Monday , July 13 2026
Cl0p ransomware

Cl0p Ransomware Targets Oracle in $50M Extortion Threat

Researchers at Google Mandiant and GTIG are monitoring a suspected Cl0p ransomware affiliate conducting a mass extortion campaign against Oracle E-Business Suite customers. The attackers allege they have stolen sensitive corporate data and are demanding ransoms up to $50 million, as reported by the incident response firm Halcyon, which is assisting the impacted organizations.

The Road Ahead:

Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Global ransomware attacks stayed very high in the first seven months of 2026. There were 5,064 confirmed victims in 135...
Read More
Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Palo Alto Networks Addresses 13 Vulnerabilities

Palo Alto Networks shared warnings on Wednesday about over twelve security issues in its products. The new warnings include 13 security...
Read More
Palo Alto Networks Addresses 13 Vulnerabilities

Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

A critical flaw with how Dell saves BIOS passwords lets anyone quickly recover these passwords from a flash dump without...
Read More
Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

CoLoCity is proud to launch a new Data Center in Gulshan-2. It is designed to meet the growing demand for...
Read More
CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

Daily Cyber security update for 10. 07. 2026

Cyberattacks are rising around the world, including ransomware, malware, data leaks, and hacked websites. These events show how complex and...
Read More
Daily Cyber security update for 10. 07. 2026

How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

A major AWS attack shows how attackers with AI can connect known cloud strategies to go from first access to...
Read More
How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

Mycelium Framework: First AI-as-a-Service Botnet

A new cybercrime ad is catching attention in the security world. It talks about a botnet that doesn't just get...
Read More
Mycelium Framework: First AI-as-a-Service Botnet

CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

CrowdStrike has shared five new ways to inject prompts, showing the rising danger to AI agents as more organizations use...
Read More
CrowdStrike Shows 5 New Prompt Injection Techniques for AI Agents

Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

A critical flaw in Google Cloud Platform’s Dialogflow CX lets attackers add harmful code to a company's AI chatbot system....
Read More
Critical GCP Dialogflow Vulnerability Allows Malicious Code Injection

CIRT identified 153 publicly exposed FortiGate devices in Bangladesh

CIRT identified 153 publicly exposed FortiGate devices in Bangladesh. In an advisory CIRT said, the campaign has been observed globally,...
Read More
CIRT identified 153 publicly exposed FortiGate devices in Bangladesh

Oracle’s E-Business Suite helps companies manage finance, supply chain, and customer relations, so claims of a breach are concerning. Investigators haven’t confirmed the full extent yet, but at least one company has confirmed that data from its Oracle systems was stolen.

Modus Operandi: Email Hacks and Credential Abuse:

Attackers may have used compromised emails and Oracle E-Business Suite’s password reset to access valid accounts. Victims received file trees and screenshots as proof, a typical tactic used by Cl0p to raise ransom pressure.

“This group is notorious for stealthy, mass data theft that heightens their leverage in ransom negotiations,” said Cynthia Kaiser, Vice President at Halcyon’s Ransomware Research Center. “We’ve seen Cl0p demand seven- and eight-figure ransoms in just the last few days.”

FIN11 Links and the Cl0p Connection:

According to Mandiant’s CTO Charles Carmakal, the extortion campaign involves “hundreds of compromised accounts” in a coordinated push. At least one account has been tied to FIN11, a financially motivated threat group long associated with Cl0p ransomware deployment.

Cl0p has exploited significant vulnerabilities in software like Accellion, SolarWinds, Fortra GoAnywhere, and MOVEit, impacting thousands of global organizations. Mandiant researchers indicate that the group likely operates mainly from the Commonwealth of Independent States (CIS) but intentionally avoids activities in that area.

Early Stage, But Risks Are High:

Genevieve Stark, Head of Cybercrime and Information Operations Intelligence Analysis at GTIG, emphasized caution. “This activity began on or before September 29, but we are still in the early stages of multiple investigations. While some indicators tie this campaign to Cl0p affiliates, we lack definitive proof that the attackers’ claims are fully accurate.”

Mandiant has advised organizations using Oracle E-Business Suite to check for signs of compromise associated with Cl0p and FIN11.

Cybersecurity experts indicate that if the claims are true, this could be one of the largest extortion attempts related to Oracle, affecting industries from finance and energy to healthcare and defense.

The ongoing investigations highlight how ransomware groups are becoming more sophisticated, using technical tricks and aggressive extortion. For companies using Oracle E-Business Suite, this situation emphasizes the need for patching, managing credentials, and adopting a zero-trust security model.

As Carmakal of Mandiant put it: “This is a high-volume, global campaign. Organizations need to take immediate steps to detect compromise, patch vulnerabilities, and prepare response playbooks before these extortion threats escalate further.”

Check Also

FortiGate

CIRT identified 153 publicly exposed FortiGate devices in Bangladesh

CIRT identified 153 publicly exposed FortiGate devices in Bangladesh. In an advisory CIRT said, the …