• Hello and welcome! Register to enjoy full access and benefits:

    • Advertise in the Marketplace section for free.
    • Get more visibility with a signature link.
    • Company/website listings.
    • Ask & answer queries.
    • Much more...

    Register here or log in if you're already a member.

  • 🎉 WHV has crossed 56000 (56k) monthly views (unique) and 285135 clicks per month, as per Google Analytics! Thank you for your support! 🎉

Oracle Zero-Day Attack: Washington Post Confirms Data Breach, NHS Launches Investigation

johny899

New Member
Content Writer
Messages
807
Reaction score
3
Points
23
Balance
$984.1USD
A significant security issue has emerged. According to The Washington Post, their system was compromised due to a vulnerability in Oracle’s E-Business Suite (EBS). Now, the NHS (National Health Service, UK) is also reviewing if they were compromised in the same way.

What Happened at The Washington Post​

In September of this year, criminal hackers said they hacked the Washington Post’s Oracle cloud application.

The Post looked into the matter and confirmed that they indeed were hacked. The hackers exploited a zero-day vulnerability (CVE-2025-61884) to gain access to a portion of their network.

Roughly 10,000 employees, both current and former, were affected by the exposure of their personal information.

The leaked personal information included:
  • Names
  • Bank account numbers
  • Routing numbers
  • Social Security numbers
  • Tax ID numbers
Once the hacking incident was confirmed, The Post took swift action by engaging outside security consultants, applying Oracle’s emergency patch, and immediately locking down their oracle instance. The Post also offered all impacted individuals 12 months of free identity protection.

Who is Responsible?​

According to the infamous ransomware group Clop, they are responsible.

While The Washington Post has not named them specifically, Clop asserted that they exploited the same Oracle vulnerability against multiple companies.

This suggests this is bigger than one company.

Why is the NHS Investigating?​

Experts believe the NHS may also be affected by the same Oracle vulnerability. If so, this puts staff or patient data at risk. This raises the stakes even higher by risking the healthcare system.

Why Does this Matter?​

  • Zero-day vulnerabilities are dangerous because no one knows about them pre-attack.
  • Oracle EBS is a widely used technology for managing HR, salary, and finance, therefore, hacking groups like to attack it.
  • Hackers attacking high-profile businesses such as The Washington Post (and possibly NHS) is an indicator of the range of spread for this attack
  • Despite The Post's quick remediation, sensitive data of many individuals is already compromised.

What You Should Do​

If you are an employee who received a notice from The Post, sign up for the free identity protection.

If your company is running Oracle EBS, instruct your IT group to implement the latest security patch as quickly as possible.

This attack serves as a wake-up call for the importance of keeping systems up to date, specifically when zero-day bugs are involved.
 
You must log in or register to reply here.
Menu
Log in
Register