Harvard University confirmed it was breached through a critical zero-day vulnerability in Oracle's E-Business Suite system. The flaw, tracked as CVE-2025-61882, allows attackers to remotely access systems without authentication. The notorious Clop ransomware gang exploited this vulnerability, adding Harvard to their dark web leak site and claiming to have stolen university data.
The attack is part of a broader campaign that began on September 29, though evidence suggests Clop may have been exploiting this vulnerability as early as August 9 - weeks before Oracle released a patch. Harvard says the breach impacted "a limited number of parties associated with a small administrative unit" and they've found no evidence of further system compromise after applying Oracle's patch.
Source: Dark Reading