(Credit: Andrew Harnik via Getty Images)
Don't miss out on our latest stories. Add PCMag as a preferred source on Google.
The Washington Post is among the organizations hit by a large-scale cybercrime campaign that targeted Oracle's business applications, joining Harvard University and American Airlines-owned carrier Envoy, which announced similar breaches last month.
The Post didn't say what, if any, data had been lost. However, the news, first reported by Reuters, comes after Google’s Mandiant team warned that it had been "tracking a new, large-scale extortion campaign" from the Clop ransomware gang. The scammers sent "a high volume of emails to executives at numerous organizations, alleging the theft of sensitive data from the victims' Oracle E-Business Suite (EBS) environments."
Oracle has released several patches, and warns that the "vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. If successfully exploited, this vulnerability may result in remote code execution."
Google said last month that Clop exploited a zero-day bug against Oracle EBS customers "weeks before a patch was available, with additional suspicious activity dating back to July 10, 2025," adding that "in some cases, the threat actor successfully exfiltrated a significant amount of data from impacted organizations."
Certis Foster, senior threat hunter lead at Deepwatch, tells SC Media that there could be more victims since the Clop group "tends to wait a few weeks before posting data to put pressure on ransom payments." Once inside, however, "they gain privileged access to financial data, HR records, supplier systems, and core operational workflows," says Heath Renfrow, co-founder and chief information security officer at Fenix24.