Cl0p ransomware has leaked 241 GB of data from the NHS UK, confirming a breach involving Barts Health NHS Trust. The group claims the NHS neglected its security, accusing it of failing to protect customer data. This incident follows warnings from NHS cybersecurity about critical vulnerabilities in Oracle’s E-Business Suite (EBS). Although NHS officials have yet to confirm the breach, the timing suggests Cl0p exploited previously flagged vulnerabilities. Days before the NHS breach, Cl0p also compromised The Washington Post, claiming to have stolen 183 GB of data. A filing with the Maine Attorney General’s Office confirmed that 9,720 users had their personal and financial information exposed. Security experts note that Cl0p is shifting its focus from traditional ransomware attacks to coordinated data-exfiltration campaigns targeting high-value enterprise systems. They utilize zero-day vulnerabilities, such as a severe flaw in Oracle EBS, to gain access and siphon data over extended periods. The attacks on NHS and The Washington Post highlight Cl0p's significant reach, as they have also affected other major organizations like Harvard University and Envoy, a subsidiary of American Airlines. Investigations indicate that the exploitation began in late September 2025, following the leak of proof-of-concept code that enabled broader attacks. Despite Oracle releasing patches, many systems remain vulnerable, giving Cl0p and similar groups ongoing opportunities for exploitation.