Oracle has determined a vulnerability of zero day in one of the products of the Business Software Note that a piracy team is currently abusing to steal personal information about corporate executives.
In A short post Updated over the weekend, Oracle Rob Duhart’s security chief said the technological giant had released a new patch to correct a vulnerability in the Oracle e-Business suite and urged customers to install the information as soon as possible.
THE counseling He said that the error, which is officially monitored as CVE-2025-61882, may “exploit a network without the need for username and password”. Counseling provided several so -called compromise indicators to help Oracle customers identify hackers in their systems, suggesting that hackers are currently exploiting the vulnerability to steal the delicate customer data.
Oracle she says Thousands of organizations around the world use the e-business suite to run their companies, including storing their customers ‘data and their employees’ human resources files.
The error is known as zero day, because Oracle, in this case, did not take time to correct the error before exploiting bad.
Duhart’s up -to -date post is a person earlier this week, when a previous edition of his post stated that Oracle knew that some executives “have received blackmail messages” linked to the previously identified vulnerabilities repaired in July. The recently recognized zero day error indicates that hackers have continued to exploit defects in Oracle’s e -business software that was unknown in Oracle at that time.
The news about blackmail efforts aimed at companies’ executives emerged for the first time last week.
On October 2, Google Security researchers said they found the Hacking productive team called Clop, which has been linked to numerous ransomware attacks and blackmail attempts in recent years, has sent emails to Oracle executives around September 29, demanding money not to publish them.
Charles Carmakal, head of Google’s Response Unit technology, told a Post Posted on Sunday at LinkedIn That the vulnerabilities of Oracle’s e -business software were used in a “mass exploitation” campaign to theft and blackmail.
Much of the exploitation happened in August, Carmakal said, after the release of the July patches.
“Clop is sending emails to many victims since last Monday,” Carmakal said, but noted that hackers have not reached all the victims yet.
