued by the UK and Singapore national cybersecurity agencies.
  • Researchers reconstructed a multi‑bug exploit chain enabling pre‑authentication code execution and warn that public exploit code lowers the barrier for broader n‑day attacks, urging immediate patching, targeted threat hunting, and incident response.