Don’t miss out on our latest stories. Add PCMag as a preferred source on Google.
The Washington Post is among the organizations hit by a large-scale cybercrime campaign that targeted Oracle’s business applications, joining Harvard University and American Airlines-owned carrier Envoy, which announced similar breaches last month.
The Post didn’t say what, if any, data had been lost. However, the news, first reported by Reuters, comes after Google’s Mandiant team warned that it had been “tracking a new, large-scale extortion campaign” from the Clop ransomware gang. The scammers sent “a high volume of emails to executives at numerous organizations, alleging the theft of sensitive data from the victims’ Oracle E-Business Suite (EBS) environments.”
Oracle has released several patches, and warns that the “vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. If successfully exploited, this vulnerability may result in remote code execution.”
Google said last month that Clop exploited a zero-day bug against Oracle EBS customers “weeks before a patch was available, with additional suspicious activity dating back to July 10, 2025,” adding that “in some cases, the threat actor successfully exfiltrated a significant amount of data from impacted organizations.”
Recommended by Our Editors
Certis Foster, senior threat hunter lead at Deepwatch, tells SC Media that there could be more victims since the Clop group “tends to wait a few weeks before posting data to put pressure on ransom payments.” Once inside, however, “they gain privileged access to financial data, HR records, supplier systems, and core operational workflows,” says Heath Renfrow, co-founder and chief information security officer at Fenix24.
Get Our Best Stories!
Your Daily Dose of Our Top Tech News
Sign up for our What’s New Now newsletter to receive the latest news, best new products, and expert advice from the editors of PCMag.
Sign up for our What’s New Now newsletter to receive the latest news, best new products, and expert advice from the editors of PCMag.
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
About Our Expert
Experience
I’m a reporter covering weekend news. Before joining PCMag in 2024, I picked up bylines in BBC News, The Guardian, The Times of London, The Daily Beast, Vice, Slate, Fast Company, The Evening Standard, The i, TechRadar, and Decrypt Media.
I’ve been a PC gamer since you had to install games from multiple CD-ROMs by hand. As a reporter, I’m passionate about the intersection of tech and human lives. I’ve covered everything from crypto scandals to the art world, as well as conspiracy theories, UK politics, and Russia and foreign affairs.
Read Full Bio
