On October 4, Oracle published a Security Alert Advisory for a zero-day in its E-Business Suite (EBS) solution:

This vulnerability was reportedly exploited in the wild by the Cl0p ransomware group. It followed earlier reports of extortion emails being sent to EBS customers by the Cl0p ransomware group. Initially, Oracle indicated that attacks used flaws in Oracle’s July 2025 CPU release. 

For more information about this zero-day vulnerability and associated vulnerabilities, including the availability of patches and Tenable product coverage, please visit our blog.