Korean Air Employee Data Exposed in Cl0p Ransomware Supply-Chain Attack  Korean Air has acknowledged the theft of sensitive data belonging to 30,000 current and former employees in a serious data breach. The breach occurred via a supply-chain compromise at KC&D Service, the airline's former catering subsidiary. Hackers exploited a critical flaw in Oracle E-Business Suite, tracked as CVE-2025-61882, that enabled code execution remotely without requiring any user interaction or authentication to login. Cl0p ransomware operators claimed responsibility for the attack, and after ransom demands were apparently ignored, they dumped almost 500 GB of stolen archives on their dark web site.  The intrusion occurred at KC&D, which, though it was sold to Hahn & Company in 2020, was still handling in-flight meals and duty-free services. Korean Air continues to own a 20% stake and has continued sharing employee data through KC&D's ERP server. The attackers targeted Oracle EBS versions 12.2.3 through 12.2.14 to bypass authentication and reach sensitive systems. The vulnerability was publicly disclosed in early October 2025, after initial exploitation that started in August. Although Oracle promptly released patches, the combination of late detection and widespread exposure caused data exfiltration to spread across many victims.  The stolen information includes full names and bank account numbers, which increases the risk of identity theft, financial fraud and phishing attacks for those whose information was compromised. Importantly, no customer data, including flight records or payment information, was compromised, preventing wider impact on operations. Korean Air on Dec. 29, 2025, advised the employees to be cautious of scams and took emergency security measures, disconnecting the KC&D servers and filing a report with the Korea Internet and Security Agency (KISA). This attack is reminiscent of the 2023 MOVEit Transfer breach conducted by Cl0p, a similar file-transfer exploit that resulted in the compromise of millions of records from hundreds of companies. Dozens of EBS victims have surfaced, including Envoy Air, Harvard University, Schneider Electric, Emerson, Cox Enterprises, Logitech, and Barts Health NHS Trust, underscoring the campaign's global scale. Cl0p, a Russia-nexus extortion group linked to FIN11, prioritizes data theft over encryption for high-value targets.  The incident emphasizes enduring supply-chain risk in aviation and enterprise software, underscoring the importance of timely patching, third-party risk assessments, and zero-trust architectures. Korean Air Vice Chairman Woo Kee-hong confirmed full dedication to breach scoping and support for its employees in the midst of South Korea's wave of cyberattacks, which also targeted Coupang and SK Telecom in recent days. Organizations around the globe need to review their Oracle EBS exposures and keep an eye on Cl0p leak sites in order to reduce risk.

Korean Air Employee Data Exposed in Cl0p Ransomware Supply-Chain Attack #Cl0pRansomware #DataLeak #KoreanAir

Logitech Confirms Data Breach After Oracle Hack The Cl0p ransomware gang’s relentless pursuit of vulnerabilities has claimed another high-profile victim: Logitech. News of the data breach, stemming from a zero-day exploit in Oracle‘s E-Business Suite (EBS), underscores the escalating threat landscape for enterprises relying on complex, interconnected systems. The incident highlights the ripple effect that vulnerabilities in widely-used platforms can have, impacting […]

Logitech Confirms Data Breach After Oracle Hack

Logitech confirmed the cybersecurity incident in a recent filing with the SEC, acknowledging that data exfiltration had occurred. The company... #Cl0pransomware

Harvard Confirms Cl0p Data Breach Tied to Oracle EBS Vulnerability Harvard University confirms a data breach resulting from an Oracle E-Business Suite vulnerability exploited by the Cl0p ransomware group.

Full story: www.technadu.com/harvard-conf...

#CyberSecurity #ZeroDay #Cl0pRansomware #OracleEBS #TechNadu

Harvard confirms Cl0p ransomware breach exploiting Oracle EBS zero-day CVE-2025-61882. Limited impact reported. Patch applied, monitoring continues.

#CyberSecurity #Cl0pRansomware #ZeroDay #OracleEBS #TechNadu

Cl0p ransomware exploits critical zero-day in Oracle E-Business Suite. Immediate patching and vigilance are crucial. #CyberSecurity #OracleEBS #Cl0pRansomware #ZeroDayVulnerability Link: thedailytechfeed.com/cl0p-ransomw...

Google Mandiant Probes New Oracle Extortion Wave Possibly Linked to Cl0p Ransomware compromised accounts read more about Google Mandiant Probes New Oracle Extortion Wave Possibly Linked to Cl0p Ransomware

Google Mandiant Probes New Oracle Extortion Wave Possibly Linked to Cl0p Ransomware reconbee.com/google-mandi...

#Googlemandiant #oracleextortion #Cl0pransomware #cyberattack