Cl0p ransomware extortion gang have a zero day in Oracle E-Business Suite (component: BI Publisher Integration) - which they’ve been exploiting since last month to steal data.
Oracle is warning about a critical E-Business Suite zero-day vulnerability tracked as CVE-2025-61882 that allows attackers to perform unauthenticated remote code execution, with the flaw actively exploited in Clop data theft attacks.
The details for the Oracle hack are as embarrassing as you'd imagine..
../
The craziest part of the Oracle story is they got the exploit chain via... LAPSUS$.
Before Oracle had an advisory, on Telegram LAPSUS$ posted a working zero day exploit - dated May 2025.
Yes, the teenagers at LAPSUS$ know more about Oracle's security vulnerabilities than Oracle.
-rw-r----- 1 root root 3713 Jun 15 18:19 exp.py
-rw-r--r-- 1 root root 2749 Oct 3 14:54 readme.md
-rw-r----- 1 root root 2651 May 16 10:07 server.py
Having large corporations pay hundreds of millions of US dollars in Bitcoin to teenagers to cover up their data breaches is fucking stupid by the way, as said teens then spend the bitcoin on exploits* - we're in a race to the bottom to arm teens with rocket launchers.
* one of the LAPSUS kids also allegedly ordered pizza to his nans house with bitcoin
APTs aren't nation states anymore, they're Advanced Persistent Teenagers as covering up breaches has lowered the bar. Global gov inaction.
@GossiTheDog > * one of the LAPSUS kids also allegedly ordered pizza to his nans house with bitcoin
That's the most 2025 sentence I have ever read
Kevin Beaumont
Neil Craig