In 2025, Oracle Corporation experienced multiple significant data breaches that have impacted dozens of organizations and exposed sensitive information across various sectors. These breaches stemmed from vulnerabilities in legacy Oracle Cloud Classic servers and Oracle E-Business Suite (EBS), exploited by threat actors including the notorious Cl0p ransomware group.
The first major incident occurred in early 2025 when a threa...
The first major incident occurred in early 2025 when a threat actor using the alias "rose87168" exploited an unpatched Oracle Cloud Classic server, part of Oracle’s older Gen1 infrastructure. The attacker installed a web shell and malware, gaining persistent access and exfiltrating data, including authentication credentials such as usernames, encrypted passwords, and LDAP information. This breach affected approximately 140,000 domains and up to six million user records, including login credentials that could potentially be decrypted using the stolen data. Oracle initially denied the breach but later confirmed unauthorized access to "obsolete servers" that were not part of the current Oracle Cloud Infrastructure (OCI). However, multiple Oracle customers validated the authenticity of the leaked data. The stolen information was subsequently posted on underground forums like BreachForums, and ransom demands were issued in exchange for withholding further data exposure or zero-day exploits[1][4][6][17][18].
In parallel, Oracle Health, a subsidiary formed after Oracle...
In parallel, Oracle Health, a subsidiary formed after Oracle’s acquisition of Cerner Corporation, also suffered a breach impacting at least 14,485 individuals. This incident involved unauthorized access to electronic health records (EHR), raising serious HIPAA compliance concerns. Oracle Health detected the breach in February 2025, with the intrusion believed to have started in late January. The company has been notifying affected healthcare providers and offering support such as credit monitoring and breach notification templates, although it has not publicly disclosed full details of the incident[5].
A second wave of attacks emerged in mid-2025, targeting Orac...
A second wave of attacks emerged in mid-2025, targeting Oracle’s widely used E-Business Suite software. The Cl0p ransomware group exploited a critical zero-day vulnerability (CVE-2025-61882) that allowed pre-authenticated remote code execution. Beginning around August 9, 2025, Cl0p quietly accessed vulnerable EBS servers, stealing large volumes of sensitive corporate data. By late September, victims started receiving extortion emails demanding ransom payments. This campaign affected dozens of organizations and involved chaining at least five distinct Oracle software defects to maximize access and data exfiltration. Oracle released emergency patches in early October to mitigate the vulnerability[3][7][11][13][15].
The breaches have exposed weaknesses in Oracle’s legacy infr...
The breaches have exposed weaknesses in Oracle’s legacy infrastructure management and patching processes, especially concerning outdated systems no longer part of the current OCI environment. Security experts criticized Oracle’s initial communication approach as evasive, emphasizing the risks posed by unmaintained legacy servers containing critical customer data[6]. The incidents have also prompted government agencies such as the Cybersecurity and Infrastructure Security Agency (CISA) to issue warnings urging affected organizations to reset credentials, monitor logs, and implement phishing-resistant multifactor authentication[1].
Overall, these breaches highlight the growing threat of soph...
Overall, these breaches highlight the growing threat of sophisticated, multi-vector cyberattacks targeting major cloud service providers and their customers. The data theft affecting dozens of groups underscores the need for robust security hygiene, timely patching, and proactive threat detection in cloud environments hosting sensitive information. Oracle’s ongoing response includes forensic investigations, customer notifications, emergency patches, and collaboration with law enforcement and cybersecurity researchers to contain the impact and prevent further exploitation[1][3][4][7].
🔄 Updated: 10/9/2025, 5:30:52 PM
In a widening global cybersecurity crisis, dozens of groups have been targeted in data theft linked to Oracle breaches, with the most recent incident involving the alleged theft of 6 million records from Oracle Cloud's Single Sign-On (SSO) and Lightweight Directory Access Protocol (LDAP) systems. This breach has impacted over 140,000 tenants across multiple regions and industries, prompting urgent warnings from federal agencies like CISA, which advised organizations to reset credentials and enhance security measures[2][4]. The international response includes investigations by the FBI and CrowdStrike, with cybersecurity experts emphasizing the need for robust security protocols to mitigate future threats[2][3].
🔄 Updated: 10/9/2025, 5:41:03 PM
The recent Oracle-linked data theft, impacting at least dozens of organizations and exposing over 6 million records across 140,000 Oracle Cloud tenants, is reshaping the competitive landscape by intensifying pressure on enterprises to strengthen supply chain cybersecurity and operational resilience[3][7][15]. This large-scale breach, exploited by the Cl0p ransomware group via multiple Oracle E-Business Suite zero-day vulnerabilities, has forced many companies to pause critical ERP operations, disrupting financial and vendor management processes and amplifying regulatory risks[1][5]. Security experts caution that such unprecedented attacks are accelerating a shift toward more rigorous defense-in-depth strategies and closer collaboration across vendors and clients to close systemic security gaps in the software supply chain[2].
🔄 Updated: 10/9/2025, 5:51:04 PM
Dozens of organizations have been targeted in a massive data theft linked to multiple breaches of Oracle systems, primarily exploiting a critical zero-day vulnerability (CVE-2025-61882) in Oracle E-Business Suite since early August 2025. The Cl0p ransomware group conducted extensive data exfiltration over weeks before initiating an extortion campaign via high-volume emails to executives starting September 29, claiming stolen data from Oracle EBS, affecting dozens of victims worldwide. Oracle released an emergency patch on October 4 after public exposure prompted coordinated incident response efforts involving FBI and cybersecurity firms like Mandiant and CrowdStrike[1][3][5].
🔄 Updated: 10/9/2025, 6:01:07 PM
In a significant development, dozens of organizations have been targeted in a data theft campaign linked to Oracle breaches, with the Cl0p ransomware group exploiting a critical zero-day vulnerability in Oracle's E-Business Suite, known as CVE-2025-61882, starting in early August 2025[1][3]. According to Charles Carmakal, CTO of Mandiant at Google Cloud, the group has stolen large amounts of data from several victims by chaining multiple vulnerabilities[9]. The scope of the incident is still being assessed, but it is believed to have affected dozens of organizations, with some previous campaigns involving hundreds of victims[3][11].
🔄 Updated: 10/9/2025, 6:11:10 PM
Following the revelation of data theft linked to Oracle breaches, Oracle's stock experienced a significant downturn, with shares plunging 4.54% on April 10, 2025. This drop followed reports that hackers stole and sold six million login credentials and encrypted passwords from two outdated Oracle servers, impacting over 140,000 tenants across corporate and government sectors[2][5]. Despite Oracle's reassurances that no sensitive customer data from Oracle Cloud Infrastructure was affected, market confidence was shaken, reflecting concerns over the extent and impact of the breach.
🔄 Updated: 10/9/2025, 6:21:07 PM
Dozens of organizations have been targeted in data theft campaigns linked to multiple Oracle breaches, notably the CVE-2025-61882 zero-day exploited by the Cl0p ransomware group since July 2025, affecting hundreds of Oracle E-Business Suite customers and exposing sensitive operational data[1][5][16]. This unprecedented breach has intensified pressure on Oracle and competitors, accelerating shifts in the competitive landscape toward cybersecurity resilience, with sectors forced to reevaluate ERP and cloud security strategies amid increasing regulatory and reputational risks[1][5]. The incident also amplifies demand within the cybersecurity market, projected to grow significantly as organizations pivot to stronger defenses and diversified vendor reliance to mitigate expansive supply chain vulnerabilities exposed by these attacks[2][11].
🔄 Updated: 10/9/2025, 6:31:19 PM
Federal and regulatory agencies, including CISA and the National Cyber Security Centre (NCSC), have issued emergency alerts and warnings following data theft linked to Oracle breaches, highlighting active exploitation of the critical zero-day vulnerability CVE-2025-61882 since August 2025[1][7]. The FBI and CrowdStrike are actively investigating the breach involving over 6 million stolen records impacting 140,000+ tenants, while a class-action lawsuit in the U.S. District Court for Western Texas accuses Oracle of failing timely breach notifications as mandated by HIPAA and Texas state law[2][3]. CISA warned on October 8, 2025, about the significant fallout risk, underscoring the urgency for government and private entities to
🔄 Updated: 10/9/2025, 6:41:19 PM
Dozens of organizations worldwide were impacted by data theft linked to multiple Oracle breaches, with over **6 million records stolen** and more than **140,000 tenants across various regions and industries affected**, exposing sensitive authentication data including SSO and LDAP credentials[2][4][9]. The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI and CrowdStrike, have launched investigations, while international cybersecurity firms such as CloudSEK and CybelAngel confirmed the scale of the compromise and ongoing threats from threat actors offering decryption services for ransom[2][9]. Despite Oracle's initial denial regarding Oracle Cloud Infrastructure (OCI) involvement, the incident has drawn global regulatory scrutiny under laws like GDPR and CCPA, pressing governments and
🔄 Updated: 10/9/2025, 6:51:15 PM
A sophisticated data theft campaign linked to Oracle breaches has targeted dozens of groups, with over 6 million records, including LDAP display names, email addresses, and hashed passwords, stolen via a suspected undisclosed vulnerability affecting Oracle Cloud and legacy servers[2][1]. The breach leveraged multiple complex exploits, notably CVE-2025-61882 in Oracle E-Business Suite—a high-severity (CVSS 9.8) zero-day vulnerability utilized by the Cl0p threat group since August 2025 to execute remote code and deploy web shells for persistent data exfiltration[3][5][7]. Despite Oracle’s patch releases in July and October 2025, as many as 576 Oracle EBS instances remain potentially vulnerable, enabling
🔄 Updated: 10/9/2025, 7:01:21 PM
Dozens of groups worldwide were targeted in a massive data theft linked to Oracle breaches, impacting over 140,000 Oracle Cloud tenants with approximately 6 million sensitive records, including encrypted passwords and security keys, stolen by threat actors such as the Cl0p ransomware group[1][2][7][9]. Despite Oracle's denial of a cloud breach, cybersecurity firms confirmed the authenticity of leaked data and the exploitation of zero-day vulnerabilities, prompting increased calls for international regulatory scrutiny and stronger cross-border cybersecurity cooperation[2][8]. Legal actions and industry responses have followed, including a U.S. class-action lawsuit over Oracle Health data breaches and heightened global demands for improved security protocols to mitigate operational disruption and prevent further exfiltration of sensitive information[
🔄 Updated: 10/9/2025, 7:11:10 PM
In the wake of recent data breaches linked to Oracle, the company's stock price has experienced significant volatility. On April 10, Oracle's shares dropped by 4.54% following revelations of a breach involving two outdated servers, highlighting the immediate market reaction to cybersecurity concerns[2]. Despite these challenges, Oracle remains a major player in the tech sector, with ongoing developments in security patches and investigations into these breaches likely to influence future stock movements.
🔄 Updated: 10/9/2025, 7:21:12 PM
**Breaking News Update**: In response to the recent Oracle data breaches, government agencies such as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have issued warnings about potential data breaches linked to legacy Oracle systems. CISA has flagged these incidents as actively exploited, emphasizing the urgency for both government and private-sector organizations to take immediate action. Additionally, the FBI and cybersecurity firm CrowdStrike are notably investigating the breach, which has seen the theft of client credentials and the sale of 6 million records extracted from Oracle Cloud's systems.
🔄 Updated: 10/9/2025, 7:31:07 PM
In the latest development surrounding the Oracle breaches, cybersecurity experts have expressed concerns about the scope and impact of the attacks. According to recent reports, dozens of organizations have been affected by these breaches, with some claims suggesting that threat actors have accessed and are selling login credentials for nearly 6 million users[9][10]. Industry analysts, such as Kevin Beaumont, have criticized Oracle for its response, noting that the company's attempts to downplay the severity by distinguishing between Oracle Cloud and Oracle Cloud Classic may be misleading[2].
🔄 Updated: 10/9/2025, 7:41:16 PM
CISA issued guidance on April 17, 2025, urging organizations to “review, reset, and monitor Oracle credentials” after confirming dozens of groups—specifically, over 140,000 Oracle Cloud tenants across multiple industries—were impacted by a breach involving 6 million records extracted from legacy SSO and LDAP systems[2]. “Federal officials have not issued fines or mandates yet, but we’re working closely with Oracle, the FBI, and CrowdStrike to investigate and minimize further exposures,” a CISA spokesperson told reporters, adding that affected organizations should also check for signs of post-breach extortion attempts[2].
🔄 Updated: 10/9/2025, 7:51:12 PM
Dozens of groups have been targeted in a massive data theft linked to Oracle breaches involving approximately **6 million records**, including sensitive LDAP and SSO data affecting around **140,000 tenants** via a suspected undisclosed vulnerability in Oracle Cloud services[2][9]. The breach also involves exploitation of the critical **Oracle E-Business Suite vulnerability CVE-2025-61882 (CVSS 9.8)**, allowing pre-authenticated remote code execution through a multi-stage attack chain that includes SSRF, CRLF injection, and malicious XSLT templates to establish persistence and exfiltrate data[3][5][7]. The implications are severe, with attackers like the Cl0p ransomware group demanding ransom up to **$50 million