Oracle has confirmed that the threat actor group Cl0p is actively exploiting a zero-day vulnerability in the Oracle E-Business Suite product, versions 12.2.3-12.2.14. On October 4, 2025, Oracle advised its customers in a security advisory that the supplied patch should be applied “as soon as possible.” According to Oracle, “this vulnerability is remotely exploitable without
Cl0p Exploiting Cleo Software
By Linn Foster Freedman on
Posted in Cybersecurity
According to Cyberscoop, the cyber gang Cl0p “has claimed responsibility for attacks tied to vulnerabilities in software made by Cleo, an Illinois-based IT company that sells various types of enterprise software.” The gang claimed responsibility for the attacks on its website. The vulnerabilities affect Cleo’s products LexiCom, VLTrader, and Harmony. Cleo reportedly services approximately…