Oracle has issued a fix for a critical remote code execution (RCE) vulnerability in its E-Business Suite (EBS) as the well-used ERP software package emerges as the latest vector for mass Cl0p (aka Clop) ransomware attacks.
The Oracle EBS ecosystem is deeply embedded in enterprise financial and operational systems, which offers hackers access to a wide range of high-value targets and potentially extreme impacts.
The flaw in question, CVE-20225-61882, is present in versions 1.2.2.3 through 12.2.14 of EEBS, and affects a concurrent task processing component that enables users to run multiple processes simultaneously.
Rated 9.8 on the CVSS scale, it is considered relatively easy to take advantage of. Importantly, an unauthenticated attacker can exploit it over the network without any user interaction needed, leading to RCE.
Oracle EBS ecosystem, often deeply embedded in financial and operational systems, offers high-value targets with far-reaching business impact
“Oracle always recommends that customers remain on actively-supported versions and apply all Security Alerts and Critical Patch Update security patches without delay.
“Note that the October 2023 Critical Patch Update is a prerequisite for application of the updates in this Security Alert,” the supplier added.
In its advisory notice Oracle shared a number of indicators of compromise (IoCs) that appeared to link exploitation of CVE-2025-61882 to both the Cl0p ransomware crew and the Scattered Lapsus$ Hunters collective – which is not necessarily implausible as Scattered Spider has been known to act as a ransomware affiliate in the past.
Jake Knott, principal security researcher at watchTowr, said that exploitation of EBS appeared to date back to August 2025, and warned that as of Monday 6 October, exploit code for CVE-2025-61882 was publicly available.
“At first glance, it looked reasonably complex and required real effort to reproduce manually. But now, with working exploit code leaked, that barrier to entry is gone. It’s likely that almost no one patched over the weekend. So we’re waking up to a critical vulnerability with public exploit code and unpatched systems everywhere,” said Knott.
“We fully expect to see mass, indiscriminate exploitation from multiple groups within days. If you run Oracle EBS, this is your red alert. Patch immediately, hunt aggressively, and tighten your controls, fast.”
Writing on LinkedIn, Charles Carmakal, chief technical officer and board advisor at Google Cloud’s Mandiant, confirmed this, saying that Cl0p had almost certainly exploited multiple other EBS vulnerabilities – including some that were patched a couple of months ago – as well. The gang has supposedly been contacting victims since early last week, but Carmakal added that it may have not made contact with all of them just yet.
Cl0p’s warning from history
As seen in 2023, when it successfully targeted a flaw in Progress Software’s MOVEit managed file transfer (MFT) software product to extort potentially hundreds of victims, the Cl0p gang makes a habit of conducting mass exploitation activities against multiple downstream organisations through widely-used software packages. The mass targeting of Oracle EBS now being seen does fit this established modus operandi.
Historically, Cl0p’s activity comes in short, high-profile bursts in-between lengthy periods of downtime – likely due to the administrative burden its mass-attacks create – and Kroll managing director of cyber and data resilience, Max Henderson, had been among those warning for some weeks that the gang looked likely to resurface. He told Computer Weekly that others may follow, and described “grim” impacts.
“There should be an urgent rush for victims and users of Oracle to patch this, as continued attacks or attacks from other groups may continue. We expect a long tail of self-identifying victims with this situation, as many victims are unaware of extortion emails sitting in their junk folders,” said Henderson.
Now, there’s another class of high-end gaming laptop that focuses more on performance than being thin or portable. The Lenovo Legion 7i Gen 10 is one of my favorites in this class, featuring a beautiful white chassis and glossy OLED display. Unlike some OLED displays, the Legion 7i’s screen can be cranked up to over 1,000 nits of brightness. The result is some really splendid HDR performance that brings games to life. HDR is a powerful way of improving the visuals of your games without a performance cost. The Legion 7i Gen 10 is one of the very best in this regard.
It’s still fairly thin at 0.7 inches thick too, while a lot of the ports are found on the back. It’s the definition of a “clean” gaming laptop. It’s no slouch when it comes to performance either, offering either the RTX 5070 Ti or RTX 5080 for graphics.
Cheap Gaming Laptops That Are Worth It
No gaming laptops worth buying are actually cheap. High-refresh rate displays and discrete graphics will always make them more expensive than standard laptops. But as you get closer to $1,000, there is one laptop I always come back to: the Lenovo LOQ 15. Pronounced “Lock,” this Lenovo subbrand is known for cutting the fluff and focusing on giving gamers the performance they need at an affordable price. No laptop does that better than the LOQ 15. Many laptop manufacturers sell their RTX 5060 configurations for hundreds of dollars more. In reality, if you’re shopping around $1,000, there’s no reason to not buy the LOQ 15. Just do it.
If you do want to save some extra cash, there is another option that is cheaper than the LOQ 15 with a few compromises in key areas. The Acer Nitro V 16 is that laptop, which comes with an RTX 5050. This was as affordable as $600 at one point last year—before prices on laptops have risen due to the ongoing memory shortage—but it remains the only laptop cheaper than the Lenovo LOQ 15 that’s actually worth it. It’s fairly powerful for the RTX 5050, and while the screen is pretty shoddy, it’s not a bad-looking laptop. The one big caveat is that the 135-watt power supply it comes with doesn’t deliver quite enough power to keep it charged in Performance mode. Read more about this issue in my review, as it’s important to know about if you’re planning to buy it.
There are other cheap gaming laptops out there I’ve tested, such as the MSI Cyborg A15, but either the Acer Nitro V 16 or Lenovo LOQ 15 are better, cheaper options. You will also find lots of gaming laptops under $1,000 that use older graphics cards, such as the RTX 4050 or 3050. In general, I’d recommend staying away from these. They’re only one or two generations back, but remember: Nvidia only releases new laptop graphics cards every couple of years. So, an RTX 4050 laptop may be well over two years old already, and an RTX 3050 is over five years old. Not only do you get worse graphics performance, these laptops are much more likely to need to be replaced sooner.
Experimental Stuff
One of the exciting things about the world of gaming laptops right now is the experimentation. While clamshell gaming laptops with a conventional Nvidia GPU are the most standard way to go, there’s a few different ways to take your PC games on the go that stretch the boundaries. You might consider a gaming handheld, for example, like the Steam Deck or Xbox Ally X. These handhelds have their fans, and while you can’t also do your homework on these devices, they’re great on couches, trains, and planes.
The Sans Institute, one of the world’s pre-eminent cyber security certification and training bodies, is to play a key role in the annual Nato Cooperative Cyber Defence Centre of Excellence (CCDCOE) Locked Shields exercise, held in Tallinn, Estonia, through the provision of a fully functional power generation system that participating teams will attempt to defend during the game.
This year marks the 16th running of the Locked Shields live fire security defence exercise, which unites blue teams from across Nato’s 32 member states, as well as other allies and observers.
This year, however, Sans has been entrusted with the task of building a genuine, operational cyber range, as opposed to creating a simulation. It is using real industrial control systems (ICSs) and physical equipment that 16 teams of defenders will have to protect while under live cyber attack, with the decisions they make having an immediate physical impact on a national-scale power grid.
Nato and Sans said the aim of the game is to close the gap between sandboxed, classroom-based cyber security training and real-world operational readiness, which, amid the cyber dimension to the energy crisis precipitated by the war in Iran and spillover from the ongoing war in Ukraine, has never been more important.
“We are putting teams in an environment where cyber decisions directly impact physical operations,” said Felix Schallock, who leads the initiative at the Sans Institute. “If you lose visibility, if you lose control, the power generation can be affected. That’s the reality operators face every day. That’s what we’re training for.”
Nato CCDCOE director Tõnis Saar added: “Locked Shields is a technically advanced exercise that challenges participants to defend the critical infrastructure systems modern societies depend on. As much of this critical infrastructure is owned and operated by the private sector, strong public-private collaboration is essential. Industry partners such as Sans Institute play a vital role in making the exercise as realistic and impactful as possible.”
Hybrid architecture
The Sans Institute’s cyber range comprises close to 70 physical ICS devices, with programmable logic controllers (PLCs), human-machine interfaces (HMIs), operator and engineering workstations, 100 virtual machines (VMs) and interconnected systems within the wider CCDCOE environment, all supported by live network infrastructure, the whole forming a hybrid information and operational technology (IT/OT) architecture.
During the exercise, blue teamers will be set the task of defending the “energy provider” while coming under sustained attack from opposing red teams.
The goal is to effectively demonstrate how maintaining a reliable generation system isn’t some metric on a scorecard, but rather the core mission, so success will entail more than just spotting and arresting threats – it will also demand operational discipline, maintaining uninterrupted power generation, preserving comms between IT and OT networks, guaranteeing visibility and control of ICS technology, and avoiding any destabilising disruptions.
The people defending our critical infrastructure deserve training that takes the threat as seriously as they do James Lyne, Sans Institute
Actions will be visible, rippling through the systems in real time, so participants won’t just see alerts, they will see turbines being throttled, breakers being opened or closed, and generation capacity being affected. As such, failure will be immediate and visible – missteps will degrade system performance, disrupt or halt power generation, or simulate national-level consequences.
Tim Conway, Sans Institute fellow and ICS curriculum lead, explained: “We’re showing teams how to defend infrastructure that can’t simply be rebooted or patched on the fly. You have to think like an operator, not just a defender. That mindset shift is what makes this environment so powerful.”
Sans Institute CEO James Lyne expressed great pride in what the Sans team has built for Locked Shields this year. “The scenarios these critical initiatives prepare for are playing out in the world – national espionage, cyber integrated to kinetic attacks and warfare, and retaliation attacks,” he said.
“Throw in AI or machine speed attackers and the need for defenders to adapt, and you have the most disruptive period in cyber security in 20 years. We are privileged to help our allies be ready and continuously improving to secure the future. The people defending our critical infrastructure deserve training that takes the threat as seriously as they do,” he added.
Schallock said the exercise was about preparing teams for protecting the systems that matter most. “Cyber security training must reflect the environment defenders are protecting. We’re not just teaching cyber security, we’re showing how to defend a nation’s infrastructure when it counts.”
In mid-April, astronomy enthusiasts will be able to enjoy one of the classic celestial spectacles. The meteor shower known as the Lyrids will illuminate the sky, especially in the northern hemisphere, and anyone will be able to see it with the naked eye, weather permitting—if they know where to look.
The Lyrids began to appear as early as April 14, but their activity peaks between the night of April 21 and the early morning of April 22, according to NASA. During those hours, the shower will show 15 to 20 meteors per hour under dark skies.
The shower gets its name because the meteors appear to emerge from the constellation Lyra. Locating the radiant is simple if you use an astronomical mapping app: Just find Vega, the fifth brightest star in the sky, surpassed only by Sirius, Canopus, Alpha Centauri A, and Arcturus. Once you locate it, look around it; the luminous traces of the Lyrids will seem to be projected from that point due to a perspective effect. Keep in mind that it takes 20 to 30 minutes for the human eye to adjust to darkness.
The moon will be in early crescent phase during the peak, so its light will interfere very little. With a dark sky, meteors should stand out easily. The shower is usually visible from 10 pm to dawn, although early morning offers the best conditions. It is best to stay away from light pollution and, if possible, to observe from high ground. An outing to the mountains works well.
Each meteor shower has a different origin. In April, Earth crosses the cloud of fragments left by comet C/1861 G1 (Thatcher) in its orbit around the sun. This comet, discovered in 1861, takes about 415 years to complete its journey. The grains of ice and rock that it released centuries ago enter the atmosphere at high speed and produce the flashes we know as the Lyrids.
After the Lyrids, the calendar still holds several spectacles for those who follow the night sky. The Eta Aquarids will arrive in May with debris from Halley’s Comet. The Perseids will appear in August, the Orionids will return in October, and the year will close with the Leonids in November and the Geminids in December. The latter is considered the most intense and reliable shower on the calendar.
This story originally appeared on WIRED en Español and has been translated from Spanish.
Fashion5 days ago
Sports1 week ago
Entertainment1 week ago
Entertainment6 days ago
Fashion1 week ago
Fashion1 week ago