New Clop ransomware campaign sets sights on Gladinet CentreStack servers

Online Gladinet CentreStack file servers are already being scoured and compromised by the Clop ransomware group as part of a new data extortion campaign, reports BleepingComputer. "From recent port scan data, there appears to be at least 200+ unique IPs running the 'CentreStack - Login' HTTP Title, making them potential targets of CLOP who is exploiting an unknown CVE (n-day or zero-day) in these systems," according to Curated Intelligence researchers. Such a development follows Clop's streak of targeting vulnerable secure file transfer solutions, the most recent of which involved the exploitation of an Oracle E-Business Suite zero-day flaw, tracked as CVE-2025-61882, to breach more than 100 organizations, including GlobalLogic, Logitech, Envoy Air, Harvard University, the University of Pennsylvania, and The Washington Post. Increasingly prevalent and damaging intrusions launched by Clop had already prompted the U.S. State Department to offer a $10 million bounty on any information establishing the group's association with a nation-state.