Categories: Technology

The clop pirates surprised by exploiting Oracle Zero-Day Bug to steal the personal data of executives

Oracle has set a zero-day vulnerability in one of its flagship commercial software products that a hacking group is currently abusing personal information on business leaders.

In a brief article updated during the weekend, Oracle’s security director Rob Duhart said that the technology giant had published a new patch to repair a vulnerability in his Oracle E-Business suite and urged customers to install the update as soon as possible.

The security notice said that the bug, officially followed under the name of CVE-2025-61882, can be “used on a network without the need for a username and a password”. The opinion provided several so-called compromise indicators to help Oracle customers identify the evidence of hackers on their systems, which suggests that hackers are currently using vulnerability to steal sensitive customers.

Oracle says that thousands of organizations around the world use its e-business suite to manage their companies, including storage of their customer data and the human resources files of their employees.

The bug is known as a zero day because Oracle, in this case, did not have time to correct the bug before it was exploited in a malicious manner.

Duhart’s update publication is an approach to the earlier this week, when a previous version of his article said that Oracle was aware that some leaders “received extortion e-mails” linked to previously identified vulnerabilities corrected in July, suggesting that the extortion campaign was finished. The newly identified zero-day bug suggests that the hackers continued to exploit the faults of the Oracle electronic commerce software which were not known at the time.

The news of extortion attempts targeting business leaders emerged last week.

On October 2, Google Security researchers said they had found the prolific piracy group called CLOP, which has been linked to numerous ransomware attacks and attempted extortion in recent years, sent e-mails to Oracle managers around September 29, asking for money so as not to publish their personal information online.

Charles Carmakal, director of technology of the unit of response to Google Mandiant incidents, said in an article published on Sunday on LinkedIn that the vulnerabilities of the Oracle electronic commerce software were used in a campaign of “mass operating” for data theft and extortion.

A large part of the farm occurred in August, said Carmakal, after the release of the July patches.

“CLOP has sent extortion emails to several victims since last Monday,” said Carmakal, but noted that the pirates had not yet contacted all the victims.

Source link

James Walker

James Walker – Technology Correspondent Writes about AI, Apple, Google, and emerging innovations.

Recent Posts

The Pick-Six of 99 Verges de Devin Lloyd gives Jaguars the head, 21-14

Devin Lloyd was appointed defensive player of AFC week last week, and he also won the honors of the defensive…

53 seconds ago

Best blue light glasses for sensitive eyes, from $ 14

There is a good chance that you are watching a screen for hours and hours a day, including right now.…

2 minutes ago

Snapchat users share the fury at future costs for the storage of memories

Liv McMahonTechnological journalistGetty images"Half of my life is on this application and now they expect what we pay for it."Critics…

5 minutes ago

Northern lights could be visible in 18 states this evening

The Northern Lights can return to the night sky over Canada and the United States parties this evening, forecasters said.An…

6 minutes ago

An air ambulance helicopter crashes on a California motorway; 3 seriously injured

Three passengers of a medical helicopter were in critical condition after the machine crashed on motorway 50 in Sacramento -…

7 minutes ago

Stoxx 600, FTSE, Dax, CAC, France

London - European scholarships should open in a mixed manner on Tuesday, with all the eyes turned to France after…

8 minutes ago