A zero-day vulnerability in Oracle E-Business Suite led to a massive breach at the Washington Post, exposing personal and financial data of 9,720 employees and contractors. The attack is linked to the Clop ransomware group.
Between July 10 and August 22, threat actors gained unauthorized access to parts of the Washington Post’s internal systems by exploiting an unknown-at-the-time vulnerability in Oracle E-Business Suite, a widely used ERP platform handling HR, finance, and supply chain data.
In late September, hackers contacted the news organization claiming responsibility for the breach and attempting extortion. During the ongoing investigation, Oracle publicly disclosed the zero-day — now tracked as CVE-2025-61884 — confirming widespread exploitation affecting numerous companies.
Other victims of the same exploit include Harvard University, Envoy Air (American Airlines), and Hitachi GlobalLogic, with many more listed on Clop’s leak site.
The investigation concluded on October 27, revealing the exposure of:
full names
bank account and routing numbers
Social Security numbers (SSNs)
tax and identification numbers
Affected individuals received 12 months of complimentary identity protection via IDX and were advised to place credit freezes and set up fraud alerts.
The breach follows another June incident in which foreign state-aligned hackers compromised email accounts belonging to Washington Post journalists.
The Oracle E-Business Suite zero-day became one of the most impactful vulnerabilities of 2025, enabling mass exploitation. The Clop ransomware group, known for major supply-chain attacks like MOVEit and GoAnywhere, has been tied to this campaign. Oracle has since patched the flaw, but many organizations only discovered the breach after extortion attempts or leaked data surfaced.
The Washington Post breach highlights the growing risk of supply-chain vulnerabilities and the reliance of major enterprises on third-party ERP systems. Robust monitoring, incident response readiness, and rapid patch management are now essential as attackers increasingly weaponize zero-day flaws at scale.
Якщо хочеш — можу зробити зображення до цієї статті у м’ятних/хакерських тонах 16:9, як у попередніх кейсах.
