Harvard, airlines, and hospitals — enterprise software is the battlefield

Two stories collided in October: Cl0p ransomware exploited an Oracle EBS zero-day (CVE-2025-61882) to breach Harvard (1.3 TB published), Envoy Air, and dozens more. Meanwhile, the EU's action plan to protect hospitals showed the gap between policy and practice.

The Oracle zero-day

Mass exploitation campaign. Harvard: payroll records, internal source code. Envoy Air: American Airlines subsidiary. Pattern: Cl0p scanned for vulnerable EBS instances and exploited every one found. Industrialised opportunism.

Why EBS is a magnet

EBS runs core business functions — finance, HR, supply chain. Contains most sensitive data, runs 24/7, heavily customised. A remotely exploitable RCE here is the worst-case scenario.

What to do

1. Patch EBS immediately.
2. Assume you were scanned.
3. Segment your ERP. No direct external access.
4. Pressure vendors on zero-day SLAs.