CSTI
    ransomwareThe Ransomware Era (2020-Present) Daily Briefing Landmark Event

    Clop Ransomware Targets Oracle Zero-Day, Harvard Among Victims

    Tuesday, October 7, 2025

    Clop Ransomware Targets Oracle Zero-Day, Harvard Among Victims

    On October 7, 2025, the Clop ransomware group launched a significant attack leveraging a zero-day vulnerability in the Oracle E-Business Suite (CVE-2025-61882). The exploit has led to multiple organizations, including Harvard University, suffering data exfiltration incidents and facing ransom demands that could soar to $50 million. Reports indicate that the attacks began to escalate on October 5-6, 2025, targeting entities that had failed to apply critical patches released earlier in the year. The urgency of this situation highlights the importance of timely patch management and awareness of emerging threats. Organizations are urged to assess their systems immediately and deploy necessary security measures to mitigate risk.

    Also In Security Today

    • Salesforce Data Breaches: A cyber extortion campaign has led to the theft of over 1.5 billion records from 760 Salesforce customers, with attackers linked to the Scattered Spider group employing phishing techniques to gain access. Read more.
    • Discord Platform Breach: User data has been compromised in a security incident involving Discord, highlighting the risks inherent in widely-used online platforms. Read more.
    • Active Exploitation of Known Vulnerabilities: CISA has raised alerts about ongoing exploitation of vulnerabilities in SolarWinds and Ivanti systems, urging organizations to prioritize patching. Read more.
    • Record DDoS Attacks: A notable increase in Distributed Denial of Service (DDoS) attacks has been reported, with one incident peaking at 29.6 terabits per second, indicating a concerning trend in attack size and frequency. Read more.

    Analyst's Take

    Today's events underscore the escalating sophistication of ransomware threats and the critical need for proactive security measures. Organizations must prioritize patching, especially for known vulnerabilities like CVE-2025-61882, to avert potential breaches. This week’s incidents serve as a reminder of the interconnected nature of cybersecurity threats, where one vulnerability can have widespread implications. Security teams should enhance their monitoring and response strategies, considering the coordinated nature of attacks and the rise in data exfiltration incidents.

    Sources

    Clop Oracle ransomware CVE-2025-61882 data breach