Cl0p Oracle E-Business Suite zero-day extortion campaign
Campaign
Summary
Hide ▲
Show ▼
The Cl0p ransomware and extortion group is running an Oracle E-Business Suite extortion campaign that used zero-day vulnerabilities to access data from more than 100 organizations. The operation targets customers of the enterprise management software and shows broad exposure across a widely used business platform. Its scale makes the campaign a systemic risk for organizations using Oracle EBS.
Related Happenings
Oracle Identity Manager and Oracle Web Services Manager unauthenticated RCE (CVE-2026-21992)
Vulnerability
First: 20.03.2026 20:48
Last: 20.03.2026 20:48
Sources 1
About this happening:
Oracle issued an **out-of-band update** to fix **CVE-2026-21992**, a **critical unauthenticated remote code execution** flaw in **Oracle Identity Manager** and **Oracle Web Servic...
Oracle Identity Manager and Oracle Web Services Manager unauthenticated RCE (CVE-2026-21992)
VulnerabilityAbout this happening: Oracle issued an **out-of-band update** to fix **CVE-2026-21992**, a **critical unauthenticated remote code execution** flaw in **Oracle Identity Manager** and **Oracle Web Servic...
Madison Square Garden hit by network compromise linked to Cl0p
Incident
First: 02.03.2026 15:53
Last: 02.03.2026 15:53
Sources 1
How related:
Madison Square Garden has confirmed being impacted by a data breach stemming from a cybercrime campaign targeting customers of Oracle’s E-Business Suite (EBS) solution.
About this happening:
**Madison Square Garden** confirmed a **data breach** that exposed **names and SSNs**, and it has started notifying affected people. The compromise involved a **hosted Oracle E-Bu...
Madison Square Garden hit by network compromise linked to Cl0p
IncidentHow related: Madison Square Garden has confirmed being impacted by a data breach stemming from a cybercrime campaign targeting customers of Oracle’s E-Business Suite (EBS) solution.
About this happening: **Madison Square Garden** confirmed a **data breach** that exposed **names and SSNs**, and it has started notifying affected people. The compromise involved a **hosted Oracle E-Bu...
ZAST.AI $6 million Pre-A funding round
Industry Action
First: 10.02.2026 13:40
Last: 10.02.2026 13:40
Sources 1
About this happening:
**ZAST.AI** completed a **$6 million Pre-A funding round** backed by **Hillhouse Capital**, giving the cybersecurity vendor more capital to scale its AI-powered code security plat...
ZAST.AI $6 million Pre-A funding round
Industry ActionAbout this happening: **ZAST.AI** completed a **$6 million Pre-A funding round** backed by **Hillhouse Capital**, giving the cybersecurity vendor more capital to scale its AI-powered code security plat...
TikTok U.S. joint venture under September 2025 executive order
Public Sector Action
First: 23.01.2026 13:30
Last: 23.01.2026 13:30
Sources 1
About this happening:
The U.S.-backed **TikTok USDS Joint Venture LLC** now lets **TikTok** keep operating in the **U.S.**, changing ownership and security oversight for a platform used by **over 200 m...
TikTok U.S. joint venture under September 2025 executive order
Public Sector ActionAbout this happening: The U.S.-backed **TikTok USDS Joint Venture LLC** now lets **TikTok** keep operating in the **U.S.**, changing ownership and security oversight for a platform used by **over 200 m...
Rising encryptionless extortion incidents against enterprises in 2025
Target Trend
First: 15.01.2026 17:45
Last: 15.01.2026 17:45
Sources 1
About this happening:
**Encryptionless extortion** surged in **2025** as attackers increasingly skipped ransomware encryption and instead stole data to pressure victims across **enterprise environments...
Rising encryptionless extortion incidents against enterprises in 2025
Target TrendAbout this happening: **Encryptionless extortion** surged in **2025** as attackers increasingly skipped ransomware encryption and instead stole data to pressure victims across **enterprise environments...
Timeline
-
02.03.2026 15:53 2 articles · 2mo ago
Cl0p Oracle E-Business Suite zero-day extortion campaign
Initial DisclosureThe operation began by exploiting **zero-day vulnerabilities** in **Oracle E-Business Suite** to reach customer data at scale. That initial access established a broad extortion campaign affecting a shared enterprise platform.
Show sources
- Madison Square Garden Data Breach Confirmed Months After Hacker Attack — www.securityweek.com — 02.03.2026 15:53
- Madison Square Garden Data Breach Confirmed Months After Hacker Attack — www.securityweek.com — 02.03.2026 15:53