The Clop ransomware gang has been exploiting a critical Oracle E-Business Suite (EBS) zero-day bug in data theft attacks since at least early August 2025, according to cybersecurity company CrowdStrike. Tracked as CVE-2025-61882 and patched by Oracle on 01 October 2025, this vulnerability was discovered in the BI Publisher Integration component of Oracle EBS's Concurrent Processing component, allowing unauthenticated attackers to gain remote code execution on unpatched systems in low-complexity
clop (9)
Software giant Oracle confirmed reports that dozens of its customers have received extortion emails from cybercriminals demanding payment in exchange for not releasing troves of stolen information. In a statement published last week, Oracle chief security officer Rob Duhart said they are investigating claims made by the Clop ransomware gang that there was a breach of some Oracle E-Business Suite customers. “Our ongoing investigation has found the potential use of previously identified vulnerab
The first Linux variant of the Clop ransomware was rife with issues that allowed researchers to create a decryptor tool for victims. SentinelOne said it observed the first Clop (also stylized as Cl0p) ransomware variant targeting Linux systems on 26 December 2022. Clop has existed since about 2019, targeting large companies, financial institutions, primary schools and critical infrastructure across the world. After the group targeted several major South Korean companies like e-commerce giant E
The first Linux variant of the Clop ransomware was rife with issues that allowed researchers to create a decryptor tool for victims. SentinelOne said it observed the first Clop (also stylized as Cl0p) ransomware variant targeting Linux systems on 26 December 2022. Clop has existed since about 2019, targeting large companies, financial institutions, primary schools and critical infrastructure across the world. After the group targeted several major South Korean companies like e-commerce giant E
Cl0p ransomware began as a part of the Cryptomix family and was first seen in the wild in 2019 operating as a Ransomware-as-a-Service (RaaS) platform. The group has targeted international organizations including companies in the pharmaceditcal, education, technology, and industrial verticals.
The Cl0p ransomware group had a quiet end to 2021 after being shut down following Operation Cyclone, a joint law enforcement operation involving Interpol, Europol, Ukrainian Law enforcement, United Stat
A group of cybercriminals known for ransomware attacks has started leaking files allegedly stolen from Jones Day. Jones Day is an international law firm based in the US. As of 2018, it was the fifth largest law firm in the US and the 13th highest grossing law firm in the world. Jones Day has represented former US president Donald Trump, including his inquiries into the 2020 voting irregularities.
The cybercriminals behind the ransomware operation known as Clop (Cl0p) have been known to encry
In their attempt to extort as much money as quickly as possible out of victims, ransomware gangs know some effective techniques to get the full attention of a firm’s management team. One of them is to specifically target the sensitive information stored on the computers used by a company’s top executives, in the hope of finding valuable data that can best pressure bosses into approving the payment of a sizeable ransom.
Although the technique of prioritizing the theft of data from managers’ PCs
A newly identified group of financially motivated hackers, likely based in a Russian-speaking country, has been running high-volume phishing, ransomware, and extortion campaigns in the United States, Germany, and many other countries for the last four years, using the Clop ransomware and various backdoors in their operations.
Researchers at Mandiant have been tracking the group since 2016 and have responded to a number of intrusions in which the group, known as FIN11, has used initial access to
