Oracle has fixed a zero-day vulnerability in one of its flagship business software products that a hacking group is currently abusing to steal personal information about corporate executives.ย
In a brief post updated over the weekend, Oracle chief security officer Rob Duhart said the tech giant released a new patch to fix a vulnerability in its Oracle E-Business suite, and urged customers to install the update as soon as possible.ย ย
The security advisory said the bug, tracked officially as CVE-2025-61882, can be โexploited over a network without the need for a username and password.โ The advisory provided several so-called indicators of compromise to help Oracle customers identify evidence of hackers on their systems, suggesting that hackers are currently exploiting the vulnerability to steal customersโ sensitive data.ย
Oracle says thousands of organizations around the world use its E-Business Suite to run their companies, including storing their customer data and their employeesโ human resources files.ย
The bug is known as a zero-day because Oracle, in this case, was given no time to patch the bug before it was maliciously exploited.ย
Duhartโs updated post is an about-face from earlier this week, when a previous version of his post said Oracle was aware that some executives โhave received extortion emailsโ linked to previously identified vulnerabilities patched in July, suggesting the extortion campaign was over. The newly identified zero-day bug suggests the hackers continued to exploit flaws in Oracleโs E-Business software that were unknown to Oracle at the time.ย
News of the extortion attempts targeting corporate executives first emerged last week.ย ย
On October 2, Google security researchers said they found the prolific hacking group called Clop, which has been linked to numerous ransomware attacks and extortion attempts in recent years, was sending emails to Oracle executives around September 29 demanding money to not publish their personal information online.ย
Charles Carmakal, the chief technology officer of Googleโs incident response unit Mandiant, said in a post published Sunday on LinkedIn that the vulnerabilities in Oracleโs E-Business software were being used in a โmass exploitationโ campaign for data theft and extortion.ย ย
Much of the exploitation happened during August, said Carmakal, after the July patches were released.ย
โClop has been sending extortion emails to several victims since last Monday,โ said Carmakal, but noted that the hackers havenโt reached out to all victims yet.ย
