By Divya
Publication Date: 2025-11-21 07:03:00
The infamous Clop ransomware gang, also known as Graceful Spider, has listed Oracle Corporation on its dark web leak site, claiming to have successfully penetrated the tech giant’s internal systems.
This alarming development represents a significant escalation in the group’s ongoing extortion campaign targeting a critical zero-day vulnerability in Oracle E-Business Suite (EBS), identified as CVE-2025-61882.
The Russia-linked threat actor, which has amassed over 1,025 confirmed victims and extorted more than $500 million in ransom payments since 2019, now claims to have compromised Oracle along with dozens of high-profile customers.
| CVE ID | Affected product | Type of vulnerability | CVSS score | Exploit vector |
|---|---|---|---|---|
| CVE-2025-61882 | Oracle E-Business Suite (versions 12.2.3 – 12.2.14) | Unauthenticated Remote Code Execution (RCE) | 9.8 (critical) | Authentication bypass via SyncServlet and XSLT injection |
Critical zero-day vulnerability is widely exploited
The attack uses…
