Nearly 30 organizations have been identified as alleged victims of a hack targeting Oracle’s E-Business Suite (EBS), with the Cl0p ransomware group claiming responsibility. Major companies on the list include Logitech, The Washington Post, and Cox Enterprises. The campaign involved extortion emails sent to executives in late September, and while The Washington Post confirmed it was targeted, many other organizations have not yet acknowledged any data breach. Cl0p has leaked data from 18 victims, amounting to hundreds of gigabytes and even several terabytes of files. SecurityWeek conducted a limited analysis of the leaked data, indicating it likely originated from an Oracle environment. The vulnerabilities exploited in this campaign remain unclear, but two zero-day vulnerabilities, CVE-2025-61882 and CVE-2025-61884, are suspected. These vulnerabilities can be exploited remotely, allowing attackers access to sensitive information. The exploitation of CVE-2025-61882 reportedly began at least two months before patches were available. Organizations listed as victims may be conducting investigations and might not want to disclose details until those are complete. Past incidents have shown that hackers sometimes name larger parent companies while the actual impact may be limited to smaller subsidiaries. This suggests some companies might be trying to avoid negative attention by remaining silent about the breach.