< ciso
brief />
Tag Banner

All news with #oracle tag

85 articles · page 4 of 5

Oracle Quietly Fixes E-Business Suite SSRF Zero-Day

🔒 Oracle released an out-of-band security update addressing a pre-authentication SSRF vulnerability (CVE-2025-61884) in E-Business Suite after a proof-of-concept exploit was leaked by the ShinyHunters group. The update validates attacker-supplied return_url values with a strict regex to block injected CRLFs and other malformed inputs. Researchers from watchTowr Labs, and multiple customers, confirmed the patch closes the SSRF component that remained after Oracle's earlier Oct. 4 emergency updates. Customers should apply the update immediately or implement a temporary mod_security rule blocking access to /configurator/UiServlet.
read more →

Oracle issues second emergency patch for E-Business Suite

⚠️ Oracle released an emergency security alert on October 11 for CVE-2025-61884, a 7.5 CVSS information-disclosure flaw in the Runtime UI component of E-Business Suite (versions 12.2.3–12.2.14). The vulnerability allows unauthenticated remote attackers with network access to steal sensitive data. The patch arrives one week after an emergency fix for a Cl0p-exploited RCE, and experts urge administrators to apply updates, hunt for prior compromise, and restrict outbound traffic from EBS servers.
read more →

Oracle issues emergency patch for E-Business Suite

🔒 Oracle released an emergency update to address CVE-2025-61884, an information disclosure flaw in the E-Business Suite Runtime UI that affects versions 12.2.3 through 12.2.14. The vulnerability is remotely exploitable without authentication and has been assigned a CVSS base score of 7.5, meaning a successful exploit could expose sensitive resources. Oracle strongly urges customers to apply the out-of-band patch or recommended mitigations immediately, particularly for internet-facing instances.
read more →

Weekly Recap: WhatsApp Worm, Oracle 0-Day and Ransomware

⚡This weekly recap covers high-impact incidents and emerging trends shaping enterprise risk. Significant exploitation of an Oracle E-Business Suite zero-day (CVE-2025-61882) and linked payloads reportedly affected dozens of organizations, while a GoAnywhere MFT flaw (CVE-2025-10035) enabled multi-stage intrusions by Storm-1175. Other highlights include a WhatsApp worm, npm-based phishing chains, an emerging ransomware cartel, AI abuse, and a prioritized list of critical CVEs.
read more →

Harvard Probes Data Breach Linked to Oracle Zero-Day

🔒 Harvard University is investigating a data breach after the Clop ransomware gang listed the school on its data leak site and attributed the incident to a recently disclosed Oracle E-Business Suite zero-day (CVE-2025-61882). A Harvard IT spokesperson said the issue affected a limited number of parties within a small administrative unit and that a patch from Oracle was applied upon receipt. The university reports no evidence of broader compromise while it continues monitoring.
read more →

High-Severity Oracle E-Business Suite Vulnerability Alert

🔒 Oracle issued an alert for CVE-2025-61884, a high-severity (CVSS 7.5) flaw in Oracle E-Business Suite versions 12.2.3 through 12.2.14 that can be exploited remotely over HTTP without authentication. The NIST description warns the defect permits an unauthenticated attacker to compromise Oracle Configurator, potentially exposing or allowing complete access to critical configurable data. Oracle urges administrators to apply the update immediately; it has not reported observed in-the-wild exploitation.
read more →

Google: Clop Exfiltrated Data via Oracle E-Business Flaw

🔍 Google Threat Intelligence and Mandiant report the Clop (FIN11) actor likely exfiltrated a significant amount of data from Oracle E-Business Suite environments beginning as early as August 9, 2025. The group sent extortion emails to executives from September 29 and supplied legitimate file listings to substantiate claims. Attackers exploited the zero-day CVE-2025-61882 prior to an emergency patch released on October 4, 2025. Investigators advise urgent patching, hunting for malicious templates, restricting outbound EBS traffic, and performing Java memory forensics.
read more →

Cl0p-Linked Actors Exploit Oracle E-Business Suite

🔔 Google Threat Intelligence Group and Mandiant report a multi-stage zero-day campaign exploiting Oracle E-Business Suite (tracked as CVE-2025-61882, CVSS 9.8) that has impacted dozens of organizations since August 2025. The attackers combined SSRF, CRLF injection, authentication bypass and XSL template injection to achieve remote code execution and deploy multi-stage Java loaders. Observed payloads include GOLDVEIN.JAVA and a SAGEGIFT/SAGELEAF/SAGEWAVE chain; orchestration and extortion messaging bear the Cl0p signature. Oracle has released patches and investigations by GTIG and Mandiant are ongoing.
read more →

Oracle EBS Zero-Day Exploitation and Extortion Campaign

⚠️ GTIG and Mandiant tracked a large-scale extortion campaign beginning Sept. 29, 2025, in which actors claiming affiliation with the CL0P brand alleged theft from Oracle E‑Business Suite (EBS) environments. Analysis indicates exploitation of a zero-day (CVE-2025-61882) as early as Aug. 9, 2025, with suspicious activity dating back to July 10. Attackers abused UiServlet and SyncServlet flows, embedding Java payloads via XSL templates to achieve unauthenticated RCE and deploy in-memory implants. Organizations are urged to apply Oracle emergency patches, hunt for malicious templates in XDO_TEMPLATES_B/XDO_LOBS, and restrict outbound traffic to disrupt C2.
read more →

Oracle EBS Zero-Day Exploited by Clop Since August

🔒 CrowdStrike reports the Clop ransomware gang has been exploiting an Oracle E-Business Suite zero-day, CVE-2025-61882, since early August to steal sensitive documents. The flaw resides in the BI Publisher Integration of Concurrent Processing and allows unauthenticated remote code execution via a single HTTP request. Oracle issued a patch and warned customers to apply updates immediately as extortion emails tied to stolen EBS data are being circulated.
read more →

NCSC Urges Patch for Critical Oracle E-Business Bug

🔔 The UK's National Cyber Security Centre has urged Oracle E-Business Suite customers to apply an emergency update for CVE-2025-61882, a critical unauthenticated remote code execution vulnerability in the BI Publisher Integration component affecting EBS 12.2.3–12.2.14. Security firm Mandiant reports the Clop ransomware group exploited the bug as a zero-day in August, and the exploit has since been leaked, raising the risk of wider attacks. The NCSC and Rapid7 recommend immediate compromise assessments using Oracle's IoCs, contacting Oracle PSIRT and the NCSC if compromise is suspected, installing the latest EBS update (with the October 2023 CPU applied first), and reducing internet exposure of EBS instances.
read more →

Oracle EBS Targeted by Cl0p Exploiting CVE-2025-61882

🚨 CrowdStrike attributes the exploitation of Oracle E-Business Suite to Graceful Spider, also known as Cl0p, with the first observed compromise on August 9, 2025. The attacks exploit a critical pre-authentication remote code execution flaw, CVE-2025-61882 (CVSS 9.8), enabling authentication bypass and the upload of malicious XSLT templates via Oracle XML Publisher. Successful exploitation leads to outbound connections from the Java web server and remote web shell deployment for data exfiltration and persistence; CISA has added the flaw to its Known Exploited Vulnerabilities catalog and urged agencies to patch immediately.
read more →

Oracle issues emergency patch for EBS zero-day RCE

🔴 Oracle has released an emergency patch addressing a critical zero-day remote code execution flaw, CVE-2025-61882, in the E-Business Suite BI Publisher Integration component. The vulnerability (affecting versions 12.2.3–12.2.14) is rated 9.8 on the CVSS scale and is exploitable remotely without authentication. Cl0p actors are linked to active exploitation and high-value extortion demands; Oracle published IoCs and strongly urges immediate patching and aggressive compromise hunting.
read more →

Cl0p Exploits Critical Oracle E-Business Suite Flaw

🔒 Oracle released an emergency patch to address a critical unauthenticated vulnerability in E-Business Suite (CVE-2025-61882) with a CVSS score of 9.8. The flaw allows remote code execution against the Oracle concurrent processing component over HTTP and has been actively exploited by the Cl0p group in large-scale data theft. Security firms report mass email-based distribution from hundreds of compromised accounts and recommend immediate patching and forensic checks for listed IoCs and suspicious GET/POST activity.
read more →

Weekly Cyber Recap: Oracle 0-Day, BitLocker Bypass

🛡️Threat actors tied to Cl0p exploited a critical Oracle E-Business Suite zero-day (CVE-2025-61882, CVSS 9.8) to steal large volumes of data, with multiple flaws abused across patched and unpatched systems. The week also spotlights a new espionage actor, Phantom Taurus, plus diverse campaigns from WordPress-based loaders to self-spreading WhatsApp malware. Prioritize patching, strengthen pre-boot authentication for BitLocker, and increase monitoring for the indicators associated with these campaigns.
read more →

Mass Exploitation of Oracle E-Business Suite Zero-Day

🔒 CrowdStrike is tracking a mass exploitation campaign abusing a novel zero-day, CVE-2025-61882, against Oracle E-Business Suite (EBS) that enables unauthenticated remote code execution and data exfiltration. First observed on 2025-08-09, activity accelerated after a proof-of-concept surfaced on 2025-10-03 and Oracle released an advisory with IOCs on 2025-10-04. CrowdStrike assesses likely involvement by the actor tracked as GRACEFUL SPIDER (moderate confidence) while acknowledging multiple actors may be exploiting internet-exposed EBS instances; detection and mitigation guidance and Falcon tooling are provided to help defenders.
read more →

Oracle issues emergency patch for CVE-2025-61882 exploit

🔒 Oracle has released an emergency update to address CVE-2025-61882, a critical (CVSS 9.8) vulnerability in the E-Business Suite Concurrent Processing component that can be exploited over HTTP without authentication. Oracle warned the flaw may allow remote code execution and issued additional fixes after discovering further potential exploitation vectors. Indicators shared with the advisory point to activity linked to Cl0p and a group associated with Scattered LAPSUS$ Hunters; organizations are urged to apply the patch and hunt for signs of compromise.
read more →

Oracle patches critical EBS zero-day used by Clop gang

⚠️ Oracle has released an emergency update addressing CVE-2025-61882, a critical unauthenticated remote code execution flaw in Oracle E-Business Suite (Concurrent Processing / BI Publisher Integration). The vulnerability affects versions 12.2.3–12.2.14 and carries a CVSS base score of 9.8. Customers must first install the October 2023 Critical Patch Update before applying the new fix. Intelligence firms say the Clop extortion gang actively used the bug in August 2025 to steal data.
read more →

Oracle Links Clop Extortion to July EBS Vulnerabilities

🔒 Oracle said some customers received extortion emails tied to its E-Business Suite and linked the campaign to vulnerabilities patched in the July 2025 Critical Patch Update. While Oracle did not attribute the activity to a specific ransomware group, its investigation found potential use of previously identified EBS flaws, including three that were remotely exploitable. Security firms reported executives began receiving ransom demands on or before September 29, 2025. Oracle urged customers to apply the latest patches and contact support if they need assistance.
read more →

Hackers Target Unpatched Oracle E-Business Suite Flaws

⚠️ Oracle has warned customers that attackers may be exploiting unpatched instances of Oracle E-Business Suite, following alerts from the Google Threat Intelligence Group and reports of extortion emails sent to company executives. The vendor’s investigation points to vulnerabilities addressed in the July 2025 Critical Patch Update, and it urges organizations to apply those fixes immediately. The July update fixed nine EBS flaws, including three critical issues and several that can be exploited remotely without authentication, raising urgent remediation priorities for affected deployments. Security teams should verify patch status, hunt for indicators of compromise, and validate account integrity.
read more →