Oracle has confirmed that its E-Business Suite (EBS) has been targeted by the Cl0p ransomware group, exploiting a critical zero-day vulnerability tracked as CVE-2025-61882, which poses a CVSS score of 9.8. This flaw allows unauthenticated attackers to execute remote code, potentially compromising sensitive customer data. The breaches were initially revealed through extortion emails sent to various organizations, indicating that significant data was stolen as early as August 2025. Oracle’s Chief Security Officer, Rob Duhart, has assured that emergency patches have been released to address this vulnerability and shared indicators of compromise for organizations to detect ongoing attacks. The exploitation of this zero-day vulnerability, alongside previously patched flaws, signifies a concerning trend of sophisticated cyberattacks targeting critical enterprise systems. It underscores the urgent need for organizations to enhance their cybersecurity practices and conduct thorough assessments to determine whether they have been compromised. As cybercriminals continue to evolve, the implications of this breach extend beyond immediate data loss, potentially affecting trust in digital infrastructure and prompting calls for more robust security measures across the industry.