Oracle fixed a zero-day vulnerability in one of the flagship business software products that hacking groups are currently abusing personal information about corporate executives.
In a short post updated over the weekend, Oracle's chief executive Rob Duhart said the tech giant released a new patch to fix the vulnerability in Oracle E-Business Suite, urging customers to install the update as soon as possible.
The Security Advisory said that bugs officially tracked as CVE-2025-61882 can be “exploited on the network without the need for a username and password.” The advisory provides some so-called metrics of compromise to help Oracle customers identify hacker evidence on their systems, suggesting that hackers are currently exploiting vulnerabilities to steal sensitive customer data.
Oracle says thousands of organizations around the world use e-business suites to run businesses, including storing customer data and employee HR files.
In this case, the bug is known as zero day because Oracle was not given time to patch the bug before being maliciously exploited.
Duhart's updated post is a confrontation earlier this week when he knew earlier this week that Oracle had been aware that an earlier version of his post had “received a fearful tormail” linked to a previously identified vulnerability patched in July. The newly identified zero-day bug suggests that hackers weren't known to Oracle at the time a flaw in Oracle's e-business software.
Last week, news first appeared in the wake of a terror attempt targeting corporate executives.
On October 2, Google Security researchers said they discovered that a prolific hacking group called CLOP has been linked to numerous ransomware attacks and fear tor attempts in recent years, and had emailed Oracle executives around September 29 to request funding to prevent personal information from being released online.
Charles Carmakal, chief technology officer of Google's incident response unit Mandiant, said in a post published Sunday on LinkedIn that Oracle's electronic business software vulnerabilities are being used in a “mass exploitation” campaign for data theft and fear tor.
After the July patch was released, Carmakal said much of the exploitation took place in August.
“Clop has been sending fear tor emails to several victims since last Monday,” Carmakal said, but said the hackers have not yet reached out to all of the victims.