Cox Enterprises is notifying impacted people of a data breach that uncovered their private knowledge to hackers who breached the corporate community after exploiting a zero-day flaw in Oracle E-Enterprise Suite.
The compromise occurred in August, however the firm didn’t detect the intrusion till late September, when it launched its inside investigation.
“On September 29, 2025, we turned conscious of suspicious exercise involving Oracle’s E-Enterprise Suite, which is a platform we use for a few of our back-office enterprise operations,” reads the discover.
“We discovered the suspicious exercise was the results of cybercriminals making the most of a beforehand unknown security flaw (referred to as a “zero-day” vulnerability) in Oracle’s E-Enterprise Suite between Aug. 9-14, 2025.”
Cox Enterprises is a significant American conglomerate engaged in media (Cox Media Group), telecommunications (Cox Communications), and automotive providers (Cox Automotive).
The corporate has 55,000 workers and an annual income of $23 billion, with its companies having a global attain.
The corporate has not named the attackers, however the Cl0p ransomware has taken credit score for exploiting CVE-2025-61882 as a zero-day vulnerability, lengthy earlier than Oracle launched a patch on October 5.
Cl0p hackers are recognized for leveraging zero-days in standard software program merchandise utilized by numerous organizations.
Incidents the place Cl0p exploited unknown vulnerabilities embody the Cleo file switch in 2024, the MOVEit Switch and GoAnywhere MFT in 2023, the SolarWinds Serv-U FTP in 2021, and the Accellion FTA in 2020.
Breaches associated to Oracle E-Enterprise Suite have been confirmed by a number of corporations, amongst them Logitech, Washington Publish, GlobalLogic, Envoy Air, and Harvard College.
The menace actor added Cox Enterprises to their knowledge leak web site on the darkish net on October 27 and revealed the stolen info.
Supply: BleepingComputer.com
Earlier right this moment, Cl0p listed 29 new corporations as their victims. The batch consists of main organizations within the automotive, software program, and expertise sectors.
Within the notification to 9,479 impacted people, Cox gives directions on easy methods to enroll in identification theft safety and credit score monitoring providers via IDX for gratis for 12 months.
The corporate didn’t specify what varieties of knowledge have been uncovered within the notification pattern shared with authorities.
Cox Communications suffered a separate breach in June 2024, during which attackers exploited an uncovered backend API to reset hundreds of thousands of buyer modems and steal their private knowledge.
Earlier, in October 2021, Cox Media Group was hit by ransomware that impacted reside TV and radio broadcast streams.
Whether or not you are cleansing up outdated keys or setting guardrails for AI-generated code, this information helps your crew construct securely from the beginning.
Get the cheat sheet and take the guesswork out of secrets and techniques administration.
