Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

University of Pennsylvania and University of Phoenix disclose data breaches

The University of Pennsylvania and the University of Phoenix confirm they were hit in the Oracle E-Business Suite hacking campaign. The University of Pennsylvania (Penn) and the University of Phoenix confirmed they were hit in the recent cyberattack targeting Oracle E-Business Suite customers. Penn explained that it uses Oracle’s E-Business Suite (EBS) platform for supplier […]

University of Pennsylvania

The University of Pennsylvania and the University of Phoenix confirm they were hit in the Oracle E-Business Suite hacking campaign.

The University of Pennsylvania (Penn) and the University of Phoenix confirmed they were hit in the recent cyberattack targeting Oracle E-Business Suite customers.

Penn explained that it uses Oracle’s E-Business Suite (EBS) platform for supplier payments, reimbursements, ledger entries, and other business operations. After Oracle announced that the flaw could enable unauthorized access, affecting hundreds of organizations worldwide, Penn launched an immediate investigation with cybersecurity experts and notified federal law enforcement.

During the investigation, Penn confirmed that data from its Oracle EBS environment had been accessed without authorization. The University then conducted a detailed review to determine whether personal information was involved. On November 11, 2025, Penn concluded that the recipient’s personal data was among the information taken.

The University of Pennsylvania is notifying impacted individuals, however it did now disclose the total number of affected people.

“Based on our review of the data, we have determined that the impacted information included XXXXXXXX.” reads the data breach notification shared with the Maine Attorney General. “We have found no evidence that any of this information has been or is likely to be publicly disclosed or misused for fraudulent purposes, or otherwise used in a way that could harm you as a result of this incident.”

The university is providing impacted individuals with access to complimentary Experian credit monitoring and remediation services for 24 months at no charge to them.

The University of Phoenix also disclosed a data breach through Phoenix Education Partners. 

“The University of Phoenix, Inc., a subsidiary of Phoenix Education Partners, Inc. (including the University, the “Company”), recently experienced a cybersecurity incident involving the Oracle E-Business Suite software platform (“Oracle EBS”). The Company is one of a number of organizations, including other academic institutions, from which an unauthorized third-party exfiltrated data by exploiting a previously unknown software vulnerability in Oracle EBS. The incident did not impact the business operations or student programming of the Company.” reads a FORM 8-K filed with SEC.

“While the investigation remains ongoing, at this time, the Company believes that the software vulnerability was used in August 2025 to copy certain data maintained in the Company’s Oracle EBS environment.”

“The Company believes that certain personal information, including names and contact information, dates of birth, social security numbers, and bank account and routing numbers, with respect to numerous individuals was accessed without authorization.” The University of Phoenix added.

Several universities have been affected by the same Oracle’s E-Business Suite (EBS) campaign, including the prestigious Harvard.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)