According to the clop ransomware gang Cybercity Company Crowdastrik, an important Oral e-business suit (EBS) has been exploiting zero-day bugs in data theft attacks since early August.
Tracked Cve-2025-61882 And the weekend was packed by Oracle, this vulnerability was discovered in the BI publisher integration component of the concurrent processing component of the Oracle EBS, allowing informal attackers to obtain distance code execution on unpredited systems in low-complications attacks, which do not require user interactions.
However, as the Watchtower Labs Security Researchers found reverse engineering Exploitation of a proof-of-concept (POC) leaked by online leaks $ Hunters Cybercrime Gang (with A May 2025 Timestamp), CVE-2025-61882 is actually a vulnerability chain that may allow the danger actors to obtain distance code execution without the need for authentication using a single HTTP request.
On Monday, Crowdastric analysts reported that they first exploited the CVE-2025-61882 and saw the clop Rainmware gang as zero-day in early August to steal sensitive documents, saying that other danger groups could also join the attacks.
“Crowdastric intelligence assesses with moderate belief that Graceful Spider is likely to be involved in this campaign, but cannot dismiss the possibility that many danger actors have exploited CVE -2025-61882. The first known exploitation is on August 9, 2025; however, investigation is on, and the subject to change the date, and this date is the subject to change the date,” Crowdastric said,
“Crowdastric Intelligence further assessed that October 3, 2025 Proof-Off-Concept (POC) Disclosure and CVE-2025-61882 patch release will definitely encourage almost danger actors-especially people familiar with Oral EBS to create POCs and benefit them attempt to.”
The Mandiant and the Google Threat Intelligence Group (GTIG) had last week told Bleepingcomputer that Clop was emailing officers in several companies as part of an ongoing forcible recovery campaign, requesting Ransom requesting Ransams to stop online from being stolen from his Oracle e-Business Suite System.
On Thursday, Oracle linked the CVE-2025-61882 Oracle EBS vulnerability to email the forced recovery email claimed by the Clop Cybercrime Gang, urging customers to prefer to patch this actively exploited defect.
“Oracle firmly recommends that customers implement the update provided by this safety alert as soon as possible. Oracle always recommends that the customer remain actively supported on supported versions and apply all safety alerts and important patch updates safety patches without delay,” Warned,
Clop Extortion Group has a long history of misuse of zero-day flaws in large-scale data theft operations, recently after stealing his files in a target attacks (CVE-2014-50623), after taking out dozens of victims in January, in the safe file transfer software of Cleo.
Earlier, clops were linked to several other data theft campaigns, which later, with the impact, targets zero-heart in Acellian FTA, Goyini MFT and Movit Transfer. Over 2,770 organizations,
The US State Department now also provides a reward of $ 10 million for any information that can help connect clops ransomware attacks with a foreign government.
attend Violation and attack simulation summit And experience Future of security verificationListen to top experts and see how AI-managed base Breach is changing and attacking simulation.
Do not remember the event that will shape the future of your safety strategy
