Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Oracle EBS zero-day used by Clop to breach Barts Health NHS

Clop ransomware stole data from Barts Health NHS after exploiting a zero-day in its Oracle E-Business Suite. Barts Health NHS confirmed that Clop ransomware group stole data by exploiting zero-day CVE-2025-61882 in its Oracle E-Business Suite. The cybercrime group added the organization to its dark web data leak site and leaked the stolen information. The […]

Oracle CVE-2026-46817

Clop ransomware stole data from Barts Health NHS after exploiting a zero-day in its Oracle E-Business Suite.

Barts Health NHS confirmed that Clop ransomware group stole data by exploiting zero-day CVE-2025-61882 in its Oracle E-Business Suite. The cybercrime group added the organization to its dark web data leak site and leaked the stolen information.

The Clop ransomware gang has been exploiting the critical Oracle EBS zero-day CVE-2025-61882 since early August, stealing sensitive data from numerous organizations worldwide, including Envoy Air, Harvard University, Washington Post, Logitech, University of Pennsylvania, and University of Phoenix.

The Barts Health NHS breach exposed invoices containing full names and addresses of patients, details of former employees with debts, and information on suppliers. Compromised data also included accounting files related to services Barts provided since April 2024 to Barking, Havering, and Redbridge University Hospitals NHS Trust, affecting sensitive financial and personal records across multiple years.

“A criminal group known as Cl0p stole some files from a database containing invoices and posted them on the dark web. The stolen files include names and addresses of individuals who were liable to pay for treatment or services at a Barts Health hospital over several years.” reads the cyberattack update published by Barts Health NHS. “The syndicate exploited a loophole in the Oracle E-business Suite software, which automates key business processes. This impacted many organisations across the world, and Oracle has since corrected the issue.”

The organization noted that its electronic patient record and clinical systems are not affected, and it ensured that its core IT infrastructure is secure.

The data breach occurred in August, but it was detected in November when announced on the dark web.

“The theft occurred in August but there was no indication trust data was at risk until November when the files were posted on the dark web. To date no information has been published on the general internet, and the risk is limited to those able to access compressed files on the encrypted dark web.” continues the update.

Barts Health NHS notified the UK National Cyber Security Centre, Metropolitan Police, and the ICO about a data breach. Patients who made payments are advised to review invoices to identify exposed data and remain alert for suspicious or unsolicited messages, especially those requesting payments or sensitive information, to reduce the risk of fraud or identity misuse.

Barts Health NHS Trust is one of the largest NHS (National Health Service) hospital trusts in the United Kingdom, based in London. It provides a wide range of healthcare services, including acute, specialist, and community care. The trust manages several major hospitals, such as St Bartholomew’s Hospital, Royal London Hospital, Whipps Cross University Hospital, and Newham University Hospital.

Barts Health serves a diverse population of over 2.5 million people across East and Central London and is a key provider of both routine and specialist medical services. It is also involved in teaching and research, collaborating with universities and medical research institutions.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, NHS)