The Washington Post was impacted by a data theft campaign involving the Clop ransomware group, which exploited a zero-day vulnerability in Oracle E-Business Suite. The breach affected nearly 10,000 employees and contractors, exposing personal information such as names, bank account details, and social security numbers. The company learned of the breach from a bad actor on September 29 and confirmed the data compromise by October 27, but it did not clarify the delay in assessing the stolen data.
Oracle released a patch for the vulnerability (CVE-2025-61882) on October 4 after being alerted to extortion emails sent to customers. Clop’s method involved exploiting multiple vulnerabilities, leading to significant data access and extortion demands reaching up to $50 million. The incident reflects a broader trend of Clop targeting various technology vendors and utilizing their systems to threaten a wide array of their clients, further emphasizing the security risks associated with third-party services and vulnerabilities.
👉 Pročitaj original: CyberScoop
