News

Clop Exploits Oracle EBS CVE-2025-61882: A New Era of Data Extortion

Luciano Ferrari

16 Jan 2026 — 2 min read

Friday, January 16, 2026

Top 5 Cybersecurity Stories You Should Know

Clop Exploits Oracle EBS CVE-2025-61882: A New Era of Data Extortion — tl;dr: The Clop ransomware gang has exploited a critical vulnerability (CVE-2025-61882) in Oracle E-Business Suite, allowing unauthenticated remote code execution. Since August 2025, they have targeted major organizations, including Canon and Dartmouth College, focusing on data theft rather than traditional ransomware tactics. This shift highlights the urgency for CISOs to assume compromise before vulnerabilities are disclosed, enhance data exfiltration prevention, and prioritize security for business-critical platforms. Organizations must prepare for extortion-centric incident responses and invest in threat intelligence to mitigate risks associated with zero-day vulnerabilities.
↪ https://www.cisoplatform.com/profiles/blogs/clop-s-oracle-ebs-rampage-another-day-another-zero-day-another-ro
Cisco Patches Critical Zero-Day in Secure Email Gateways (CVE-2025-20393) — tl;dr: Cisco has released security updates for a critical remote command execution vulnerability (CVE-2025-20393) affecting Cisco AsyncOS Software for Secure Email Gateway. This flaw, exploited by a China-linked advanced persistent threat, could allow attackers to execute arbitrary commands with root privileges if specific conditions are met. Organizations using affected appliances should urgently apply the updates to mitigate potential risks. Failure to do so may expose sensitive systems to unauthorized access and compromise.
↪ https://thehackernews.com/
Microsoft Reports Ransomware Gangs Targeting Cloud Environments with New Tactics — tl;dr: Microsoft's Threat Intelligence has identified a worrying trend in ransomware attacks, particularly targeting cloud environments. Notably, state-affiliated groups like North Korea's Moonstone Sleet are now utilizing Ransomware-as-a-Service (RaaS) models to enhance their operations. Threat actors are exploiting vulnerabilities in hybrid cloud setups, deleting backups, and employing social engineering tactics to gain initial access. Organizations are urged to bolster their cybersecurity measures by securing cloud infrastructures, promptly patching vulnerabilities, and ensuring robust backup solutions to mitigate the risks posed by these evolving threats.
↪ https://gbhackers.com/ransomware-gangs-exploit-cloud-environments/?trk=article-ssr-frontend-pulse_little-text-block
#StopRansomware Advisory: Interlock Ransomware Tactics and Mitigation — tl;dr: The CISA and FBI have issued a joint advisory on Interlock ransomware, first observed in September 2024, targeting businesses and critical infrastructure in North America and Europe. This ransomware employs a double extortion model, encrypting data after exfiltration, and uses unique codes for ransom negotiation via Tor. Organizations are urged to implement DNS filtering, patch vulnerabilities, segment networks, and enforce multifactor authentication to mitigate risks. The advisory includes specific tactics, techniques, and indicators of compromise to help organizations defend against these threats effectively.
↪ https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-203a
Chrome Zero-Day CVE-2025-6554 Highlights Need for Zero Trust in Browser Security — tl;dr: The recent Chrome zero-day vulnerability, CVE-2025-6554, underscores the critical need for enhanced browser security measures. Attackers are increasingly exploiting such vulnerabilities before patches are available, putting sensitive data and business operations at risk. Organizations must transition from outdated security practices to a layered Zero Trust approach to effectively mitigate these threats. Regular updates, cautious browsing habits, and the implementation of advanced security solutions like Menlo Secure Cloud Browser are essential to protect against these evolving cyber threats.
↪ https://www.linkedin.com/posts/menlo-security_chrome-zero-day-why-browser-security-is-activity-7348477992660070416-sdcJ