A ransomware group’s claim of infiltrating Broadcom through a critical Oracle zero-day has raised fresh concerns about the security of enterprise financial systems. While the company insists its core operations remain unaffected, newly surfaced details from researchers and threat-intelligence teams point to a months-long exploitation campaign that touched at least 29 organizations worldwide.
A High-Severity Oracle Flaw at the Center of a Global Campaign
Broadcom, one of the world’s largest semiconductor and infrastructure software providers, has confirmed it was targeted in a hacking campaign exploiting a critical zero-day vulnerability in Oracle’s E-Business Suite, widely used for corporate accounting and finance.
The vulnerability CVE-2025-61882, rated 9.8 on the CVSS severity scale allowed attackers to execute arbitrary code without authentication. Security analysts say the flaw existed in Oracle’s Business Intelligence Publisher integration within the Concurrent Processing module, effectively granting attackers system-level control.
Though Oracle released emergency patches in October 2024, organizations running older deployments or delayed maintenance cycles remained exposed. According to security researchers at Google’s Threat Intelligence Group and Mandiant, exploitation began as early as August 9, 2025, with reconnaissance traced back to July 10.
Cl0p Claims Responsibility as Extortion Emails Expand
The ransomware group Cl0p, known for high-impact supply-chain intrusions, has taken credit for the breach. The group allegedly combined the zero-day with other previously patched vulnerabilities to deepen access across enterprise networks. Recently published entries on Cl0p’s data-leak site claim the broader campaign compromised at least 29 organizations, spanning sectors from telecommunications to financial services.
To make their extortion attempts more credible, attackers used hacked third-party email accounts purchased through infostealer markets, bypassing spam filters and disguising their messages as legitimate internal communications. A coordinated blackmail campaign began in September, hitting executives at multiple firms simultaneously.
Algoritha Prepares You for Seamless DPDP Compliance — Contact Us for Complete Implementation Support
Broadcom Responds, Downplays Operational Impact
In a statement to Cybersecuritynews.com, a Broadcom spokesperson said cybercriminals had “exploited zero-day vulnerabilities in the Oracle product” but insisted the company had already forensically examined and patched its Oracle environment.
“Broadcom operations are unaffected,” the spokesperson said, adding that the company is “confident in the integrity” of its financial systems. Even if limited data tied to Oracle were disclosed, Broadcom said it “does not expect” the exposure to pose significant risk to customers, vendors, partners or employees.
Still, researchers warn that attackers may have accessed internal ERP archives, design documentation, and semiconductor-related files — sensitive information with potential implications for Broadcom’s vast supply-chain ecosystem.
Warnings for the Industry as Patch Gaps Persist
Security analysts note that the attack was enabled not by novel malware but by long-standing gaps in patching Oracle’s older E-Business Suite installations. Many organizations still fail to apply updates promptly due to operational downtime concerns or the complexity of enterprise ERP deployments.
Experts are urging immediate action, recommending:
- Patching all instances of Oracle E-Business Suite
- Monitoring for suspicious POST requests to /OA_HTML/SyncServlet
- Reviewing access logs for signs of lateral movement
- Hardening older integration points such as BI Publisher endpoints.
