News

Clop Exploits Oracle EBS CVE-2025-61882: A New Era of Data Extortion

Luciano Ferrari

14 Jan 2026 — 2 min read

Wednesday, January 14, 2026

Top 5 Cybersecurity Stories You Should Know

Clop Exploits Oracle EBS CVE-2025-61882: A New Era of Data Extortion — tl;dr: The Clop ransomware gang has exploited a critical vulnerability (CVE-2025-61882) in Oracle E-Business Suite, allowing unauthenticated remote code execution. Since August 2025, they have targeted numerous organizations, including Canon and Dartmouth College, focusing on data theft rather than traditional ransomware tactics. This shift emphasizes the need for CISOs to assume compromise before vulnerabilities are disclosed, enhance data exfiltration prevention, and prioritize security for business-critical platforms. Organizations must prepare for extortion-centric incident responses and invest in robust threat intelligence to mitigate risks from such evolving cyber threats.
↪ https://www.cisoplatform.com/profiles/blogs/clop-s-oracle-ebs-rampage-another-day-another-zero-day-another-ro
Fortinet Fixes Critical FortiSIEM Vulnerability (CVE-2025-64155) — tl;dr: Fortinet has addressed a critical OS command injection vulnerability in FortiSIEM, tracked as CVE-2025-64155, which allows unauthenticated attackers to execute unauthorized code on affected systems. Rated 9.4 on the CVSS scale, this flaw impacts Super and Worker nodes across various FortiSIEM versions. Users are urged to upgrade to the latest versions as specified in Fortinet's advisory to mitigate potential risks. Failure to update could expose organizations to significant security threats, emphasizing the need for timely patch management in cybersecurity practices.
↪ https://thehackernews.com/
Microsoft Fixes Windows 0-Day CVE-2026-20805; CISA Issues Urgent Alert — tl;dr: Microsoft has patched a critical Windows 0-day vulnerability, CVE-2026-20805, which allows authorized attackers to leak memory addresses from a remote ALPC port, potentially leading to arbitrary code execution. The US Cybersecurity and Infrastructure Security Agency (CISA) has added this flaw to its Known Exploited Vulnerabilities catalog, mandating federal agencies to implement the fix by February 3, 2026. Organizations are advised to prioritize this patch to mitigate risks associated with this medium-severity vulnerability, which could be exploited to undermine core security controls like Address Space Layout Randomization (ASLR).
↪ https://www.theregister.com/2026/01/14/patch_tuesday_january_2026/
#StopRansomware Advisory: Interlock Ransomware Threats and Mitigation — tl;dr: The CISA, FBI, and other agencies have released a joint advisory on the Interlock ransomware, first detected in September 2024, targeting businesses and critical infrastructure in North America and Europe. This ransomware employs a double extortion model, encrypting and exfiltrating data without initial ransom demands. Organizations are urged to implement DNS filtering, patch vulnerabilities, segment networks, and enforce multifactor authentication to mitigate risks. Notably, Interlock uses unique initial access methods, including drive-by downloads and social engineering techniques. For comprehensive protection, organizations should adopt robust endpoint detection and response capabilities.
↪ https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-203a
CISA Alerts on Cyber Threats: Focus on Ransomware and Vulnerabilities — tl;dr: The Cybersecurity and Infrastructure Security Agency (CISA) provides critical updates on evolving cyber threats, particularly emphasizing the rise in ransomware attacks and vulnerabilities exploited by nation-state actors. Organizations of all sizes, including federal, state, and local governments, must prioritize cybersecurity measures to defend against these threats. CISA's resources, such as the Known Exploited Vulnerabilities Catalog and the StopRansomware initiative, offer essential guidance for mitigating risks. Staying informed and implementing recommended best practices is crucial for maintaining national security and protecting sensitive information.
↪ https://www.cisa.gov/topics/cyber-threats-and-advisories