Clop ransomware gang campaign expands across multiple victims
Campaign
Summary
Hide ▲
Show ▼
A Clop extortion campaign is actively stealing data from Oracle E-Business Suite customers using CVE-2025-61882, putting multiple organizations at risk of theft and leak-site exposure. The operation has been running since early August 2025 and has already affected victims across sectors. Some stolen data has been posted on a dark web leak site and offered via Torrent, increasing extortion pressure on targeted organizations.
Related Happenings
Oracle E-Business Suite unauth HTTP takeover security flaw (CVE-2026-46817)
Vulnerability
H score52
First: 29.06.2026 16:46
Last: 29.06.2026 16:46
Sources 1
About this happening:
**Oracle E-Business Suite** **CVE-2026-46817** is under **active exploitation**, putting **Oracle Payments** deployments at takeover risk. The flaw allows **unauthenticated HTTP a...
Oracle E-Business Suite unauth HTTP takeover security flaw (CVE-2026-46817)
VulnerabilityAbout this happening: **Oracle E-Business Suite** **CVE-2026-46817** is under **active exploitation**, putting **Oracle Payments** deployments at takeover risk. The flaw allows **unauthenticated HTTP a...
Oracle E-Business Suite May 2026 Critical Security Patch Update (CVE-2026-46817)
Security Patch Release
H score53
First: 29.06.2026 16:46
Last: 29.06.2026 16:46
Sources 1
About this happening:
**Oracle**'s **May 2026 Critical Security Patch Update** addressed **CVE-2026-46817** in **Oracle E-Business Suite**, a **critical** flaw in **Oracle Payments** that could let an...
Oracle E-Business Suite May 2026 Critical Security Patch Update (CVE-2026-46817)
Security Patch ReleaseAbout this happening: **Oracle**'s **May 2026 Critical Security Patch Update** addressed **CVE-2026-46817** in **Oracle E-Business Suite**, a **critical** flaw in **Oracle Payments** that could let an...
Oracle PeopleSoft broad zero-day exploitation campaign
Exploitation Wave
H score82
First: 29.06.2026 13:00
Last: 29.06.2026 13:00
Sources 1
About this happening:
A **broad PeopleSoft zero-day exploitation campaign** exposed **multiple organizations** to compromise after attackers abused a **previously unknown Oracle PeopleSoft vulnerabilit...
Oracle PeopleSoft broad zero-day exploitation campaign
Exploitation WaveAbout this happening: A **broad PeopleSoft zero-day exploitation campaign** exposed **multiple organizations** to compromise after attackers abused a **previously unknown Oracle PeopleSoft vulnerabilit...
ShinyHunters Oracle PeopleSoft data theft from 300 instances
Data Leak
H score46
First: 11.06.2026 22:39
Last: 11.06.2026 22:39
Sources 1
About this happening:
The **ShinyHunters** data-leak event against **Oracle PeopleSoft** instances exposed data from **300 instances** across **100+ organizations**, expanding the risk of theft-driven...
ShinyHunters Oracle PeopleSoft data theft from 300 instances
Data LeakAbout this happening: The **ShinyHunters** data-leak event against **Oracle PeopleSoft** instances exposed data from **300 instances** across **100+ organizations**, expanding the risk of theft-driven...
Oracle PeopleSoft PeopleTools zero-day RCE (CVE-2026-35273)
Vulnerability
H score58
First: 11.06.2026 22:39
Last: 11.06.2026 22:39
Sources 1
About this happening:
**Oracle PeopleSoft PeopleTools CVE-2026-35273** is a critical **zero-day RCE** affecting **PeopleSoft Enterprise PeopleTools 8.61 and 8.62**. Oracle released **emergency mitigati...
Oracle PeopleSoft PeopleTools zero-day RCE (CVE-2026-35273)
VulnerabilityAbout this happening: **Oracle PeopleSoft PeopleTools CVE-2026-35273** is a critical **zero-day RCE** affecting **PeopleSoft Enterprise PeopleTools 8.61 and 8.62**. Oracle released **emergency mitigati...
Latest development: 29.06.2026 23:40
Nissan says it suffered a data breach affecting current and former employees after attackers exploited an Oracle PeopleSoft zero-day associated with CVE-2026-35273. Oracle informed Nissan that personnel records of hundreds of companies may have been obtained and that Nissan was specifically targeted, with potentially exposed data including contact details, banking information, Social Security numbers, Social Insurance Numbers, National Identification Numbers, financial and tax information, and dependent and beneficiary data for employees in the United States, Canada, Mexico, and Brazil.
Timeline
-
02.12.2025 14:55 1 articles · 7mo ago
Penn determines personal information was among Oracle EBS data obtained
Victim Impact UpdateOn November 11, 2025, the University of Pennsylvania determined that an affected person's personal information was among the data obtained from Penn's Oracle E-Business Suite environment after unauthorized access to Oracle EBS files; Penn said it had not found evidence that the stolen information was misused or leaked online.
Show sources
- University of Pennsylvania confirms new data breach after Oracle hack — www.bleepingcomputer.com — 02.12.2025 14:55
-
02.12.2025 14:55 2 articles · 7mo ago
Penn discloses Oracle EBS breach to affected people and Maine regulators
Initial DisclosureThe University of Pennsylvania publicly disclosed a new Oracle E-Business Suite breach on December 2, 2025, saying attackers stole documents containing personal information from Penn's Oracle EBS servers in August and that the university filed a breach notification with Maine's Attorney General; Penn said it still had not found evidence that the stolen information was misused or leaked online, and the broader incident was linked to a Clop extortion campaign exploiting CVE-2025-61882.
Show sources
- University of Pennsylvania confirms new data breach after Oracle hack — www.bleepingcomputer.com — 02.12.2025 14:55
- University of Pennsylvania confirms new data breach after Oracle hack — www.bleepingcomputer.com — 02.12.2025 14:55