By Guru Baran
Publication Date: 2025-11-21 03:38:00
The infamous one Clop ransomware The gang listed Oracle on its dark web leak site and claimed a successful break into the tech giant’s internal systems.
This development is part of a massive extortion campaign that exploits a critical zero-day vulnerability in the Oracle E-Business Suite (EBS), referred to as CVE-2025-61882.
The group, prosecuted as Graceful Spider, claims to have exfiltrated sensitive data from Oracle and dozens of its high-profile customers, marking a significant escalation of supply chain attacks reminiscent of the MOVEit incident.
The zero-day exploit: CVE-2025-61882
The attack vector focuses on a critical, unauthenticated remote code execution (RCE) vulnerability Oracle E-Business Suite.
Security researchers note that Clop partners began exploiting this vulnerability as early as August 2025, months before Oracle released a patch in October 2025.
The exploit chain specifically targets the OA_HTML/SyncServlet Endpoint to be bypassed…



