Cl0p Ransomware Breaches Security Giant Entrust Via Oracle Zero-Day

The CI0P ransomware gang has taken credit for a recent cybersecurity hack involving the online security company Entrust, in which it exploited a key zero-day vulnerability in the Oracle E-Business Suite (EBS).

The breach connected to CVE-2025-61882 signifies another high-profile victim in the ransomware group’s persistent assault on companies using Oracle’s enterprise application. 

CI0P Group Claims Responsibility for Entrust Data Breach

Earlier this week, CI0P, reputable for high-profile data breaches and extortion schemes, disclosed the hack on its website on the darknet. In the post, the hackers gained unlicensed access to Entrust’s digital systems using an unpatched vulnerability that enables remote code execution (RCE) in Oracle EBS. 

The flaw is rated CVSS 9.8/10 for how easy it makes hackers to access and exploit the system without requiring authentication. Also, the vulnerability impacts several versions of EBS, which is a widely used software for supply chain and financial management. 

The following month after CI0P’s announcement, Oracle released a patch update in October. However, due to a delay in downloading the software update, many firms have been exposed to threat actors.

Entrust confirmed the hack and said it is currently running investigations into the situation urgently and is implementing high-end security measures. On the other hand, securities professionals warn that the recent hack could negatively affect customer trust in Entrust’s services. They noted that this is because of the firm’s role in protecting online certificates and authentication for worldwide enterprises. 

CI0P’s Escapades

It is worth noting that this isn’t the first escapade CI0P has had with CVE-2025-61882. The firm has also listed more than 12 victims on its dark web platform, including those in the financial industry and manufacturing. 

Notably, the group’s technique comprises exfiltrating data before encryption and has looted millions of dollars in ransom from victims. CI0P pressurizes its victims to pay ransom via public shaming. This “name-and-shame” model has become the brutal industry standard for ransomware gangs, as seen in another recent attack where the Rhysida ransomware gang leaked 2TB of data from a US manufacturing giant to force a payment, proving how critical robust data protection is against these threats.

Mandiant’s analysts believe that this spree is due to the ransomware gang’s transition toward what they call “big game hunting.” Analysts noted that CI0P targets flaws in older enterprise systems. This increasing sophistication is a hallmark of the modern ransomware landscape, which is now fueled not just by career criminals but also by a dangerous new wave of insiders. The recent federal charges against security experts who turned into ransomware affiliates reveal how these groups are recruiting top-tier talent to refine their attacks and escalate the threat to businesses globally.

The event underscores existing weaknesses in supply chain security. Therefore, Oracle EBS users should take quick action, patch the software with the update patches, apply regular scans, etc. 

As we watch a growing litany of hackers, this point further legitimizes the importance of proactive threat motive hunting, with ransomware threats being a moving target.

Oracle’s Zero-Day Hack

Oracle confirmed CI0P’s data breach of a zero-day flaw in its EBS product, between versions 12.2.3 and 12.2.14. The tech giant quickly fixed that in the patch update in October 2025, warning that customers using its EBS should do it “as quickly as possible.”

The tech cautioned that the recent vulnerability could be accessed by threat actors remotely, without requiring authentication. If done successfully, hackers would easily execute ransomware codes remotely.

The FBI specifically stated the vulnerability: this is an emergency and puts the Oracle EBS environment at risk of a complete compromise.