The Cl0P ransomware group has claimed responsibility for a significant breach affecting digital security firm Entrust, utilizing a zero-day vulnerability identified as CVE-2025-61882 within Oracle E-Business Suite. The vulnerability, with a CVSS score of 9.8, allows for remote code execution without requiring authentication and has exposed numerous organizations reliant on this enterprise software.
Oracle issued a critical patch for this vulnerability in October 2025; however, due to delayed implementations, many companies remain vulnerable to Cl0P’s attacks. Entrust confirmed the breach without any evidence of compromised customer data, but experts believe that this incident may damage trust in their services, primarily focused on managing digital certificates and authentication for large enterprises. The ongoing wave of ransomware targeting legacy systems emphasizes the need for businesses to prioritize timely patching and proactive threat hunting. As Cl0P’s campaign continues to expand, the situation serves as a stark reminder of the risks that exist within supply chain security.
👉 Pročitaj original: Cyber Security News
