Oracle has confirmed that hackers are targeting some of its E-Business Suite customers with extortion emails. The attackers claim to have stolen sensitive corporate data and are demanding multi-million dollar ransom payments to prevent its release. According to Oracle’s investigation, the threat actors appear to have exploited known vulnerabilities that were patched in July 2025, rather than leveraging any new zero-day flaws.

While the exact number of affected customers remains unclear, reports suggest that the extortion campaign is linked to cybercriminal groups associated with the Cl0p ransomware gang. Security experts, including Google’s threat analysis team, have flagged the campaign as a growing risk, warning that attackers may be leveraging old but unpatched systems to infiltrate corporate networks.

Oracle has urged all customers to apply the latest security updates and remain vigilant against suspicious emails. The incident highlights the ongoing danger posed by unpatched vulnerabilities and the increasing trend of cybercriminals resorting to direct extortion tactics rather than deploying traditional ransomware.