Oracle zero-day defect amplifies panic over Clop’s data theft attack spree
Federal cyber authorities and threat hunters are on edge following Oracle’s disclosure of an actively exploited zero-day vulnerability the Clop ransomware group used to initiate a widespread data theft and extortion campaign researchers initially warned about last week.
Oracle addressed the critical vulnerability — CVE-2025-61882 affecting Oracle E-Business Suite — in a security advisory and advised customers to apply the patch as soon as possible. The tech giant previously said it was aware some customers had received extortion emails and said vulnerabilities it addressed in its July security update were potentially involved.
Rob Duhart, chief security officer at Oracle Security, updated his blog post Saturday to alert customers to the zero-day. Oracle did not say the zero-day is actively exploited but it provided indicators of compromise, which indirectly confirm the defect has been exploited in the wild.
Read more at CyberScoop