Clop Ransomware Gang Exploits Oracle E-Business Suite Zero-Day

The Clop ransomware and extortion gang has been exploiting a critical zero-day vulnerability (CVE-2025-61882) in Oracle E-Business Suite since at least early August 2025 to steal sensitive data from over 100 organizations. This critical remote code execution flaw, with a CVSS score of 9.8, affects the BI Publisher Integration component and allows unauthenticated attackers to execute arbitrary code remotely. High-profile victims include Harvard University and Madison Square Garden. The vulnerability affects Oracle E-Business Suite versions 12.2.3 through 12.2.14. Oracle has released emergency patches, and all organizations using Oracle EBS must immediately apply these updates and conduct forensic investigations to determine if they were compromised. This continues Clop's pattern of exploiting zero-day vulnerabilities in enterprise software platforms for large-scale data theft and extortion campaigns.