The Washington Post has confirmed that it was affected by a large-scale cyberattack exploiting a zero-day vulnerability in Oracle’s E-Business Suite (EBS). The incident is part of a widespread campaign attributed to the Cl0p ransomware group, which has targeted thousands of organisations worldwide using the same flaw.
In a brief statement, the company said it had been “impacted by the breach of the Oracle E-Business Suite platform.” The publication did not disclose details about what type of data was affected, but cybersecurity analysts believe that attackers may have accessed sensitive financial and administrative information.
The vulnerability behind the incident, tracked as CVE-2025-61882, allows unauthorised remote code execution on unpatched Oracle EBS servers. According to threat researchers at Mandiant and Google’s Threat Intelligence Group, Cl0p began exploiting the flaw in early August 2025, months before Oracle issued a patch. The exploit was described as simple to deploy and capable of giving attackers full control over vulnerable systems without needing valid credentials.
Oracle released a fix on October 4 after observing indications of active exploitation earlier that month. The company warned that any EBS instance accessible from the internet and running versions between 12.2.3 and 12.2.14 may already have been compromised. Oracle urged customers to apply the patch immediately and conduct forensic reviews to identify unauthorised activity.
Cl0p, a ransomware group known for large-scale data theft and extortion, has listed several affected organisations on its leak site, including financial institutions, logistics companies, and technology service providers. The group typically demands payment in exchange for deleting stolen information or delaying its publication.
While the Washington Post confirmed its inclusion among affected parties, the newspaper said it continues to operate normally. Security teams are assessing the scope of the intrusion and have implemented additional monitoring and access controls to prevent further compromise.
Global exploitation and supply-chain concerns
Security experts have described the attack as one of the most significant enterprise software breaches in recent years because of Oracle EBS’s widespread use in corporate finance, logistics, and human resources. The platform serves as a core system for processing sensitive business data, making it a valuable target for financially motivated threat actors.
The Cl0p campaign marks another example of attackers shifting from single-company breaches to exploitation of vendor ecosystems. By compromising a commonly used enterprise platform, a single exploit can provide access to multiple clients at once. This strategy mirrors previous Cl0p operations, such as the MOVEit file-transfer attacks that affected government agencies and global corporations in 2023.
Researchers warn that organisations relying on third-party enterprise software remain highly exposed. The initial intrusion often occurs through vulnerabilities in the application layer, bypassing standard endpoint protections and making detection difficult. Once inside, attackers can move laterally through trusted systems, exfiltrate sensitive data, and launch extortion campaigns.
For affected firms, experts recommend a combination of patching, network segmentation, and continuous monitoring. Systems running older or customised versions of Oracle EBS should be prioritised for review, and all external connections to the platform should be restricted.
Although Oracle’s patch addresses the vulnerability, investigators believe some compromised systems may already contain persistent backdoors installed before the fix was released. As a result, applying the update alone may not remove the threat. Security teams are advised to conduct a detailed forensic analysis to confirm that attackers no longer have access.
The Washington Post’s involvement in the breach highlights the growing impact of supply-chain cyber incidents that reach across industries and sectors. As attackers exploit widely deployed business platforms, even organisations with strong internal defences can be affected indirectly.
The investigation into the Oracle EBS attacks is continuing, and both Oracle and federal cybersecurity agencies are working with affected companies to assess the full scope of the campaign. For now, the incident serves as another reminder that vulnerabilities in enterprise software can quickly become entry points for global ransomware groups with significant reach and resources.