Particle.news
Download on the App Store
9 ARTICLES
·
1h ago

Oracle Rushes Patch for E‑Business Suite Zero‑Day Exploited by Cl0p

Investigators urge immediate patching with compromise checks after a matching exploit leaked publicly, raising risk of wider attacks.

Oracle E-Business Suite hack
Image

Overview

  • Oracle issued an emergency fix for CVE-2025-61882, a critical unauthenticated remote code execution flaw (CVSS 9.8) in the BI Publisher Integration component of Oracle Concurrent Processing affecting E-Business Suite 12.2.3–12.2.14, with the October 2023 CPU required before applying the update.
  • Mandiant says Cl0p used this zero-day alongside earlier EBS bugs patched in July to steal large volumes of data in August, with extortion emails to victims starting in late September.
  • Oracle published indicators of compromise, including two source IPs, a reverse shell command, and hashes and filenames tied to the exploit used in the attacks.
  • An exploit archive leaked on Telegram by actors calling themselves Scattered Lapsus$ Hunters matches Oracle’s IOCs, though any relationship with Cl0p remains unconfirmed.
  • At least one organization has confirmed data theft and responders reported ransom demands reaching up to $50 million, as experts warn of likely n‑day exploitation by additional threat actors.