Oracle EBS zero-day exploitation wave (dozens of victims)
Exploitation Wave
Summary
Hide ▲
Show ▼
A multi-victim Oracle E-Business Suite (EBS) exploitation wave is affecting dozens of victims, with the total possibly exceeding 100. The activity is tied to zero-day vulnerabilities in October 2025, signaling broad abuse of exposed Oracle EBS deployments. At this scale, the wave raises the risk of repeated compromise, downstream data theft, and extortion across multiple organizations.
Related Happenings
Oracle WebLogic Server CVE-2026-21962 rapid exploitation wave
Exploitation Wave
First: 26.03.2026 18:00
Last: 26.03.2026 18:00
Sources 1
About this happening:
**Oracle WebLogic Server** systems faced a rapid **CVE-2026-21962** exploitation wave after public exploit code appeared, creating immediate **RCE risk** for exposed servers. The...
Oracle WebLogic Server CVE-2026-21962 rapid exploitation wave
Exploitation WaveAbout this happening: **Oracle WebLogic Server** systems faced a rapid **CVE-2026-21962** exploitation wave after public exploit code appeared, creating immediate **RCE risk** for exposed servers. The...
Oracle Identity Manager and Oracle Web Services Manager unauthenticated RCE (CVE-2026-21992)
Vulnerability
First: 20.03.2026 20:48
Last: 20.03.2026 20:48
Sources 1
About this happening:
Oracle issued an **out-of-band update** to fix **CVE-2026-21992**, a **critical unauthenticated remote code execution** flaw in **Oracle Identity Manager** and **Oracle Web Servic...
Oracle Identity Manager and Oracle Web Services Manager unauthenticated RCE (CVE-2026-21992)
VulnerabilityAbout this happening: Oracle issued an **out-of-band update** to fix **CVE-2026-21992**, a **critical unauthenticated remote code execution** flaw in **Oracle Identity Manager** and **Oracle Web Servic...
Cl0p Oracle E-Business Suite zero-day extortion campaign
Campaign
First: 02.03.2026 15:53
Last: 02.03.2026 15:53
Sources 1
About this happening:
The **Cl0p ransomware and extortion group** is running an **Oracle E-Business Suite** extortion campaign that used **zero-day vulnerabilities** to access data from **more than 100...
Cl0p Oracle E-Business Suite zero-day extortion campaign
CampaignAbout this happening: The **Cl0p ransomware and extortion group** is running an **Oracle E-Business Suite** extortion campaign that used **zero-day vulnerabilities** to access data from **more than 100...
Madison Square Garden hit by network compromise linked to Cl0p
Incident
First: 02.03.2026 15:53
Last: 02.03.2026 15:53
Sources 1
About this happening:
**Madison Square Garden** confirmed a **data breach** that exposed **names and SSNs**, and it has started notifying affected people. The compromise involved a **hosted Oracle E-Bu...
Madison Square Garden hit by network compromise linked to Cl0p
IncidentAbout this happening: **Madison Square Garden** confirmed a **data breach** that exposed **names and SSNs**, and it has started notifying affected people. The compromise involved a **hosted Oracle E-Bu...
Rising encryptionless extortion incidents against enterprises in 2025
Target Trend
First: 15.01.2026 17:45
Last: 15.01.2026 17:45
Sources 1
About this happening:
**Encryptionless extortion** surged in **2025** as attackers increasingly skipped ransomware encryption and instead stole data to pressure victims across **enterprise environments...
Rising encryptionless extortion incidents against enterprises in 2025
Target TrendAbout this happening: **Encryptionless extortion** surged in **2025** as attackers increasingly skipped ransomware encryption and instead stole data to pressure victims across **enterprise environments...
Timeline
-
12.11.2025 17:30 1 articles · 6mo ago
Oracle EBS exploitation observed
Exploitation ObservedOracle confirmed that threat actors were likely exploiting vulnerabilities against Oracle E-Business Suite environments on October 2, 2025, indicating active abuse of a previously unknown zero-day path affecting exposed Oracle instances.
Show sources
- GlobalLogic Becomes Latest Cl0p Victim After Oracle EBS Attack — www.infosecurity-magazine.com — 12.11.2025 17:30
-
12.11.2025 17:30 1 articles · 6mo ago
Oracle issues zero-day security advisory
Mitigation Patch UpdateOracle issued a security advisory on October 4, 2025 about a previously unknown zero-day exploit affecting Oracle E-Business Suite, establishing the vendor response that prompted customers to assess exposure and patch affected systems.
Show sources
- GlobalLogic Becomes Latest Cl0p Victim After Oracle EBS Attack — www.infosecurity-magazine.com — 12.11.2025 17:30
-
12.11.2025 17:30 1 articles · 6mo ago
Data exfiltration confirmed from GlobalLogic Oracle instance
Victim Impact UpdateGlobalLogic's investigation confirmed that data was exfiltrated from its Oracle environment on October 9, 2025, turning the Oracle E-Business Suite compromise into a confirmed data theft event affecting employee information.
Show sources
- GlobalLogic Becomes Latest Cl0p Victim After Oracle EBS Attack — www.infosecurity-magazine.com — 12.11.2025 17:30
-
12.11.2025 17:30 2 articles · 6mo ago
GlobalLogic discloses Oracle EBS compromise to 10,471 people
Initial DisclosureGlobalLogic notified 10,471 current and former employees that personal data from its Oracle E-Business Suite platform was compromised in a large-scale data extortion campaign, with exposed HR records including names, addresses, phone numbers, dates of birth, passport information, salary information, and bank account details.
Show sources
- GlobalLogic Becomes Latest Cl0p Victim After Oracle EBS Attack — www.infosecurity-magazine.com — 12.11.2025 17:30
- GlobalLogic Becomes Latest Cl0p Victim After Oracle EBS Attack — www.infosecurity-magazine.com — 12.11.2025 17:30