Harvard University has confirmed it was affected by a global cyber campaign exploiting a flaw in Oracle’s E-Business Suite. The attack, linked to the Cl0p ransomware group, targeted over 100 organisations worldwide, prompting urgent patching and investigation.
The Legal Practice Board of WA is notifying victims of a major data breach that took place in May after a ransomware attack by the Dire Wolf group compromised sensitive practitioner data.
Elite Washington D.C. law firm Williams & Connolly, has confirmed a nation-state-backed cyberattack. The breach leveraged a zero-day vulnerability to access attorney email accounts, part of a broader espionage campaign targeting the US legal sector.
Harvard University has confirmed it was affected by a global cyber campaign exploiting a flaw in Oracle’s E-Business Suite. The attack, linked to the Cl0p ransomware group, targeted over 100 organisations worldwide, prompting urgent patching and investigation.
Cyber News Centre's cyber update for 15th October 2025: Harvard University has confirmed it was affected by a global cyber campaign exploiting a vulnerability in Oracle’s E-Business Suite (EBS), a business software platform used by thousands of organisations worldwide. The attack, linked to the Cl0p ransomware group, is part of a coordinated operation targeting enterprise systems since mid-2025.
The Update: A Harvard University Information Technology spokesperson confirmed that while the university was affected, the breach impacted only “a limited number of parties associated with a small administrative unit.” The spokesperson said there is “no evidence of compromise to other University systems” and confirmed that a patch has been applied.
The incident aligns with a global exploitation campaign tracked by Google’s Threat Intelligence Group and Mandiant, which found more than 100 organisations had been targeted since at least July 2025. Security firms including CrowdStrike have reported that attacks began in mid-2025, coinciding with a wave of extortion attempts sent to executives. Oracle acknowledged the campaign on 2 October, confirming that vulnerabilities in EBS had been fixed in earlier updates. A follow-up advisory urged all users running Oracle EBS versions 12.2.3 through 12.2.14 to install the latest patches.
The vulnerability, tracked as CVE-2025-61882, was added to the U.S. Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities catalog on 6 October, confirming active exploitation by threat actors. Analysis from Google revealed that the attackers deployed Java-based implants to extract data from EBS environments while avoiding detection.
While Harvard was named on Cl0p’s dark web site, the group has not released any data, and no ransom demands or confirmed data publications have been reported by Harvard, Oracle, or the involved cybersecurity firms. The investigation remains ongoing.
Why It Matters: This case underscores the global reach and sophistication of the Cl0p group, which has a history of exploiting enterprise software vulnerabilities to launch large-scale extortion campaigns. The exploitation of Oracle’s EBS, a critical platform for managing sensitive corporate and institutional data, demonstrates the increasing risk posed by supply chain and software-layer vulnerabilities.
Harvard’s limited exposure is notable, but the broader campaign highlights how a single unpatched flaw in widely used enterprise systems can trigger cascading consequences across sectors. The attack reinforces the importance of continuous patch management, proactive threat monitoring, and coordination between software vendors and customers to close security gaps before adversaries can exploit them.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
The Legal Practice Board of WA is notifying victims of a major data breach that took place in May after a ransomware attack by the Dire Wolf group compromised sensitive practitioner data.
Elite Washington D.C. law firm Williams & Connolly, has confirmed a nation-state-backed cyberattack. The breach leveraged a zero-day vulnerability to access attorney email accounts, part of a broader espionage campaign targeting the US legal sector.
A third-party data breach at Discord has exposed the government-issued IDs of 70,000 users, highlighting the significant security risks associated with supply chain vulnerabilities and age verification processes. The incident has sparked extortion demands and raised concerns for Australian users.
Japan's largest brewer, Asahi Group Holdings, has confirmed a ransomware attack by the Qilin group, resulting in production shutdowns and the theft of 27GB of corporate data.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
