Google Warns of Clop Ransomware Exploiting Oracle WebLogic Flaw

Google has issued a warning about the Clop ransomware gang exploiting a critical vulnerability in Oracle WebLogic servers. This vulnerability, tracked as CVE-2023-21839, allows attackers to execute arbitrary code remotely, potentially leading to data breaches and ransomware attacks. Clop ransomware operators have been actively scanning for vulnerable Oracle WebLogic instances and deploying their ransomware payloads to encrypt victims' data and demand ransom payments. The exploitation of this flaw highlights the ongoing risks associated with unpatched enterprise software and the importance of timely updates and security patches. Organizations using Oracle WebLogic servers are urged to apply the latest security patches immediately and enhance their monitoring for suspicious activities to mitigate the risk of ransomware infections. This incident underscores the evolving tactics of ransomware groups leveraging known vulnerabilities to maximize impact and financial gain. Cybersecurity teams should prioritize vulnerability management and incident response readiness to defend against such threats effectively.

This Cyber News was published on www.infosecurity-magazine.com. Publication date: Fri, 10 Oct 2025 10:15:04 +0000

Cyber News related to Google Warns of Clop Ransomware Exploiting Oracle WebLogic Flaw

10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
10 months ago Cybersecuritynews.com

10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
8 months ago Cybersecuritynews.com

Google Warns of Clop Ransomware Exploiting Oracle WebLogic Flaw - Google has issued a warning about the Clop ransomware gang exploiting a critical vulnerability in Oracle WebLogic servers. This vulnerability, tracked as CVE-2023-21839, allows attackers to execute arbitrary code remotely, potentially leading to data ...
2 months ago Infosecurity-magazine.com CVE-2023-21839 Clop

A version of the Clop ransomware designed for Linux systems was aimed at universities and colleges but had flaws - On December 26, researchers observed the first Clop ransomware variant targeting Linux systems. Clop has been around since 2019, attacking large companies, financial institutions, primary schools, and critical infrastructure around the world. After ...
2 years ago Therecord.media

The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com TA505 8base LockBit BianLian Medusa Noescape Black Basta

Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com LockBit

Top 10 Notorious Ransomware Gangs of 2023 - By employing a multitude of advanced techniques like double extortion along with other illicit tactics, ransomware groups are continually evolving at a rapid pace. Here below, we have mentioned all the types of ransomware used by the threat actors ...
1 year ago Cybersecuritynews.com LockBit BianLian Everest Ragnar Locker Black Basta

CVE-2016-0635 - Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component in Oracle Health Sciences Applications 1.2.8.3, ...
6 years ago

Oracle links Clop extortion attacks to July security flaws - Oracle has linked the Clop ransomware extortion group to a series of attacks exploiting security vulnerabilities disclosed in July. These flaws, which affect Oracle products, have been leveraged by Clop to conduct targeted extortion campaigns against ...
2 months ago Bleepingcomputer.com CVE-2023-21839 CVE-2023-21840 CVE-2023-21841 Clop

Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
2 years ago Feeds.fortinet.com 8base

Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
1 year ago Unit42.paloaltonetworks.com Medusa

Cisco Talos Report: New Trends in Ransomware, Network Infrastructure Attacks, Commodity Loader Malware - The Cisco Talos Year in Review report released Tuesday highlights new trends in the cybersecurity threat landscape. We'll focus on three topics covered: the ransomware cybercriminal ecosystem, network infrastructure attacks and commodity loader ...
2 years ago Techrepublic.com LockBit

Ransomware in 2023 recap: 5 key takeaways - This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. While some ransomware trends hardly changed over the last year, such as LockBit's continued dominance, ransomware criminals also challenged ...
1 year ago Malwarebytes.com Scattered Spider LockBit

The Week in Ransomware - An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries. The threat actors are said to be affiliates of numerous ransomware ...
2 years ago Bleepingcomputer.com Qilin Cactus Black Basta

Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
2 years ago Helpnetsecurity.com

Clop Ransomware Targets Oracle Customers With Zero-Day Flaw - Clop ransomware operators have exploited a zero-day vulnerability in Oracle software, targeting Oracle customers with sophisticated attacks. This zero-day flaw allows attackers to gain unauthorized access and deploy ransomware, leading to significant ...
2 months ago Darkreading.com CVE-2023-XXXX Clop

Cactus ransomware exploiting Qlik Sense flaws to breach networks - Cactus ransomware has been exploiting critical vulnerabilities in the Qlik Sense data analytics solution to get initial access on corporate networks. Qlik Sense supports multiple data sources and allows users to create custom data reports or ...
2 years ago Bleepingcomputer.com CVE-2023-41266 CVE-2023-41265 CVE-2023-48365 LockBit Cactus

Dozens of countries will pledge to stop paying ransomware gangs - An alliance of 40 countries will sign a pledge during the third annual International Counter-Ransomware Initiative summit in Washington, D.C., to stop paying ransoms demanded by cybercriminal groups. Addressing reporters on Monday, Anne Neuberger, ...
2 years ago Bleepingcomputer.com

The Clop Ransomware Vulnerability Enabled Linux Users to Retrieve Their Files for an Extended Period of Time - The Clop ransomware gang has recently been spotted using a malware variant that is specifically designed to target Linux servers. However, a flaw in the encryption scheme has allowed victims to recover their files without paying the criminals any ...
2 years ago Bleepingcomputer.com

Google Cloud Next 2024: New Data Center Chip Joins Ecosystem - Google Cloud announced a new enterprise subscription for Chrome and a bevy of generative AI add-ons for Google Workspace during the Cloud Next '24 conference, held in Las Vegas from April 9 - 11. Overall, Google Cloud is putting its Gemini generative ...
1 year ago Techrepublic.com

The Week in Ransomware - Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. On Tuesday, the Australian, US, and UK governments announced sanctions against Aleksandr Gennadievich ...
1 year ago Bleepingcomputer.com LockBit BianLian Akira Cactus

Targeting homeowners' data - As these companies obtain a large amount of sensitive information from their customers, they become attractive targets for ransomware gangs to conduct double-extortion attacks. Finland is also warning of Akira ransomware increasingly targeting ...
1 year ago Bleepingcomputer.com LockBit Akira

The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
2 years ago Bleepingcomputer.com LockBit Akira Noescape

Declining Ransomware Payments: Shift in Hacker Tactics? - Several cybersecurity advisories and agencies recommend not caving into ransomware gangs' demands and paying their ransoms. It seems the tide is turning, with a decline in ransomware payments; this article explores the trend and what it might mean ...
1 year ago Securityboulevard.com

Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
1 year ago Feeds.fortinet.com