Oracle has set a zero-day vulnerability in one of its flagship commercial software products that a hacking group is currently abusing personal information on business leaders.
In a brief article updated during the weekend, Oracle’s security director Rob Duhart said that the technology giant had published a new patch to repair a vulnerability in his Oracle E-Business suite and urged customers to install the update as soon as possible.
The security notice said that the bug, officially followed under the name of CVE-2025-61882, can be “used on a network without the need for a username and a password”. The opinion provided several so-called compromise indicators to help Oracle customers identify the evidence of hackers on their systems, which suggests that hackers are currently using vulnerability to steal sensitive customers.
Oracle says that thousands of organizations around the world use its e-business suite to manage their companies, including storage of their customer data and the human resources files of their employees.
The bug is known as a zero day because Oracle, in this case, did not have time to correct the bug before it was exploited in a malicious manner.
Duhart’s update publication is an approach to the earlier this week, when a previous version of his article said that Oracle was aware that some leaders “received extortion e-mails” linked to previously identified vulnerabilities corrected in July, suggesting that the extortion campaign was finished. The newly identified zero-day bug suggests that the hackers continued to exploit the faults of the Oracle electronic commerce software which were not known at the time.
The news of extortion attempts targeting business leaders emerged last week.
On October 2, Google Security researchers said they had found the prolific piracy group called CLOP, which has been linked to numerous ransomware attacks and attempted extortion in recent years, sent e-mails to Oracle managers around September 29, asking for money so as not to publish their personal information online.
Charles Carmakal, director of technology of the unit of response to Google Mandiant incidents, said in an article published on Sunday on LinkedIn that the vulnerabilities of the Oracle electronic commerce software were used in a campaign of “mass operating” for data theft and extortion.
A large part of the farm occurred in August, said Carmakal, after the release of the July patches.
“CLOP has sent extortion emails to several victims since last Monday,” said Carmakal, but noted that the pirates had not yet contacted all the victims.
Devin Lloyd was appointed defensive player of AFC week last week, and he also won the honors of the defensive…
There is a good chance that you are watching a screen for hours and hours a day, including right now.…
Liv McMahonTechnological journalistGetty images"Half of my life is on this application and now they expect what we pay for it."Critics…
The Northern Lights can return to the night sky over Canada and the United States parties this evening, forecasters said.An…
Three passengers of a medical helicopter were in critical condition after the machine crashed on motorway 50 in Sacramento -…
London - European scholarships should open in a mixed manner on Tuesday, with all the eyes turned to France after…