Oracle Warns: Urgent EBS Patch Needed to Stop $50M Extortion
Oracle Corporation has warned customers of its E-Business Suite (EBS) platform about a sophisticated extortion campaign exploiting unpatched vulnerabilities. The company urges immediate action to protect critical enterprise functions.
Hackers, linked to the notorious ShinyHunters and Cl0p groups, are exploiting previously identified flaws patched in Oracle's July 2025 Critical Patch Update. These vulnerabilities include high-severity issues like remote code execution and SQL injection, with CVSS scores up to 9.8.
The cybercriminals have demonstrated advanced tactics, compromising user email accounts and exploiting default password-reset functions. They are demanding up to $50 million, one of the largest ransom demands seen recently. Oracle manages critical enterprise functions, making it an attractive target.
Oracle has strongly recommended immediate deployment of the latest Critical Patch Updates to mitigate the risk. Organizations experiencing similar extortion attempts should contact Oracle Support immediately and implement incident response procedures.
