Kinetic Potential Blog

Dartmouth College on Tuesday confirmed suffering a data breach after cybercriminals targeted its Oracle E-Business Suite (EBS) instance.

The Ivy League research university said it uses Oracle EBS to manage its operations, and its EBS instance was targeted in the recent zero-day attack between August 9 and August 12.

Dartmouth College determined in late October that the attackers managed to exfiltrate files containing personal and financial information, including Social Security numbers.

The university told the Maine Attorney General that nearly 1,500 residents of the state are impacted, but it has not disclosed the total number of affected people.

The Cl0p ransomware group, which is the public-facing entity taking credit for the Oracle EBS campaign, has been listing victims on its leak website.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday issued an alert warning of bad actors actively leveraging commercial spyware and remote access trojans (RATs) to target users of mobile messaging applications.

"These cyber actors use sophisticated targeting and social engineering techniques to deliver spyware and gain unauthorized access to a victim's messaging app, facilitating the deployment of additional malicious payloads that can further compromise the victim's mobile device," the agency said.

CISA cited as examples multiple campaigns that have come to light since the start of the year. Some of them include -

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting Oracle Identity Manager to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

The vulnerability in question is CVE-2025-61757 (CVSS score: 9.8), a case of missing authentication for a critical function that can result in pre-authenticated remote code execution. The vulnerability affects versions 12.2.1.4.0 and 14.1.2.1.0. It was addressed by Oracle as part of its quarterly updates released last month.

"Oracle Fusion Middleware contains a missing authentication for a critical function vulnerability, allowing unauthenticated remote attackers to take over Identity Manager," CISA said.