Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Clop ransomware gang campaign expands across multiple victims

Campaign
First reported
Last updated
Happening score
H score 62
1 unique sources, 1 articles

Summary

Hide ▲

A Clop extortion campaign is actively stealing data from Oracle E-Business Suite customers using CVE-2025-61882, putting multiple organizations at risk of theft and leak-site exposure. The operation has been running since early August 2025 and has already affected victims across sectors. Some stolen data has been posted on a dark web leak site and offered via Torrent, increasing extortion pressure on targeted organizations.

Related Happenings

Madison Square Garden hit by network compromise linked to Cl0p

Incident
First: 02.03.2026 15:53 Last: 02.03.2026 15:53 Sources 1

About this happening: **Madison Square Garden** confirmed a **data breach** that exposed **names and SSNs**, and it has started notifying affected people. The compromise involved a **hosted Oracle E-Bu...

Open Happening

ShinyHunters data-leak site exposing stolen attack data

Data Leak
First: 31.01.2026 17:02 Last: 31.01.2026 17:02 Sources 1

About this happening: The **ShinyHunters** extortion gang launched a **data-leak site**, beginning to publish data tied to the theft campaign and raising the exposure risk for victims.

Open Happening

Rising encryptionless extortion incidents against enterprises in 2025

Target Trend
First: 15.01.2026 17:45 Last: 15.01.2026 17:45 Sources 1

About this happening: **Encryptionless extortion** surged in **2025** as attackers increasingly skipped ransomware encryption and instead stole data to pressure victims across **enterprise environments...

Open Happening

Korean Air employee data leak via KC&D breach

Data Leak
First: 29.12.2025 15:08 Last: 29.12.2025 15:08 Sources 1

About this happening: The airline disclosed a **data breach** that exposed employee **names** and **bank account numbers**, creating fraud and impersonation risk for **Korean Air** staff. The leak foll...

Open Happening

Baker University hit by cyberattack

Incident
First: 23.12.2025 11:50 Last: 23.12.2025 11:50 Sources 1

About this happening: **Baker University** disclosed a **network breach** that exposed personal, health, and financial records affecting **53,624 individuals**. Attackers had access to the university's...

Open Happening

Timeline

  1. 02.12.2025 14:55 1 articles · 5mo ago

    Penn determines personal information was among Oracle EBS data obtained

    Victim Impact Update

    On November 11, 2025, the University of Pennsylvania determined that an affected person's personal information was among the data obtained from Penn's Oracle E-Business Suite environment after unauthorized access to Oracle EBS files; Penn said it had not found evidence that the stolen information was misused or leaked online.

    Show sources
    Open in new tab
  2. 02.12.2025 14:55 2 articles · 5mo ago

    Penn discloses Oracle EBS breach to affected people and Maine regulators

    Initial Disclosure

    The University of Pennsylvania publicly disclosed a new Oracle E-Business Suite breach on December 2, 2025, saying attackers stole documents containing personal information from Penn's Oracle EBS servers in August and that the university filed a breach notification with Maine's Attorney General; Penn said it still had not found evidence that the stolen information was misused or leaked online, and the broader incident was linked to a Clop extortion campaign exploiting CVE-2025-61882.

    Show sources
    Open in new tab