CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Data Breaches

Mazda Says No Data Leakage or Operational Impact From Oracle Hack

The Cl0p ransomware group has listed Mazda and Mazda USA as victims of the Oracle EBS campaign on its leak website. The post Mazda Says No Data Leakage or Operational Impact From Oracle Hack appeared first on SecurityWeek.

Mazda hack

Mazda has confirmed being targeted in the recent Oracle E-Business Suite (EBS) hacking campaign.

However, the carmaker told SecurityWeek that the incident did not impact system operations or production. In addition, the company said “no data leakage has been confirmed”.

A Mazda Motor Europe representative clarified that “traces of an attack” were detected, but its “defensive measures were effective, preventing any system impact or data leakage”. The company said it continues to monitor its systems.

The carmaker said it promptly applied the EBS patches provided by Oracle in October. 

Oracle initially said threat actors exploited a known vulnerability patched in July to hack into customers’ EBS instances. The software giant later patched two other potentially involved flaws tracked as CVE-2025-61884 and CVE-2025-618842, suggesting that zero-days may have been exploited in the attacks.

However, nearly two months after the EBS campaign came to light, it’s still unclear exactly which vulnerability or vulnerabilities have been exploited. 

The Cl0p ransomware group, which has taken credit for the campaign, has named both Mazda and Mazda USA on its leak website, but it has yet to make public any data allegedly stolen from the carmaker. The leak site currently states that the company is being given “some time to respond”. 

However, given Mazda’s assessment of the impact, it’s unlikely that it will pay a ransom. 

Although organizations are generally listed on the Cl0p website for a genuine reason, the threat actors may exaggerate the breach’s actual scope to increase pressure for a ransom payment.

The Cl0p website currently names more than 100 alleged victims of the Oracle EBS campaign, including dozens of major organizations. For some of the victims, the hackers have made public hundreds of gigabytes and even terabytes of files allegedly stolen from their systems. 

The latest to confirm being impacted is Cox Enterprises, which said the personal information of nearly 9,500 individuals was compromised in the incident. 

Logitech, The Washington Post, GlobalLogic, Harvard, and Envoy Air have also confirmed being hit. Other major companies named on the Cl0p site do not appear to have publicly addressed the cybercriminals’ claims, including Schneider Electric, Emerson, Michelin, Broadcom, Bechtel, Canon, and Entrust.

Related: Sophisticated Malware Deployed in Oracle EBS Zero-Day Attacks

Related: CISA Confirms Exploitation of Latest Oracle EBS Vulnerability

Latest News

CYBERNEWSMEDIAPublisher