Oracle rushed out an emergency fix over the weekend for a zero-day vulnerability in its E-Business Suite (EBS) that criminal crew Clop has already abused for data theft and extortion.

The flaw, tracked as CVE-2025-61882 , allows unauthenticated remote code execution and carries a CVSS severity score of 9.8 – the kind of score that tells security teams this one can't wait.

The bug marks the latest twist in a saga that began when Oracle warned last week that Clop had been exploiting older, unpatched EBS flaws in a wave of extortion attacks. At the time, the company said the activity was tied to vulnerabilities addressed in its July Critical Patch Update . However, the crooks had a fresh ace up their sleeve: a previously unknown zero-day that Oracle now admits was being used in the same cam

See Full Page