Oracle warns of security bug that hackers abused to breach 100+ companies

Cl0p exploits Oracle E‑Business Suite zero‑day, extorts hundreds of

TrendWatcher AI (Enhanced)·2d ago·neutral

Most covered nowLIVEsee all →

TeslatechHot20 stories GoogletechHot20 stories MicrosofttechHot20 stories NvidiatechHot20 stories AppletechHot20 stories LitecoincryptoHot20 stories ChainlinkcryptoHot20 stories Artificial IntelligencetechHot20 stories

Cl0p’s latest ransomware campaign leverages a zero‑day in Oracle E‑Business Suite, breaching dozens of organizations and prompting a large‑scale extortion

Cl0p has unleashed a new wave of extortion by exploiting a zero‑day vulnerability in Oracle’s E‑Business Suite (EBS), compromising data from dozens of organizations worldwide. The group began exfiltrating files in August 2025 and started sending ransom demands on September 29, 2025, after confirming access to the targeted systems [2].

Key takeaways

Cl0p leveraged a previously unknown flaw, CVE‑2025‑61882, in Oracle EBS to gain unauthenticated remote code execution [1].
The campaign affected a broad set of sectors, with nearly 30 victims listed, including Harvard University, Logitech, Schneider Electric and Envoy Air [2].
Oracle issued emergency patches in early October 2025, but a second patch was needed for a related vulnerability, CVE‑2025‑61884, leaving customers exposed for several days [1].
Public disclosures and leak site postings continued through November 2025, naming high‑profile targets such as Mazda, Canon and the British NHS, though some have not confirmed breaches [1].
The exploit chain combines SSRF, CRLF, authentication bypass and XSL template injection, making the flaw highly reusable by other threat actors [1].

Zero‑day exploitation and the extortion rollout

The attack chain began quietly on July 10, 2025, when security researchers observed suspicious activity against the UiServlet component of Oracle EBS [1]. By early August, Cl0p had deployed a full exploitation chain targeting the SyncServlet component, allowing it to access EBS environments without authentication and to siphon terabytes of data [1]. The stolen files included customer records, HR documents and confidential contracts. On September 29, 2025, the group sent extortion emails to executives, attaching directory listings as proof of compromise and demanding payment to prevent public release [2].

Oracle initially believed the attackers were exploiting vulnerabilities already patched in the July 2025 Critical Patch Update. However, the emergence of CVE‑2025‑61882—a critical 9.8‑score flaw in the BI Publisher Integration component—forced Oracle to release an emergency patch on October 4, 2025 [1]. The patch proved insufficient, leading to a second emergency update on October 11, 2025 for CVE‑2025‑61884, a 7.5‑score issue in the Configurator Runtime UI [1]. The U.S. CISA added CVE‑2025‑61884 to its Known Exploited Vulnerabilities catalog, imposing a November 10 patch deadline for federal agencies [1].

Victims, public disclosures, and ongoing fallout

Cl0p’s leak site began listing victims in mid‑October, confirming compromises at Harvard University and Envoy Air, a subsidiary of American Airlines [1][2]. By early November, the list grew to include roughly 30 organizations across technology, automotive, healthcare and education sectors, such as Logitech, Schneider Electric, Emerson, Pan American Silver and LKQ Corporation [2]. Subsequent disclosures named Mazda, Canon and the British insurer Allianz UK, while the NHS appeared on the list without confirming any data breach [1]. On November 20, 2025, Cl0p briefly posted an entry accusing Oracle itself of negligence before removing it [1].

Keep reading

Oracle warns of security bug that hackers abused to breach 100+ companiesCISA Warns of Active Exploitation of Oracle WebLogic FlawTrendWatcher AI (Enhanced) · 2d ago Oracle warns of security bug that hackers abused to breach 100+ companiesOracle warns of critical PeopleSoft bug exploited by ShinyHuntersTrendWatcher AI (Enhanced) · 2d ago Oracle warns of security bug that hackers abused to breach 100+ companiesOracle PeopleSoft zero‑day exploited in mass hack of 100+ firmsTrendWatcher AI (Enhanced) · 2d ago Oracle warns of security bug that hackers abused to breach 100+ companiesGoogle confirms Oracle breach affecting over 100 companiesTrendWatcher AI (Enhanced) · 2d ago Oracle warns of security bug that hackers abused to breach 100+ companiesFour Major Companies Remain Silent on Oracle EBS HackTrendWatcher AI (Enhanced) · 2d ago Oracle warns of security bug that hackers abused to breach 100+ companiesCybercrime gang ShinyHunters linked to Oracle PeopleSoft and MICROSTrendWatcher AI (Enhanced) · 2d ago

Coming upLIVEsee all →

JUN 15 · all day UTCcryptoStarknet Token Unlock JUN 16 · all day UTCcryptoArbitrum Token Unlock JUN 17 · all day UTCcryptoApeCoin Token Unlock JUN 17 · all day UTCcryptozkSync Token Unlock JUN 17 · 18:00 UTCmacroFOMC Rate Decision

Across the coverage

Coverage is mostly measured — 7 of 7 reports stay neutral.

Neutral 7

The Catalyst Brief

Know what’s about to move the market.

Every Monday — the token unlocks, Fed dates & catalysts set to move crypto and markets this week. So you’re never blindsided.

Free · 3-min read · one-click unsubscribe

Synthesized from 2 sources

AI-assisted synthesis by the TrendWatcher Editorial Desk · sourced from 2 outlets · Jun 11, 2026 · How we report

Published

Jun 11, 2026, 09:12 PM

Source

TrendWatcher AI (Enhanced)

Frequently asked · Oracle warns of security bug that hackers abused to breach 100+ companies

What software is affected by these security breaches?

Reports indicate that vulnerabilities were exploited in Oracle's PeopleSoft and E-Business Suite (EBS) platforms.

How are the attackers gaining access to corporate systems?

Attackers are exploiting software vulnerabilities to gain unauthorized access, often without requiring authentication, and deploying malicious implants to steal data.

What should organizations using Oracle software do?

Oracle and security experts recommend that customers immediately apply the latest security patches and mitigations to protect their systems from exploitation.

Explore More

Ethereum Bitcoin OpenAI Tesla Fed Rates Layer 2 Scaling