Cl0p Mass Exploiting Zero-day Vulnerability in Oracle E-Business Suite

One of the biggest cybersecurity stories affecting organizations in January 2026 was the ongoing Oracle E-Business Suite (EBS) breach linked to the Cl0p ransomware group. The attackers took advantage of a critical security vulnerability in Oracle’s BI Publisher Integration component, allowing them to gain unauthorized access to vulnerable systems and potentially execute malicious code remotely.
According to security researchers, the vulnerability was first exploited in August 2025. However, many organizations only became aware of the breach weeks later when senior executives started receiving extortion emails claiming that sensitive company data had been stolen from their Oracle EBS environments. The campaign continued to impact businesses throughout January 2026 as new victims were identified.
More than 100 organizations worldwide were reportedly affected by the attack. Several well-known companies, including Broadcom, Estée Lauder, Mazda, and Canon, were named in reports connected to the incident. In some cases, attackers claimed to have stolen large amounts of sensitive information before demanding ransom payments from the affected organizations.
Organizations that refused to negotiate with the attackers faced additional pressure. The Cl0p group reportedly published samples of stolen data on its dark web leak site, while threatening to release more information publicly. The incident once again highlighted the growing risks associated with unpatched enterprise software and demonstrated how a single critical vulnerability can lead to widespread compromise across multiple industries.