Clop exploited Oracle zero-day for data theft since early August
submitted by /u/Doug24 [link] [comments]
Articles tagged with: #zero-day
Clear filter
Clop exploited Oracle zero-day for data theft since early August
The Clop ransomware gang has been exploiting a critical Oracle E-Business Suite (EBS) zero-day bug in data theft attacks since at least early August, according to cybersecurity company CrowdStrike.
CrowdStrike Warns of New Mass Exploitation Campaign Leveraging Oracle E-Business Suite 0-Day
A widespread campaign observed exploiting a novel zero-day vulnerability in Oracle E-Business Suite (EBS) applications, now tracked as CVE-2025-61882. First observed on August 9, 2025, this unauthenticated remote code execution (RCE) flaw is being weaponized to bypass authentication, deploy web shells, and exfiltrate sensitive data from internet-exposed EBS instances. CrowdStrike assesses with moderate confidence that
Cisco ASA/FTD 0-Day Vulnerability Exploited for Authentication Bypass - PoC Released
Cisco has released advisories for a zero-day exploit chain affecting its Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) software, which is reportedly being used in highly targeted attacks by an unknown threat actor. According to Rapid7, the exploit chain combines two vulnerabilities, CVE-2025-20362 and CVE-2025-20333, to achieve unauthenticated remote code
Cl0p Ransomware Actively Exploiting Oracle E-Business Suite 0-Day Vulnerability in the Wild
Oracle has issued an emergency security alert for a critical zero-day vulnerability (CVE-2025-61882) in its E-Business Suite after the notorious Cl0p ransomware group began extorting customers who failed to patch their systems. The vulnerability, carrying a maximum CVSS score of 9.8, affects the Business Intelligence Publisher (BI Publisher) Integration component and enables remote code execution
Cisco ASA Zero-Day: 90,000 FTD Devices Exposed, Threat Hunting Guide (CVE-2025-20333 · CVE-2025-20362)
On September 25, 2025, Cisco warned that it had discovered two zero-day vulnerabilities in Cisco ASA (Adaptive Security Appliance) that are being exploited in the wild. In this post, we examine the threats and impacts of CVE-2025-20333 and CVE-2025-20362, and discuss recommended security mitigations. CVE-2025-20333 · CVE-2025-20362: Cisco ASA Zero-Day Vulnerabilities One of the Cisco
Oracle zero-day defect amplifies panic over Clop's data theft attack spree
The notorious ransomware group exploited multiple vulnerabilities, including a zero-day, for at least eight weeks before alleged victims received extortion demands.
CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability Tracked as CVE-2025-61882
submitted by /u/digicat [link] [comments]
CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability (now tracked as CVE-2025-61882)
submitted by /u/BradW-CS [link] [comments]
CVE-2025-61882: Detection for CVE-2025-61882 - Oracle E-Business zero-day
submitted by /u/digicat [link] [comments]
Extortion campaign targeting Oracle E-Business Suite customers linked to zero-day
Mandiant researchers said Clop ransomware is indeed linked to a series of emails threatening to release stolen data.
.webp)
NCSC Warns of Oracle E-Business Suite 0-Day Vulnerability Actively Exploited in Attacks
NCSC has issued an urgent warning regarding a critical zero-day flaw in Oracle E-Business Suite (EBS) that is currently being exploited in the wild. Tracked as CVE-2025-61882, the vulnerability resides in the BI Publisher Integration component of Oracle Concurrent Processing and allows unauthenticated remote code execution. Organisations running EBS versions 12.2.3 through 12.2.14 - especially those exposed
Oracle released an emergency fix for a critical E-Business Suite zero-day vulnerability that was exploited in Clop data theft attacks
submitted by /u/rkhunter_ [link] [comments]
PoC Exploit Released for Remotely Exploitable Oracle E-Business Suite 0-Day Vulnerability
A critical zero-day vulnerability in Oracle E-Business Suite has emerged as a significant threat to enterprise environments, with proof-of-concept (PoC) exploit code now publicly available. CVE-2025-61882 presents a severe security risk, achieving a maximum CVSS 3.1 score of 9.8 and enabling remote code execution without authentication across multiple Oracle E-Business Suite versions. The vulnerability affects
Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files
A now patched security vulnerability in Zimbra Collaboration was exploited as a zero-day earlier this year in cyber attacks targeting the Brazilian military. Tracked as CVE-2025-27915 (CVSS score: 5.4), the vulnerability is a stored cross-site scripting (XSS) vulnerability in the Classic Web Client that arises as a result of insufficient sanitization of HTML content in ICS calendar files,
Hackers Exploit Zimbra Vulnerability as 0-Day with Weaponized iCalendar Files
A zero-day vulnerability in the Zimbra Collaboration Suite (ZCS) was actively exploited in targeted attacks earlier in 2025. The flaw, identified as CVE-2025-27915, is a stored cross-site scripting (XSS) vulnerability that attackers leveraged by sending weaponized iCalendar (.ICS) files to steal sensitive data from victims' email accounts. The attacks were first identified by StrikeReady, which
Oracle patches EBS zero-day exploited in Clop data theft attacks
Oracle is warning about a critical E-Business Suite zero-day vulnerability tracked as CVE-2025-61882 that allows attackers to perform unauthenticated remote code execution, with the flaw actively exploited in Clop data theft attacks.
CVE-2025-61882: Frequently Asked Questions About Oracle E-Business Suite (EBS) Zero-Day and Associated Vulnerabilities
Following reports the Cl0p ransomware group has been extorting Oracle E-Business Suite customers, Oracle released an advisory for a zero-day that was exploited in the wild. Background Tenable's Research Special Operations (RSO) team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding a newly disclosed Oracle zero-day vulnerability that was exploited in the wild along with other recently patched vulnerabilities part of Oracle's initial investigation. FAQ What is the...
Hackers exploited Zimbra flaw as zero-day using iCalendar files
Researchers monitoring for larger .ICS calendar attachments found that a flaw in Zimbra Collaboration Suite (ZCS) was used in zero-day attacks at the beginning of the year.