Massive Supply Chain Attacks Expose Millions; Clop Ransomware Targets Harvard and Oracle

Publication Date: October 12, 2025

Summary

In the period covering October 12, 2025, the cybersecurity landscape was dominated by large-scale supply chain attacks and aggressive ransomware campaigns. A hacker collective dubbed 'Scattered Lapsus$ Hunters' leaked data for 5.7 million Qantas customers and 7.3 million Vietnam Airlines customers after compromising a shared Salesforce environment. Concurrently, the Clop ransomware gang claimed a breach of Harvard University and was found actively exploiting a zero-day in Oracle E-Business Suite, for which Oracle released an emergency patch for a separate, newly discovered high-severity flaw. Other significant events include the abuse of the Velociraptor DFIR tool to deploy ransomware and reports of North Korean hackers stealing a record $2 billion in crypto assets in 2025.

Today New Articles

Clop Ransomware Claims Harvard University Breach, Threatens Data Leak

The prolific Russian-speaking ransomware group Clop has claimed responsibility for a cyberattack against Harvard University, adding the prestigious institution to its data leak site on October 12, 2025. The group, known for its 'big-game hunting' and exploitat...

Oracle Issues Emergency Patch for High-Severity EBS Flaw Amid Active Clop Attacks

Oracle has released an emergency security patch for a high-severity vulnerability, CVE-2025-61884, in its E-Business Suite (EBS). The flaw, which has a CVSS score of 7.5, allows an unauthenticated, remote attacker to access sensitive data within the Oracle Con...

Discord Denies Massive Breach Claim After Hackers Allege 1.5TB Data Leak

Discord is publicly denying claims that it suffered a major data breach. On October 11, 2025, an unknown group of hackers alleged they had exfiltrated and leaked 1.5 terabytes of user data, including highly sensitive government-issued identification documents....

North Korean Hackers Shatter Records, Stealing $2 Billion in Crypto in 2025

North Korean state-sponsored hacking groups have stolen over $2 billion in cryptocurrency assets in 2025 so far, marking the largest annual total ever recorded for the regime. A report highlighted on October 11, 2025, points to the increasing scale and sophist...

North Korean IT Worker Fraud Scheme Expands, Targeting 5,000 Companies

A sophisticated North Korean scheme using fraudulent IT worker personas to infiltrate companies has expanded into a massive global operation. According to a report from October 11, 2025, researchers have identified over 130 fake identities used in more than 6,...

Critical RCE Flaw in WooCommerce Designer Pro Plugin Puts WordPress Sites at Risk

A critical vulnerability, CVE-2025-6439, has been disclosed in the WooCommerce Designer Pro WordPress plugin. The flaw, rated 9.8 out of 10 on the CVSS scale, is a path traversal issue that allows an unauthenticated attacker to delete arbitrary files on the we...

WordPress Plugin 'Contest Gallery' Vulnerable to CSV Injection Attacks

A medium-severity CSV injection vulnerability, CVE-2025-11254, has been disclosed in the 'Contest Gallery' plugin for WordPress. The flaw affects all versions up to and including 27.0.3. It allows an unauthenticated attacker to embed malicious formulas into da...