The Register: Clop crew hits Oracle E-Business Suite users with fresh zero-day

Oct 6, 2025

—

Source URL: https://www.theregister.com/2025/10/06/clop_oracle_ebs_zeroday/
Source: The Register
Title: Clop crew hits Oracle E-Business Suite users with fresh zero-day

Feedly Summary: Big Red rushes out patch for 9.8-rated flaw after crooks exploit it for data theft and extortion
Oracle rushed out an emergency fix over the weekend for a zero-day vulnerability in its E-Business Suite (EBS) that criminal crew Clop has already abused for data theft and extortion.…

AI Summary and Description: Yes

Summary: Oracle has released an urgent patch for a critical zero-day vulnerability in its E-Business Suite, which has been exploited by the Clop ransomware group for data theft and extortion. This incident underscores the urgency of ensuring robust security protocols in software applications to protect against emerging threats.

Detailed Description:

– **Incident Overview**: Oracle has identified and patched a severe vulnerability rated 9.8 on the CVSS scale within its E-Business Suite. This flaw poses a significant risk to organizations using the software, as it has already been exploited by the Clop ransomware group.

– **Nature of the Vulnerability**:
– Classified as a zero-day, which means it was unknown to the vendor until it was exploited.
– High likelihood of exploitation, given the active usage by threat actors.

– **Threat Actor**: Clop ransomware group is known for targeting organizations for data theft and extortion, amplifying the seriousness of this vulnerability.

– **Implications for Security and Compliance Professionals**:
– Immediate actions should be taken to patch vulnerable systems.
– Organizations must review their incident response and vulnerability management strategies to effectively address such critical threats in the future.
– This incident highlights the importance of maintaining a proactive security posture, employing measures such as regular software updates and continuous monitoring to mitigate risks associated with zero-day vulnerabilities.

– **Related Controls**:
– Enhance software security measures through routine patching and updates.
– Implement intrusion detection systems (IDS) to identify unusual activities that could indicate exploitation attempts.
– Educate employees about potential phishing attempts that may lead to exploitation.

Overall, this situation serves as a crucial reminder for organizations of all sizes to prioritize security in their software applications and continuously adapt to the evolving threat landscape.

1 10 2 2025 5 6 a abuse Act actions after age AI All Amplify and app Application applications as at ated Bi business Business Suite by C CI CIA class Clop Clop ransomware co Col compliance compliance professionals continuous continuous monitoring control controls core crew critical CVSS D data data theft day day vulnerabilities day vulnerability de detection Detection Systems e effective emerging emerging threats end exp exploit Exploitation extortion for future g Gen GIS Group H high Highlight HR http HTTPS implications implications for security in incident incident response intrusion detection intrusion detection systems io ite k l land law Lead led Li M man management management strategies mean measures media Monitor monitoring N no o of on ons Oracle Oracle E organization organizations oS out over Patch patching phi phishing phishing attempts post potential pro proactive proactive security proactive security posture professionals protocol protocols ps R ransom ransomware ransomware group rate RCE re ready red release response review Risk risks Ro robust security RoT s Scale sec security security and compliance security measure security measures security posture security protocols Sig size sizes SoC software software applications software security software update software updates source SSO strategies system systems T target ted the theft threat threat actor threat actors threat landscape threats to Tor TP UI UN under up update updates US usage use user Users V vendor vulnerabilities vulnerability Vulnerability Management Ware Wi x z zero zero-day Zero-Day Vulnerabilities zero-day vulnerability