- 3.5 Million Records Exposed: Lessons from the University of Phoenix Oracle EBS Ransomware Breach
University of Phoenix experienced a significant data breach affecting nearly 3.5 million individuals, including students, staff, and suppliers. The breach was carried out by the Clop ransomware gang, which exploited a zero-day vulnerability in the Oracle E-Business Suite (EBS) financial application to steal sensitive personal and financial data in August 2025. The university publicly disclosed the incident in December, and notices have been sent to those impacted, with free identity protection services being offered. This attack is part of a broader campaign by Clop targeting Oracle EBS platforms across multiple organizations, highlighting the growing threat of ransomware-linked data theft and the importance of securing enterprise applications.
2. OAuth Device Code Phishing On The Rise, How Microsoft 365 Accounts Are Being Compromised Without Stealing Passwords
There has a surge in OAuth device code phishing attacks targeting Microsoft 365 accounts. Malicious actors are tricking users into entering device codes on legitimate Microsoft login pages, which unwittingly authorizes attacker-controlled applications to access their accounts without compromising passwords or MFA. These attack campaigns have increased significantly since September, involving both cybercriminals and state-sponsored threat groups, utilizing phishing kits like SquarePhish and Graphish to facilitate the campaigns. The attacks often use social engineering tactics such as salary bonus offers or impersonation of trusted entities, and they primarily target users in organizations across the U.S. and Europe. The article emphasizes the importance of implementing security measures such as Microsoft Entra Conditional Access to mitigate these threats.
3. Holiday Delivery Scams Surge, How Fake Shipping Alerts Are Fueling Cybercrime
There has been a rise in fake delivery scams during the holiday season, exploiting the increased volume of online shopping and parcel deliveries. Cybercriminals are deploying schemes such as phishing emails, fake tracking alerts, and fraudulent parcel delivery notifications to deceive consumers into revealing personal information or installing malicious software. These scams aim to harvest sensitive data, steal financial information, or spread malware, often mimicking legitimate delivery service communications to increase credibility. The surge in such fraudulent activities underscores the importance for consumers and businesses to remain vigilant, verify sender authenticity, and adopt robust cybersecurity practices during the busy holiday shopping period.
4. From Physical Access To Ploutus Malware, Lessons For Banks And Credit Unions From The 40 Million Dollar ATM Heist
Fifty-four individuals have been charged in connection with a large-scale ATM jackpotting scheme linked to the Venezuelan crime syndicate Tren de Aragua. These suspects are accused of deploying malware, specifically the Ploutus variant, to hack ATMs and force them to dispense cash fraudulently, causing estimated losses of over $40 million. The scheme involved covertly installing malware via physical access to ATMs, which enabled the criminals to automate cash withdrawals and launder the stolen money. The conspiracy is part of a broader pattern of cybercriminal activity targeting financial institutions to fund various illicit operations, including terrorism. This case underscores the ongoing threat of ATM malware attacks and the importance of strong physical and cybersecurity measures.