The clop pirates surprised by exploiting Oracle Zero-Day Bug to steal the personal data of executives

Oracle has set a zero-day vulnerability in one of its flagship commercial software products that a hacking group is currently abusing personal information on business leaders.

In a brief article updated during the weekend, Oracle’s security director Rob Duhart said that the technology giant had published a new patch to repair a vulnerability in his Oracle E-Business suite and urged customers to install the update as soon as possible.

The security notice said that the bug, officially followed under the name of CVE-2025-61882, can be “used on a network without the need for a username and a password”. The opinion provided several so-called compromise indicators to help Oracle customers identify the evidence of hackers on their systems, which suggests that hackers are currently using vulnerability to steal sensitive customers.

Oracle says that thousands of organizations around the world use its e-business suite to manage their companies, including storage of their customer data and the human resources files of their employees.

The bug is known as a zero day because Oracle, in this case, did not have time to correct the bug before it was exploited in a malicious manner.

Duhart’s update publication is an approach to the earlier this week, when a previous version of his article said that Oracle was aware that some leaders “received extortion e-mails” linked to previously identified vulnerabilities corrected in July, suggesting that the extortion campaign was finished. The newly identified zero-day bug suggests that the hackers continued to exploit the faults of the Oracle electronic commerce software which were not known at the time.

The news of extortion attempts targeting business leaders emerged last week.

On October 2, Google Security researchers said they had found the prolific piracy group called CLOP, which has been linked to numerous ransomware attacks and attempted extortion in recent years, sent e-mails to Oracle managers around September 29, asking for money so as not to publish their personal information online.

Charles Carmakal, director of technology of the unit of response to Google Mandiant incidents, said in an article published on Sunday on LinkedIn that the vulnerabilities of the Oracle electronic commerce software were used in a campaign of “mass operating” for data theft and extortion.

A large part of the farm occurred in August, said Carmakal, after the release of the July patches.

“CLOP has sent extortion emails to several victims since last Monday,” said Carmakal, but noted that the pirates had not yet contacted all the victims.