一次与 CL0P 相关的网络攻击利用了 Oracle 系统中的零日攻击，破坏了 100+ 个组织并窃取了数据，并敦促修补。 A CL0P-linked cyberattack exploited a zero-day in Oracle’s system, breaching 100+ orgs and stealing data, with patches urged.

可能从2025年7月开始, 与甲骨文电子商业套件有关的网络攻击使100多个组织受到影响, Google将此事归咎于CL0P赎金软件集团。 A cyberattack linked to Oracle’s E-Business Suite, possibly starting in July 2025, compromised over 100 organizations, with Google attributing the breach to the CL0P ransomware group. 黑客利用Oracle档案转移系统中的零天脆弱性,盗取大量客户数据,并利用受害者系统的合法档案清单发送敲诈邮件。 The hackers exploited a zero-day vulnerability in Oracle’s file transfer systems, stealing large volumes of customer data and sending extortion emails using legitimate file listings from victim systems. 虽然CL0P的漏泄网站没有公布受害者, 但研究人员表示延迟与过去的行为相符。 Although no victims have been posted on CL0P’s leak site, researchers say the delay aligns with past behavior. 谷歌和Mandiant敦促立即进行补丁,网络监控和威胁搜索, 指出更新了Oracle7月份补丁的系统可能会受到保护. Google and Mandiant urge immediate patching, network monitoring, and threat hunting, noting systems updated with Oracle’s July patch are likely protected. 这一事件凸显了企业软件中持续存在的供应链风险。 The incident highlights ongoing supply chain risks in enterprise software.