SecureFact – Cyber Security News – Week of October 13, 2025

Harvard University is investigating a data breach after the Clop ransomware gang listed the school on its data leak site.
The alleged breach was caused by a recently disclosed zero-day vulnerability in Oracle’s E-Business Suite servers.
Harvard confirmed the incident impacts a limited number of parties associated with a small administrative unit.
The university applied a patch from Oracle to remediate the vulnerability and is continuing to monitor systems.
Clop has a long history of exploiting zero-day flaws in massive data theft attacks affecting hundreds of organizations.
The Oracle E-Business Suite zero-day (CVE-2025-61882) was exploited since early August 2025.
Harvard is the first organization publicly linked to this Oracle zero-day attack campaign.
The university has no evidence of compromise to other systems beyond the affected administrative unit.

Threat actors compromised more than 100 SonicWall SSLVPN accounts in a large-scale campaign using stolen, valid credentials.
The attacks impacted over 100 SonicWall SSLVPN accounts across 16 environments protected by Huntress.
Most malicious activity began on October 4, 2025, and was still ongoing as of October 10.
Attackers followed up with network scans and attempts to access local Windows accounts after initial authentication.
Most malicious requests originated from IP address 202.155.8[.]73 according to security researchers.
The speed and scale of attacks suggest attackers controlled valid credentials rather than brute-forcing access.
SonicWall recommends resetting all local user passwords, updating
LDAP/RADIUS server passwords, and implementing MFA.
Additional protective measures include restricting WAN management and disabling unnecessary services until secrets are rotated.

American furniture brand Lovesac suffered a data breach impacting an undisclosed number of individuals.
Hackers gained unauthorized access to internal systems between February 12 and March 3, 2025, stealing hosted data.
Lovesac discovered the breach on February 28, 2025, taking three days to fully remediate and block attacker access.
The stolen data includes full names and other personal information not disclosed in breach notifications.
The RansomHub ransomware gang claimed responsibility for the attack on March 3, 2025.
Lovesac operates 267 showrooms across the United States with annual net sales of $750 million.
The company is providing 24-month credit monitoring services through Experian for affected individuals.
Recipients can enroll in credit monitoring services until November 28, 2025, though no data misuse has been detected.

New York-based venture capital firm Insight Partners is notifying thousands whose personal information was stolen in a ransomware attack.
The data breach affects 12,657 individuals according to filings with Maine’s attorney general.
Threat actors gained access to the network on October 25, 2024, through a sophisticated social engineering attack.
Attackers began exfiltrating data and encrypted servers starting January 16, 2025, at approximately 10:00 a.m. EST.
Stolen data includes banking and tax information, personal information of employees, and limited partner information.
The company manages over $90 billion in regulatory assets and has invested in 800+ software startups.
Formal notification letters are being mailed to all impacted individuals with complimentary credit monitoring services.
Insight Partners confirmed the incident in February 2025 and data theft in April 2025 following investigation.

Enterprise software giant Red Hat is being extorted by ShinyHunters gang with samples of stolen customer engagement reports leaked.
The Crimson Collective initially claimed to have stolen nearly 570GB of compressed data across 28,000 internal development repositories.
Approximately 800 Customer Engagement Reports (CERs) were stolen, containing sensitive customer network and infrastructure information.
Red Hat confirmed the breach affected its GitLab instance used solely for Red Hat Consulting engagements.
ShinyHunters released samples of stolen CERs for major companies including Walmart, HSBC, Bank of Canada, and American Express.
The threat actors set an October 10th deadline for ransom payment before publicly leaking the data.
ShinyHunters operates as an extortion-as-a-service, taking 25-30% revenue share from other threat actors’ attacks.
Red Hat has not responded to extortion attempts, and the company was contacted but did not provide additional comments.

Salesforce confirmed it will not negotiate with or pay ransom to threat actors behind massive data theft attacks.
Threat actors claimed to have stolen nearly 1 billion data records from 39 companies using Salesforce instances.
Targeted companies include major brands: FedEx, Disney, Home Depot, Marriott, Google, Cisco, Toyota, McDonald’s, and others.
Two separate attack campaigns occurred in 2025 using social engineering and stolen OAuth tokens.
The first campaign used social engineering to trick employees into connecting malicious OAuth applications to Salesforce.
The second campaign exploited stolen SalesLoft Drift OAuth tokens to access customer CRM environments.
ShinyHunters claimed to have stolen approximately 1.5 billion data records for over 760 companies.
The threat actors’ data leak site has been shut down, with domain nameservers suggesting possible FBI seizure.