Tech
Oracle patches E-Business suite targeted by Cl0p ransomware | Computer Weekly
Oracle has issued a fix for a critical remote code execution (RCE) vulnerability in its E-Business Suite (EBS) as the well-used ERP software package emerges as the latest vector for mass Cl0p (aka Clop) ransomware attacks.
The Oracle EBS ecosystem is deeply embedded in enterprise financial and operational systems, which offers hackers access to a wide range of high-value targets and potentially extreme impacts.
The flaw in question, CVE-20225-61882, is present in versions 1.2.2.3 through 12.2.14 of EEBS, and affects a concurrent task processing component that enables users to run multiple processes simultaneously.
Rated 9.8 on the CVSS scale, it is considered relatively easy to take advantage of. Importantly, an unauthenticated attacker can exploit it over the network without any user interaction needed, leading to RCE.
Oracle EBS ecosystem, often deeply embedded in financial and operational systems, offers high-value targets with far-reaching business impact
“Oracle always recommends that customers remain on actively-supported versions and apply all Security Alerts and Critical Patch Update security patches without delay.
“Note that the October 2023 Critical Patch Update is a prerequisite for application of the updates in this Security Alert,” the supplier added.
In its advisory notice Oracle shared a number of indicators of compromise (IoCs) that appeared to link exploitation of CVE-2025-61882 to both the Cl0p ransomware crew and the Scattered Lapsus$ Hunters collective – which is not necessarily implausible as Scattered Spider has been known to act as a ransomware affiliate in the past.
Jake Knott, principal security researcher at watchTowr, said that exploitation of EBS appeared to date back to August 2025, and warned that as of Monday 6 October, exploit code for CVE-2025-61882 was publicly available.
“At first glance, it looked reasonably complex and required real effort to reproduce manually. But now, with working exploit code leaked, that barrier to entry is gone. It’s likely that almost no one patched over the weekend. So we’re waking up to a critical vulnerability with public exploit code and unpatched systems everywhere,” said Knott.
“We fully expect to see mass, indiscriminate exploitation from multiple groups within days. If you run Oracle EBS, this is your red alert. Patch immediately, hunt aggressively, and tighten your controls, fast.”
Writing on LinkedIn, Charles Carmakal, chief technical officer and board advisor at Google Cloud’s Mandiant, confirmed this, saying that Cl0p had almost certainly exploited multiple other EBS vulnerabilities – including some that were patched a couple of months ago – as well. The gang has supposedly been contacting victims since early last week, but Carmakal added that it may have not made contact with all of them just yet.
Cl0p’s warning from history
As seen in 2023, when it successfully targeted a flaw in Progress Software’s MOVEit managed file transfer (MFT) software product to extort potentially hundreds of victims, the Cl0p gang makes a habit of conducting mass exploitation activities against multiple downstream organisations through widely-used software packages. The mass targeting of Oracle EBS now being seen does fit this established modus operandi.
Historically, Cl0p’s activity comes in short, high-profile bursts in-between lengthy periods of downtime – likely due to the administrative burden its mass-attacks create – and Kroll managing director of cyber and data resilience, Max Henderson, had been among those warning for some weeks that the gang looked likely to resurface. He told Computer Weekly that others may follow, and described “grim” impacts.
“There should be an urgent rush for victims and users of Oracle to patch this, as continued attacks or attacks from other groups may continue. We expect a long tail of self-identifying victims with this situation, as many victims are unaware of extortion emails sitting in their junk folders,” said Henderson.
Corporate AI slop feels inescapable in 2025. From website banner ads to outdoor billboards, images generated by businesses using AI tools surround me. Hell, even the bar down the street posts happy hour flyers with that distinctly hazy, amber glow of some AI graphics.
On Thursday, Google launched Nano Banana Pro, the company’s latest image-generating model. Many of the updates in this release are targeted at corporate adoption, from putting Nano Banana Pro in Google Slides for business presentations to integrating the new model with Google Ads for advertisers globally.
This “Pro” release is an iteration on its Nano Banana model that dropped earlier this year. Nano Banana became a viral sensation after users started posting personalized action figures and other meme-able creations on social media.
Nano Banana Pro builds out the AI tool with a bevy of new abilities, like generating images in 4K resolution. It’s free to try out inside Google’s Gemini app, with paid Google One subscribers getting access to additional generations.
One specific improvement is going to be catnip for corporations in this release: text rendering. From my initial tests generating outputs with text, Nano Banana Pro improves on the wonky lettering and strange misspellings common in many image models, including Google’s past releases.
Google wants the images generated by this new model—text and all—to be more polished and production-ready for business use cases. “Even if you have one letter off it’s very obvious,” says Nicole Brichtova, a product lead for image and video at Google DeepMind. “It’s kind of like having hands with six fingers; it’s the first thing you see.” She says part of the reason Nano Banana Pro is able to generate text more cleanly is the switch to a more powerful underlying model, Gemini 3 Pro.
Stern said text messages obtained by authorities show Li boasting about how his father “had engaged in similar business on behalf of the Chinese Communist Party.” Stern alleged the messages also show Li, who works at a hardware distribution company, was aware through news articles he shared that the Nvidia chips were subject to export controls. “He explained that his father had ways to import them,” Stern said, again citing Li’s text messages.
Stern told the court that Li “did admit to various facts” during questioning by federal agents on Wednesday that implicated him.
The defendants face various charges related to violating export control laws and up to 20 years in prison.
Ho and Raymond did not immediately respond to requests for comment sent to LinkedIn accounts purportedly belonging to them. Public defenders for Chen and Li declined to comment.
Nvidia spokesperson John Rizzo said in a statement that “even small sales of older generation products on the secondary market are subject to strict scrutiny and review” and that “trying to cobble together datacenters from smuggled products is a nonstarter, both technically and economically.”
Corvex, an AI cloud computing business Raymond consulted for, said in a statement that it had rescinded a job offer for him to join the company full-time and that it had no connection to the alleged wrongdoing.
Earlier this year, the US Department of Commerce was reportedly considering restricting the sale of advanced chips to Malaysia and Thailand in an effort to curb chip smuggling, but the regulations have yet to be finalized. The Commerce Department did not immediately respond to a request for comment.
Magistrate Judge Westmore ordered Li to hire an attorney because she said he had significant equity in a San Leandro, California, home and other assets, making him ineligible for a public defender. The magistrate also set a hearing for Tuesday to decide whether Li is a significant flight risk and should continue to be detained. He holds a US green card and Hong Kong citizenship.
Li, wearing glasses, flipflops, and a black windbreaker, nodded in response to some of Westmore’s statements but did not speak. Kaitlyn Fryzek, his temporary public defender, said Li is planning to marry a US citizen. “His incentive is to stay and get married to his fiancée,” Fryzek said.
The caveat is that the iPhone user will need to switch AirDrop into the “Everyone for 10 Minutes” mode instead of “Contacts Only” mode. Google says this isn’t some kind of workaround solution. It’s a direct, peer-to-peer connection; your data isn’t routed through a server, shared content isn’t logged, and no extra data is shared. Naturally, iPhone owners will be able to send data back to Pixel 10 phones as well.
Google has not worked with Apple on this cross-compatibility, as the company says it “welcomes the opportunity” to work with Apple so that this sharing function can work in the Contacts Only mode. “We accomplished this through our own implementation,” a Google spokesperson tells WIRED. “Our goal is to provide an easy and secure file-sharing experience for our users, regardless of who they are communicating with.”
In a security blog post, Google says the underlying strategy for what makes this new synergy between Quick Share and AirDrop work is the memory-safe Rust programming language. “These overlapping protections on both platforms work in concert with the secure connection to provide comprehensive safety for your data when you share or receive,” writes Dave Kleidermacher, vice president of Google’s platforms security and privacy.
Google tapped NetSPI, a third-party and independent penetration testing firm, to validate the security of the new sharing feature. The findings? The interoperability is “notably stronger” than other industry implementations. That’s pretty important, considering what happened the last time someone tried to improve cross-compatibility between iOS and Android without Apple: The startup Beeper tried to make texts from Android phones show up as blue bubbles on iPhones and caused all kinds of drama.
The number of people who can actually use this feature is limited because it’s only available on Google’s latest Pixel 10 smartphones, which just launched this past August. However, Google says it’s looking to expand the feature to more Android devices in the future.
This new feature in Quick Share is rolling out starting today to the Pixel 10 series, which includes the Google Pixel 10, Pixel 10 Pro, Pixel 10 Pro XL, and Pixel 10 Pro Fold. As it’s rolling out, you may not see it immediately on your device. To use it, all you need to do is select something to share, whether it’s a file, contact, or photo, choose Quick Share in the sharing menu, and make sure the iPhone owner has their AirDrop set to “Everyone for 10 Minutes Only.” The iPhone will be able to see the Pixel 10 device and can receive or send data.
Global businesses adapt to tariff pressures, turn to diversification
Transfer rumors, news: Man United want Scott McTominay back
ASOS edges forward, still loss-making but margins grow, hard work is behind it
-
Tech6 days agoNew carbon capture method uses water and pressure to remove CO₂ from emissions at half current costs
-
Politics1 week agoBritish-Pakistani honoured for transforming UK halal meat industry
-
Business6 days agoThese 9 Common Money Mistakes Are Eating Your Income
-
Sports5 days agoTexas A&M officer scolds South Carolina wide receiver after touchdown; department speaks out
-
Business6 days agoWhat’s behind Rachel Reeves’s hokey cokey on income tax rises?
-
Sports7 days agoApple scrapping MLS Season Pass service in ’26
-
Fashion7 days agoAfter London, Leeds and Newcastle, next stop Glasgow for busy Omnes
-
Tech1 week ago$25 Off Exclusive Blue Apron Coupon for November 2025