Oracle has fixed a zero-day vulnerability in one of its flagship business software products. A hacking group is currently exploiting this vulnerability to steal personal information about corporate executives.
In a post updated over the weekend, Oracle chief security officer Rob Duhart stated the company released a new patch to fix a vulnerability in its Oracle E-Business Suite. He urged customers to install the update as soon as possible.
The security advisory explained the bug, tracked as CVE-2025-61882, can be exploited over a network without requiring a username and password. The advisory also provided several indicators of compromise to help Oracle customers identify evidence of hackers on their systems. This suggests hackers are actively exploiting the vulnerability to steal sensitive customer data.
Oracle says thousands of organizations around the world use its E-Business Suite to run their companies. This software is used for storing customer data and employee human resources files.
The bug is known as a zero-day because Oracle was given no time to patch it before it was maliciously exploited.
Duhart’s updated post represents a reversal from earlier in the week. A previous version of his post stated Oracle was aware that some executives had received extortion emails linked to vulnerabilities patched in July, suggesting the campaign was over. The newly identified zero-day bug indicates the hackers continued to exploit flaws in the software that were unknown to Oracle at the time.
News of the extortion attempts targeting corporate executives first emerged last week. On October 2, Google security researchers said they found the prolific hacking group Clop was sending emails to executives around September 29. The group demanded money to not publish their personal information online. Clop has been linked to numerous ransomware attacks and extortion attempts in recent years.
Charles Carmakal, the chief technology officer of Google’s incident response unit Mandiant, stated in a post published Sunday that the vulnerabilities in Oracle’s E-Business software were being used in a mass exploitation campaign for data theft and extortion.
Carmakal said much of the exploitation happened during August, after the July patches were released. He confirmed that Clop has been sending extortion emails to several victims since last Monday, but noted the hackers have not yet reached out to all victims.