Cl0p Oracle EBS supply chain campaign impacting multiple organizations
Campaign
Summary
Hide ▲
Show ▼
A Cl0p-linked Oracle EBS supply chain campaign is continuing, with around 100 organizations believed affected over the past two months. The growing disclosure list means the operation’s reach now spans major universities, media, and commercial organizations, increasing the risk of follow-on fraud and phishing. The exposed material was later posted on the dark web, reinforcing that the campaign remains operationally active.
Related Happenings
Oracle PeopleSoft broad zero-day exploitation campaign
Exploitation Wave
H score82
First: 29.06.2026 13:00
Last: 29.06.2026 13:00
Sources 1
About this happening:
A **broad PeopleSoft zero-day exploitation campaign** exposed **multiple organizations** to compromise after attackers abused a **previously unknown Oracle PeopleSoft vulnerabilit...
Oracle PeopleSoft broad zero-day exploitation campaign
Exploitation WaveAbout this happening: A **broad PeopleSoft zero-day exploitation campaign** exposed **multiple organizations** to compromise after attackers abused a **previously unknown Oracle PeopleSoft vulnerabilit...
ShinyHunters Oracle PeopleSoft data theft and extortion campaign
Campaign
H score60
First: 10.06.2026 21:31
Last: 10.06.2026 21:31
Sources 1
About this happening:
**ShinyHunters**/**UNC6240** used **CVE-2026-35273** in **Oracle PeopleSoft Enterprise PeopleTools** as a **zero-day** to break into exposed systems, steal data, and extort victim...
ShinyHunters Oracle PeopleSoft data theft and extortion campaign
CampaignAbout this happening: **ShinyHunters**/**UNC6240** used **CVE-2026-35273** in **Oracle PeopleSoft Enterprise PeopleTools** as a **zero-day** to break into exposed systems, steal data, and extort victim...
Latest development: 29.06.2026 23:40
Nissan says attackers exploited an Oracle PeopleSoft vulnerability in a ShinyHunters-linked campaign and that the company was specifically targeted, with personal information for current and former employees in the United States, Canada, Mexico, and Brazil potentially exposed. Nissan says the material may include employee contact information, banking information, Social Security numbers, Social Insurance Numbers, National Identification Numbers, financial and tax information, and dependent and beneficiary information, and the company has activated incident response, engaged external cybersecurity experts, secured affected systems, and is working with Oracle.
Cl0p Oracle E-Business Suite zero-day extortion campaign
Campaign
H score37
First: 02.03.2026 15:53
Last: 02.03.2026 15:53
Sources 1
About this happening:
The **Cl0p ransomware and extortion group** is running an **Oracle E-Business Suite** extortion campaign that used **zero-day vulnerabilities** to access data from **more than 100...
Cl0p Oracle E-Business Suite zero-day extortion campaign
CampaignAbout this happening: The **Cl0p ransomware and extortion group** is running an **Oracle E-Business Suite** extortion campaign that used **zero-day vulnerabilities** to access data from **more than 100...
Madison Square Garden hit by network compromise linked to Cl0p
Incident
H score38
First: 02.03.2026 15:53
Last: 02.03.2026 15:53
Sources 1
About this happening:
**Madison Square Garden** confirmed a **data breach** that exposed **names and SSNs**, and it has started notifying affected people. The compromise involved a **hosted Oracle E-Bu...
Madison Square Garden hit by network compromise linked to Cl0p
IncidentAbout this happening: **Madison Square Garden** confirmed a **data breach** that exposed **names and SSNs**, and it has started notifying affected people. The compromise involved a **hosted Oracle E-Bu...
TikTok U.S. joint venture under September 2025 executive order
Public Sector Action
H score77
First: 23.01.2026 13:30
Last: 23.01.2026 13:30
Sources 1
About this happening:
The U.S.-backed **TikTok USDS Joint Venture LLC** now lets **TikTok** keep operating in the **U.S.**, changing ownership and security oversight for a platform used by **over 200 m...
TikTok U.S. joint venture under September 2025 executive order
Public Sector ActionAbout this happening: The U.S.-backed **TikTok USDS Joint Venture LLC** now lets **TikTok** keep operating in the **U.S.**, changing ownership and security oversight for a platform used by **over 200 m...
Timeline
-
08.12.2025 11:30 2 articles · 7mo ago
Cl0p Oracle EBS campaign reaches Barts Health
Campaign Scope UpdateBarts Health disclosed that Cl0p stole files from an Oracle E-Business Suite (EBS) invoice database and posted them on the dark web, exposing names and addresses linked to people liable for treatment or services. The trust said its electronic patient records, clinical systems and core IT infrastructure were unaffected, that it was working with NHS England, the National Cyber Security Centre, the Metropolitan Police and the Information Commissioner's Office, and that the wider Oracle EBS supply chain campaign has affected around 100 organizations including Harvard University, Allianz UK, The Washington Post, Dartmouth College, University of Pennsylvania, Broadcom and Abbott Laboratories.
Show sources
- Barts Health Seeks High Court Ban After Oracle EBS Breach — www.infosecurity-magazine.com — 08.12.2025 11:30
- Barts Health Seeks High Court Ban After Oracle EBS Breach — www.infosecurity-magazine.com — 08.12.2025 11:30