Remember this Oracle vulnerability that is far from trivial? It now has its first confirmed victim outside of Oracle. And unfortunately for Oracle, it’s Harvard. Yes. That Harvard.
The cybercrime group Cl0p is now seemingly reaping the harvest after it successfully exploited a critical zero-day bug in Oracle’s E-Business Suite (EBS). Hundreds of companies and organizations – all Oracle clients – were allegedly compromised.
One of them is apparently Harvard University, which uses EBS for various administrative functions. Now, Cl0P, essentially a digital organized crime ring, has claimed it had stolen data from the prestigious school.
And:
According to Cybernews researchers, Cl0p has shared 1.4TB of data on its leak site. This data originates from Harvard’s servers hosted by Oracle.
The published data includes logs and reports from Harvard’s internal payment system as well as source code for various internal tools. Cybernews research team has analyzed the data and says it includes references that strongly suggest that it was indeed taken from OBS systems.
Anders Askasen, VP of Product Marketing, Radiant Logic had this to say:
“The Harvard breach tied to the Oracle EBS exploitation highlights a recurring truth: complexity is the adversary of security. When identity and data silos persist, visibility evaporates, and the ability to trace who has access to what becomes guesswork. Systems like Oracle EBS sit at the heart of enterprise operations — rich in sensitive HR and financial data, yet notoriously hard to govern across hybrid infrastructures. Resilience begins with a unified identity data foundation and continuous observability that enable organizations to detect exposures in real time, contain and act with precision, and restore confidence through verifiable facts rather than assumptions”
Will Baxter, Field CISO, Team Cymru follows with this comment:
“This threat highlights the importance of egress filtering and monitoring where files are downloaded from. This operation appears to have exploited the vulnerability weeks ahead of patch release, indicating early access or a brokered exploit. Detecting these campaigns early depends on correlating outbound anomalies, C2 beaconing, and shared infrastructure across sectors. The only scalable defense is collective intelligence — connecting enterprise telemetry with trusted partners before the stolen data surfaces publicly.”
Gunter Ollmann, CTO, Cobalt adds this comment:
“This campaign underscores the growing sophistication of financially motivated groups exploiting enterprise software supply chains. The attackers didn’t rely on a single exploit—they combined zero-day vulnerabilities with custom malware to maximize access before detection. It’s another reminder that penetration testing can’t stop at application edges; enterprises must stress-test complex ERP systems as part of their attack surface. Increasingly, the focus must shift toward offensive security services that continuously test not just applications, but also the effectiveness of defense-in-depth systems and SOC teams. Regular, adversarial testing provides the real-world validation organizations need to ensure their layered defenses perform as intended when it matters most.”
Sucks to be Harvard. And it sucks even more to be Oracle who’s senior management have to be reconsidering their life choices at this point. Because they know that there will be more fallout, and the lawsuits that follow that fallout.
Like this:
Like Loading...
Related
This entry was posted on October 14, 2025 at 12:27 pm and is filed under Commentary with tags Hacked, Oracle. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Harvard Has Apparently Been Pwned Via The Oracle Vulnerability
Remember this Oracle vulnerability that is far from trivial? It now has its first confirmed victim outside of Oracle. And unfortunately for Oracle, it’s Harvard. Yes. That Harvard.
The cybercrime group Cl0p is now seemingly reaping the harvest after it successfully exploited a critical zero-day bug in Oracle’s E-Business Suite (EBS). Hundreds of companies and organizations – all Oracle clients – were allegedly compromised.
One of them is apparently Harvard University, which uses EBS for various administrative functions. Now, Cl0P, essentially a digital organized crime ring, has claimed it had stolen data from the prestigious school.
And:
According to Cybernews researchers, Cl0p has shared 1.4TB of data on its leak site. This data originates from Harvard’s servers hosted by Oracle.
The published data includes logs and reports from Harvard’s internal payment system as well as source code for various internal tools. Cybernews research team has analyzed the data and says it includes references that strongly suggest that it was indeed taken from OBS systems.
Anders Askasen, VP of Product Marketing, Radiant Logic had this to say:
“The Harvard breach tied to the Oracle EBS exploitation highlights a recurring truth: complexity is the adversary of security. When identity and data silos persist, visibility evaporates, and the ability to trace who has access to what becomes guesswork. Systems like Oracle EBS sit at the heart of enterprise operations — rich in sensitive HR and financial data, yet notoriously hard to govern across hybrid infrastructures. Resilience begins with a unified identity data foundation and continuous observability that enable organizations to detect exposures in real time, contain and act with precision, and restore confidence through verifiable facts rather than assumptions”
Will Baxter, Field CISO, Team Cymru follows with this comment:
“This threat highlights the importance of egress filtering and monitoring where files are downloaded from. This operation appears to have exploited the vulnerability weeks ahead of patch release, indicating early access or a brokered exploit. Detecting these campaigns early depends on correlating outbound anomalies, C2 beaconing, and shared infrastructure across sectors. The only scalable defense is collective intelligence — connecting enterprise telemetry with trusted partners before the stolen data surfaces publicly.”
Gunter Ollmann, CTO, Cobalt adds this comment:
“This campaign underscores the growing sophistication of financially motivated groups exploiting enterprise software supply chains. The attackers didn’t rely on a single exploit—they combined zero-day vulnerabilities with custom malware to maximize access before detection. It’s another reminder that penetration testing can’t stop at application edges; enterprises must stress-test complex ERP systems as part of their attack surface. Increasingly, the focus must shift toward offensive security services that continuously test not just applications, but also the effectiveness of defense-in-depth systems and SOC teams. Regular, adversarial testing provides the real-world validation organizations need to ensure their layered defenses perform as intended when it matters most.”
Sucks to be Harvard. And it sucks even more to be Oracle who’s senior management have to be reconsidering their life choices at this point. Because they know that there will be more fallout, and the lawsuits that follow that fallout.
Share this:
Like this:
Related
This entry was posted on October 14, 2025 at 12:27 pm and is filed under Commentary with tags Hacked, Oracle. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.