Japan's largest brewer, Asahi Group Holdings, has confirmed a ransomware attack by the Qilin group, resulting in production shutdowns and the theft of 27GB of corporate data.
Oracle has issued an emergency patch for a critical zero-day vulnerability (CVE-2025-61882) in its E-Business Suite. The Clop ransomware group has been exploiting the flaw to steal executive data and launch widespread extortion campaigns affecting thousands of organisations globally.
The NSW Reconstruction Authority has confirmed a major data breach affecting 3,000 flood victims after a contractor uploaded sensitive personal and health information to ChatGPT. The breach, undisclosed for more than six months, raises serious concerns about security and transparency.
Oracle has issued an emergency patch for a critical zero-day vulnerability (CVE-2025-61882) in its E-Business Suite. The Clop ransomware group has been exploiting the flaw to steal executive data and launch widespread extortion campaigns affecting thousands of organisations globally.
Cyber News Centre's cyber update for 8th October 2025: Oracle has released an emergency patch for a critical zero day vulnerability in its E-Business Suite that is being actively exploited. The flaw, tracked as CVE-2025-61882, carries a CVSS score of 9.8 and allows unauthenticated remote code execution in the “Concurrent Processing / BI Publisher Integration” component.
Oracle Corporation is a global technology company that provides enterprise software and cloud computing services. Its E-Business Suite is widely used by organisations around the world for enterprise resource planning (ERP), customer relationship management (CRM) and supply chain management.
The Update: Oracle confirmed that the zero day vulnerability had been exploited and released an out-of-cycle patch to address it. Security researchers linked the attacks to data theft and extortion activity associated with the Cl0p ransomware group.
Following a wave of cyber extortion attempts, Oracle warned that some E-Business Suite customers had received threatening emails after the attacks. The company has urged all users to apply the patch immediately and released indicators of compromise to help organisations identify potential breaches.
"Our ongoing investigation has found the potential use of previously identified vulnerabilities that are addressed in the July 2025 critical patch update." - Rob Duhart, Chief Security Officer at Oracle Security
The flaw affects Oracle E-Business Suite versions 12.2.3 through 12.2.14. The UK’s National Cyber Security Centre has also advised organisations to update their systems promptly because of the severity of the vulnerability.
Why It Matters: E-Business Suite plays a crucial role in managing sensitive financial, customer and operational data across thousands of businesses globally. A successful exploitation could allow attackers to access or steal this information.
The confirmed involvement of the Cl0p group, which has previously carried out major data extortion campaigns, increases the risk for affected organisations. This incident highlights the growing challenge of zero day exploitation and reinforces the importance of timely patching and continuous security monitoring within enterprise environments.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Japan's largest brewer, Asahi Group Holdings, has confirmed a ransomware attack by the Qilin group, resulting in production shutdowns and the theft of 27GB of corporate data.
The NSW Reconstruction Authority has confirmed a major data breach affecting 3,000 flood victims after a contractor uploaded sensitive personal and health information to ChatGPT. The breach, undisclosed for more than six months, raises serious concerns about security and transparency.
Security researchers have unmasked Phantom Taurus, a sophisticated Chinese state-sponsored hacking group. For over two years, the group has conducted covert espionage against government and telecommunications organisations worldwide using a custom, fileless malware suite called NET-STAR.
A ransomware attack on a Toowoomba pharmacy has resulted in the leak of sensitive patient data, including medical records and NDIS information. The DragonForce ransomware group has claimed responsibility, highlighting the growing threat to Australian healthcare providers.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
