Pierluigi Paganini
October 14, 2025
Oracle issued an emergency security update to address a new E-Business Suite (EBS) vulnerability tracked as CVE-2025-61884. Oracle released an emergency patch to address an information disclosure flaw, tracked as CVE-2025-61884 (CVSS Score of 7.5), in E-Business Suite’s Runtime UI component (versions 12.2.3–12.2.14). “Oracle has just released Security Alert CVE-2025-61884. This vulnerability affects some deployments of Oracle E-Business […]
Pierluigi Paganini
October 13, 2025
Google and Mandiant link Oracle EBS extortion emails to known July-patched flaws and a likely zero-day, CVE-2025-61882. Google Threat Intelligence and Mandiant analyzed the Oracle E-Business Suite extortion campaign, revealing the use of malware. Attackers exploited July-patched EBS flaws and likely a zero-day (CVE-2025-61882), sending extortion emails to company executives. In early October, Google Mandiant […]
Pierluigi Paganini
October 07, 2025
CrowdStrike links Oracle EBS flaw CVE-2025-61882 (CVSS 9.8) to Cl0p, enabling unauthenticated RCE, first exploited on August 9, 2025. CrowdStrike researchers attributed with moderate confidence the exploitation of Oracle E-Business Suite flaw CVE-2025-61882 (CVSS 9.8) to the Cl0p group, also known as Graceful Spider. The critical bug allows unauthenticated remote code execution, with the first […]
Pierluigi Paganini
October 06, 2025
Oracle fixed a critical flaw (CVE-2025-61882, CVSS 9.8) in E-Business Suite that is actively exploited by Cl0p cybercrime group. Oracle released an emergency patch to address a critical vulnerability, tracked as CVE-2025-61882 (CVSS 9.8) in its E-Business Suite. “Updated [10/04/2025]: Oracle has issued Oracle Security Alert Advisory – CVE-2025-61882 to provide updates against additional potential exploitation that were discovered during our investigation.” […]
Pierluigi Paganini
February 03, 2023
Threat actors started exploiting a critical Oracle E-Business Suite flaw, tracked as CVE-2022-21587, shortly after a PoC was published. Shadowserver researchers warn that threat actors have started attempting to exploit critical Oracle E-Business Suite flaw (CVE-2022-21587) shortly after a PoC was published. The E-Business Suite is a set of enterprise applications that allows organizations automate […]
