Cl0p ransomware operators launched a targeted campaign against Cox Enterprises by exploiting a critical zero\u2011day vulnerability in Oracle E\u2011Business Suite (Oracle EBS), tracked as CVE\u20112025\u201161882, which allowed remote, unauthenticated access to one of the company\u2019s most sensitive back\u2011office platforms. The intrusion window ran roughly between 9 and 14 August 2025 and went undetected until late September, giving attackers ample time to systematically explore the Oracle EBS environment and exfiltrate data.
\u200bInstead of prioritizing large\u2011scale encryption, Cl0p focused on data theft and extortion, quietly pulling sensitive records linked to 9,479 individuals from Cox\u2019s Oracle EBS instance. Stolen data, believed to include personal identifiers and potentially HR and financial information, was later posted on Cl0p\u2019s leak site after Cox did not meet ransom demands. Oracle released a patch for CVE\u20112025\u201161882 in early October, but by then multiple organizations had already been compromised as part of this broader Oracle EBS campaign.
\u200bCox has notified affected users and offered credit\u2011monitoring and identity\u2011theft protection services while strengthening monitoring and patching around Oracle EBS and related ERP assets. The case underscores how a single ERP zero\u2011day can become a global extortion vector, enabling supply\u2011chain\u2011style impact across telecom, media, automotive, and other sectors.<\/p>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
Cl0p ransomware operators launched a targeted campaign against Cox Enterprises by exploiting a critical zero\u2011day vulnerability in Oracle E\u2011Business Suite (Oracle EBS), tracked as CVE\u20112025\u201161882, which allowed remote, unauthenticated access to one of the company\u2019s most sensitive back\u2011office platforms. The intrusion window ran roughly between 9 and 14 August 2025 and went undetected until late September, giving attackers ample time [\u2026]<\/span><\/p>\n","protected":false},"author":1,"featured_media":8761,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[226,220,225,10,223],"tags":[],"class_list":["post-9049","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-finance-and-legal","category-government-advisory","category-heavy-industry","category-latest_vulnerabilities","category-retail-and-e-commerce"],"acf":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/cyberenso.jp\/wp-content\/uploads\/2025\/01\/080321-Zero-Day-Attack-Vulnerability-Detection-and-Prevention-that-Cybersecurity-Companies-Offer-FI-min.png?fit=1200%2C800&ssl=1","_links":{"self":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/9049"}],"collection":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/comments?post=9049"}],"version-history":[{"count":1,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/9049\/revisions"}],"predecessor-version":[{"id":9050,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/9049\/revisions\/9050"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media\/8761"}],"wp:attachment":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media?parent=9049"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/categories?post=9049"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/tags?post=9049"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}