Harvard Probes Data Breach from Oracle Zero-Day Flaw
▼ Summary
– Harvard University is investigating a data breach after being listed by the Clop ransomware gang, likely caused by a zero-day vulnerability in Oracle’s E-Business Suite.
– The university applied a patch from Oracle to fix the vulnerability and believes the incident impacts only a limited number of parties in a small administrative unit.
– Clop has threatened to publicly release Harvard’s data if a ransom is not paid, as part of a broader extortion campaign targeting Oracle customers.
– Oracle confirmed a new zero-day flaw, tracked as CVE-2025-61882, and issued an emergency update to address the vulnerability.
– Clop has a history of exploiting zero-day flaws in large-scale data theft attacks, and more organizations may be affected by this Oracle vulnerability in the future.
Harvard University has launched an investigation into a potential data breach after the Clop ransomware group included the institution on its public leak portal. The cybercriminals claim the intrusion likely resulted from a recently identified zero-day vulnerability within Oracle’s E-Business Suite servers, a flaw that has reportedly affected multiple organizations using the platform.
A representative from Harvard University Information Technology confirmed the situation, stating, “Harvard is aware of reports that university-associated data may have been accessed due to a zero-day vulnerability in the Oracle E-Business Suite. This is a widespread issue impacting numerous Oracle clients and is not isolated to our systems.” The spokesperson emphasized that their ongoing review currently suggests only a small administrative unit and a limited number of individuals were affected. Harvard applied the necessary security patch provided by Oracle immediately upon receipt and continues to monitor its networks, with no current signs of further system compromise.
The university’s appearance on Clop’s extortion site followed threatening messages sent to various companies, warning that sensitive information stolen from their Oracle E-Business Suite installations would be publicly released unless a ransom was paid. Although Clop declined to provide technical specifics, they acknowledged to cybersecurity outlets their involvement in the campaign, hinting that an Oracle product vulnerability played a central role. One communication from the group read, “Soon all will become obvious that Oracle bugged up their core product and once again, the task is on clop to save the day.”
Shortly after these incidents, Oracle officially confirmed the existence of a new zero-day flaw, designated CVE-2025-61882, and released an urgent security update to address it. The Clop gang is notorious for leveraging such undisclosed software vulnerabilities in large-scale data theft operations. While Harvard appears to be the first named victim connected to this particular Oracle E-Business Suite exploit, security analysts anticipate additional organizations may be publicly listed by the attackers in the near future.
(Source: Bleeping Computer)
