Cl0p Ransomware Gang Names 29 Victims in Oracle EBS Hack Campaign

Cl0p ransomware hits 29 firms, leaks data; targets include Harvard, Envoy Air, and more. Exploited Oracle EBS flaws CVE-2025-61882/84.

By Content Team

Nov 10, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

The Cl0p ransomware group has publicly named 29 organizations allegedly hit in a cyberattack targeting Oracle's E-Business Suite customers. The campaign, linked to threat actor FIN11, involved extortion emails sent to executives in late September.

Confirmed victims include Harvard University, South Africa's Wits University, American Airlines subsidiary Envoy Air, and The Washington Post. Major corporations like Schneider Electric, Emerson, Logitech, and Cox Enterprises appear on the list but haven't confirmed breaches.

The hackers leaked data from 18 victims, sometimes releasing terabytes of files. The attacks likely exploited Oracle EBS vulnerabilities CVE-2025-61882 and CVE-2025-61884, which allow remote access without authentication. Most targeted organizations remain silent while conducting investigations.

Source: SecurityWeek

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Fake Fortinet Sites Steal VPN Credentials Using AI Search Summaries

Jan 10, 2026

Qilin Ransomware Targets Small Businesses Through Basic Security Gaps

Nov 11, 2025

Cox Confirms Oracle EBS Hack as Cybercriminals Name 100 Alleged Victims

Nov 24, 2025

Microsoft Kicks Off 2026 With 112 Security Patches, Including Active Zero-Day Attack

Jan 14, 2026