Broadcom, a global technology leader valued at hundreds of billions, was among the high-profile victims of **Cl0p’s ransomware attack** exploiting a **zero-day vulnerability in Oracle’s E-Business Suite (CVE-2025-61882 and CVE-2025-21884)**. The cybercriminal group **exfiltrated sensitive corporate and customer data**, threatening to leak or sell it unless a ransom was paid. The breach compromised critical systems, risking **financial records, proprietary business data, and third-party customer information**. Cl0p’s extortion tactics included warnings of **public disclosure on their blog, torrent leaks, or sales to malicious actors**, amplifying reputational and operational risks. Given Broadcom’s role in semiconductor and infrastructure technology, the attack posed **supply chain cascading risks**, potentially disrupting clients reliant on its products. Oracle issued emergency patches, but the damage—including **data theft, potential regulatory fines, and erosion of stakeholder trust**—had already occurred. The incident underscores vulnerabilities in enterprise software dependencies, with Broadcom facing **long-term financial and strategic repercussions** if the stolen data is weaponized.
Source: https://www.z2data.com/insights/everything-you-need-to-know-about-the-oracle-data-breach
Broadcom cybersecurity rating report: https://www.rankiteo.com/company/broadcom
"id": "BRO3105131112625",
"linkid": "broadcom",
"type": "Ransomware",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Technology (Enterprise Software)',
'location': 'United States',
'name': 'Oracle',
'size': 'Large (Fortune 500)',
'type': 'Corporation'},
{'industry': 'Semiconductors/Technology',
'location': 'United States',
'name': 'Broadcom',
'size': 'Large (Fortune 500)',
'type': 'Corporation'},
{'industry': 'Cosmetics/Retail',
'location': 'United States',
'name': 'Estée Lauder Companies',
'size': 'Large (Fortune 500)',
'type': 'Corporation'},
{'industry': 'Automotive',
'location': 'Japan',
'name': 'Mazda',
'size': 'Large',
'type': 'Corporation'},
{'industry': 'Technology/Imaging',
'location': 'Japan',
'name': 'Canon',
'size': 'Large',
'type': 'Corporation'},
{'industry': 'Automotive/Tires',
'location': 'France',
'name': 'Michelin',
'size': 'Large',
'type': 'Corporation'},
{'industry': 'Healthcare/Insurance',
'location': 'United States',
'name': 'Humana',
'size': 'Large (Fortune 500)',
'type': 'Corporation'},
{'industry': 'Apparel',
'location': 'United States',
'name': 'Fruit of the Loom',
'size': 'Large',
'type': 'Corporation'},
{'industry': 'Healthcare/Pharmaceuticals',
'location': 'United States',
'name': 'Abbott Laboratories',
'size': 'Large (Fortune 500)',
'type': 'Corporation'},
{'industry': 'Food/Baking',
'location': 'Mexico',
'name': 'Grupo Bimbo',
'size': 'Large',
'type': 'Corporation'},
{'industry': 'Technology/Networking',
'location': 'United States',
'name': 'A10 Networks',
'size': 'Mid-Large',
'type': 'Corporation'},
{'industry': 'Technology/Workplace Solutions',
'location': 'United States',
'name': 'Envoy',
'size': 'Mid-Large',
'type': 'Corporation'},
{'industry': 'Transportation',
'location': 'United States',
'name': 'Greater Cleveland RTA',
'size': 'Mid',
'type': 'Government Agency'},
{'industry': 'Technology/Security',
'name': 'Frontrol',
'type': 'Corporation'},
{'industry': 'Apparel/Manufacturing',
'location': 'Sri Lanka',
'name': 'MAS Holdings',
'size': 'Large',
'type': 'Corporation'},
{'industry': 'HVAC/Manufacturing',
'location': 'United States',
'name': 'Trane Technologies',
'size': 'Large',
'type': 'Corporation'},
{'industry': 'Manufacturing',
'name': 'Treet Corp',
'type': 'Corporation'},
{'industry': 'Education',
'location': 'United States',
'name': 'University of Phoenix',
'size': 'Large',
'type': 'Educational Institution'},
{'industry': 'Automotive/Manufacturing',
'location': 'United States',
'name': 'L&L Products',
'size': 'Mid-Large',
'type': 'Corporation'},
{'industry': 'Engineering/Consulting',
'location': 'Australia',
'name': 'Worley',
'size': 'Large',
'type': 'Corporation'},
{'industry': 'Logistics/Transportation',
'name': 'Fleet Management Limited',
'type': 'Corporation'},
{'industry': 'Retail/Hospitality',
'location': 'Kuwait',
'name': 'Alshaya Group',
'size': 'Large',
'type': 'Corporation'},
{'industry': 'Construction/Engineering',
'location': 'United States',
'name': 'Bechtel Corporation',
'size': 'Large',
'type': 'Corporation'},
{'industry': 'Retail/Wellness',
'location': 'United States',
'name': 'WellBiz Brands, Inc.',
'size': 'Mid',
'type': 'Corporation'},
{'industry': 'Luxury Accessories',
'location': 'United States',
'name': 'Dooney & Bourke',
'size': 'Mid',
'type': 'Corporation'},
{'industry': 'Manufacturing',
'name': 'Greenball',
'type': 'Corporation'},
{'industry': 'Chemicals',
'location': 'Japan',
'name': 'Sumitomo Chemical',
'size': 'Large',
'type': 'Corporation'},
{'industry': 'Automotive',
'location': 'Saudi Arabia',
'name': 'Aljomaih Automotive Company (AAC)',
'size': 'Large',
'type': 'Corporation'}],
'attack_vector': ['Zero-Day Exploit (CVE-2025-61882, CVE-2025-21884)',
'Unauthenticated HTTP Requests',
'Data Exfiltration'],
'customer_advisories': ['Companies advised to monitor for data leaks on '
'Cl0p’s blog or dark web marketplaces'],
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Corporate Data',
'Customer Data',
'Sensitive Business '
'Information']},
'date_detected': '2023-09-01',
'date_publicly_disclosed': '2023-11-20',
'description': 'The cybercriminal group Cl0p exploited two zero-day '
'vulnerabilities (CVE-2025-61882 and CVE-2025-21884) in '
'Oracle’s E-Business Suite (EBS), leading to data breaches in '
'over 100 companies, including Broadcom, Estée Lauder, Mazda, '
'and Canon. The group demanded significant ransom payments, '
'threatening to leak or sell exfiltrated data if unpaid. '
'Oracle issued security patches, but the attacks had already '
'compromised sensitive corporate and customer data across '
'multiple industries and geographies.',
'impact': {'brand_reputation_impact': 'High (public disclosure of breaches, '
'ransom demands)',
'data_compromised': True,
'identity_theft_risk': 'High (PII and sensitive corporate data '
'exfiltrated)',
'operational_impact': 'Significant (data exfiltration, potential '
'system compromise)',
'systems_affected': ['Oracle E-Business Suite (EBS) versions '
'12.2.3–12.2.14']},
'initial_access_broker': {'data_sold_on_dark_web': True,
'entry_point': ['Zero-day vulnerabilities in Oracle '
'EBS (CVE-2025-61882, '
'CVE-2025-21884)'],
'high_value_targets': ['Fortune 500 companies '
'(e.g., Broadcom, Estée '
'Lauder)',
'Multinational corporations '
'with Oracle EBS '
'dependencies'],
'reconnaissance_period': 'Since late September 2023 '
'(pre-exploitation '
'activity)'},
'investigation_status': 'Ongoing (Cl0p’s data leak timeline suggests delayed '
'public exposure)',
'lessons_learned': 'Supplier vulnerabilities in enterprise software (e.g., '
'Oracle EBS) can cascade into large-scale breaches across '
'industries. Proactive patch management and supply chain '
'risk monitoring (e.g., via SCRM platforms like Z2Data) '
'are critical to mitigating third-party risks. Cl0p’s '
'delayed data leak strategy highlights the importance of '
'rapid incident response to prevent public exposure of '
'sensitive data.',
'motivation': 'Financial Gain (Ransomware Extortion)',
'post_incident_analysis': {'corrective_actions': ['Immediate application of '
'Oracle-provided security '
'patches.',
'Enhanced supplier risk '
'assessments using SCRM '
'platforms (e.g., Z2Data).',
'Implementation of '
'behavioral WAFs or anomaly '
'detection for Oracle EBS '
'environments.',
'Review of third-party '
'software dependencies for '
'similar vulnerabilities.'],
'root_causes': ['Unpatched zero-day '
'vulnerabilities in Oracle EBS '
'(CVE-2025-61882, CVE-2025-21884).',
'Lack of real-time monitoring for '
'unauthenticated HTTP requests '
'targeting critical components (BI '
'Publisher, Configurator UI).',
'Supplier risk blind spots in '
'enterprise software supply '
'chains.']},
'ransomware': {'data_exfiltration': True,
'ransom_demanded': True,
'ransomware_strain': 'Cl0p (Clop)'},
'recommendations': ['Apply Oracle security patches for CVE-2025-61882 and '
'CVE-2025-21884 immediately.',
'Implement supply chain risk management (SCRM) tools to '
'assess third-party vendor vulnerabilities (e.g., '
'Z2Data).',
'Enhance monitoring for unauthenticated HTTP requests '
'targeting Oracle EBS components.',
'Conduct regular audits of enterprise software for '
'zero-day vulnerabilities.',
'Develop and test incident response plans for ransomware '
'attacks, including data exfiltration scenarios.',
'Evaluate the need for network segmentation to limit '
'lateral movement in case of breaches.'],
'references': [{'source': 'U.S. Cybersecurity and Infrastructure Security '
'Agency (CISA)'},
{'source': 'UK National Cyber Security Centre (NCSC)'},
{'source': 'Mandiant (Google-owned cybersecurity firm)'},
{'source': 'Oracle Security Alerts (CVE-2025-61882, '
'CVE-2025-21884)'},
{'source': 'Z2Data Supplier Risk Analysis',
'url': 'https://www.z2data.com'}],
'response': {'communication_strategy': ['Oracle security alerts to customers',
'Public disclosure via media'],
'containment_measures': ['Oracle security patches '
'(CVE-2025-61882, CVE-2025-21884)'],
'incident_response_plan_activated': True,
'remediation_measures': ['Patch application for Oracle EBS '
'vulnerabilities'],
'third_party_assistance': ['Mandiant (Google-owned cybersecurity '
'firm)']},
'stakeholder_advisories': ['Oracle security alerts urging immediate patching',
'Mandiant’s analysis of Cl0p’s modus operandi'],
'threat_actor': 'Cl0p (Clop)',
'title': 'Cl0p Exploits Zero-Day Vulnerabilities in Oracle E-Business Suite '
'Leading to Massive Data Breaches',
'type': ['Ransomware', 'Data Breach', 'Zero-Day Exploit'],
'vulnerability_exploited': [{'affected_versions': ['Oracle EBS 12.2.3',
'Oracle EBS 12.2.4',
'Oracle EBS 12.2.5',
'Oracle EBS 12.2.6',
'Oracle EBS 12.2.7',
'Oracle EBS 12.2.8',
'Oracle EBS 12.2.9',
'Oracle EBS 12.2.10',
'Oracle EBS 12.2.11',
'Oracle EBS 12.2.12',
'Oracle EBS 12.2.13',
'Oracle EBS 12.2.14'],
'cve_id': 'CVE-2025-61882',
'description': 'Vulnerability in BI Publisher '
'Integration allowing '
'unauthenticated attackers to '
'send crafted HTTP requests for '
'full system compromise.'},
{'affected_versions': ['Oracle EBS 12.2.3',
'Oracle EBS 12.2.4',
'Oracle EBS 12.2.5',
'Oracle EBS 12.2.6',
'Oracle EBS 12.2.7',
'Oracle EBS 12.2.8',
'Oracle EBS 12.2.9',
'Oracle EBS 12.2.10',
'Oracle EBS 12.2.11',
'Oracle EBS 12.2.12',
'Oracle EBS 12.2.13',
'Oracle EBS 12.2.14'],
'cve_id': 'CVE-2025-21884',
'description': 'Vulnerability in Runtime UI of '
'Oracle Configurator allowing '
'unauthorized access to '
'critical/sensitive data via '
'HTTP.'}]}