The notorious Cl0P ransomware group has claimed responsibility for breaching digital security firm Entrust, exploiting a critical zero-day vulnerability in Oracle E-Business Suite (EBS).
The attack, tied to CVE-2025-61882, marks another high-profile victim in Cl0P’s relentless assault on organizations using Oracle’s enterprise software.
Cl0P, known for high-impact extortion schemes, announced the breach on their dark web leak site earlier this week. According to the post, attackers gained unauthorized access to Entrust’s systems via an unpatched flaw that allows remote code execution (RCE) in Oracle EBS environments.
The vulnerability, rated CVSS 9.8 for its ease of exploitation without authentication, affects multiple versions of EBS, a widely used platform for financial and supply chain management. Oracle patched it in October 2025’s Critical Patch Update, but delayed adoption has left many firms exposed.
Entrust, a provider of identity and access management solutions, confirmed the incident in a brief statement, noting that no customer data appears compromised.
“We are investigating the matter with urgency and have implemented enhanced security measures,” the company said. However, cybersecurity experts warn that the breach could undermine trust in Entrust’s services, given its role in securing digital certificates and authentication for global enterprises.
This isn’t Cl0P’s first rodeo with CVE-2025-61882. Since disclosing the zero-day in September 2025, the group has listed over a dozen victims, including manufacturing giants and financial institutions.
Their tactic exfiltrating data before encryption has netted millions in ransoms while pressuring targets through public shaming. Analysts at Mandiant attribute the spree to Cl0P’s shift toward “big game hunting,” targeting vulnerabilities in legacy enterprise systems.
The breach highlights persistent risks in supply chain security. Organizations relying on Oracle EBS should prioritize patching and conduct vulnerability scans immediately. As Cl0P’s list grows, the incident underscores the need for proactive threat hunting in an era of sophisticated ransomware operations.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
