Addressing CL0P Extortion Campaign Targeting Oracle EBS CVE-2025-61882

**Executive summary:** Cybereason reports that CL0P exploited one or more Oracle E-Business Suite vulnerabilities (including CVE-2025-61882) to achieve unauthenticated remote code execution, enumerate and exfiltrate on-premise EBS data at scale, and conduct a widespread extortion campaign via mass emails using compromised sender accounts; Oracle and incident responders recommend immediate patching (July 2025 CPU and the Oct 5, 2025 fix), SSO/MFA, and DFIR investigations.