⏱️ ≈ 7-minute read

Intro: Enterprises running Oracle’s ERP backbone are suddenly finding themselves in a nasty new extortion scheme.
What Happened: Oracle says hackers have stolen data from its EBS software platform and are targeting customers with extortion demands. Attackers are skipping ransomware encryption altogether and going straight for “pay or we leak.”
Why It’s Important: Oracle’s enterprise software sits at the heart of global supply chains and finance ops. A compromise here means attackers get high-value data with direct leverage over Fortune 500s.
The Other Side: Oracle insists its systems weren’t directly compromised, framing it as an issue impacting customers’ implementations — classic “not our problem” positioning.
👉 Takeaway: The attack shows that extortion is evolving beyond ransomware. Data theft alone is enough leverage if the target is strategic.
TL;DR: Oracle customers are being squeezed by extortionists. Is this the future of “ransomware-less” ransomware?

Further Reading: Reuters

If you’re a decision maker at your company, you need to be on the bleeding edge of, well, everything. But before you go signing up for seminars, conferences, lunch ‘n learns, and all that jazz, just know there’s a far better (and simpler) way: Subscribing to The Deep View.

This daily newsletter condenses everything you need to know about the latest and greatest AI developments into a 5-minute read. Squeeze it into your morning coffee break and before you know it, you’ll be an expert too.

Subscribe right here. It’s totally free, wildly informative, and trusted by 600,000+ readers at Google, Meta, Microsoft, and beyond.

Intro: Remember when GoAnywhere was last year’s Clop playground? Yeah… it’s back.
What Happened: Fortra’s GoAnywhere MFT is in the crosshairs again, with a 10/10 severity zero-day (CVE-2025-10035) already under active exploitation. The bug allows remote command injection and full compromise of managed file transfer servers.
Why It’s Important: GoAnywhere has a history of being ransomware gangs’ favorite playground. This new zero-day threatens thousands of enterprises moving sensitive data.
The Other Side: Patches are live, but if history repeats, expect mass exploitation of laggards who don’t patch fast enough.
👉 Takeaway: This is another reminder that “secure file transfer” is an oxymoron when attackers have the exploit first.
TL;DR: A GoAnywhere zero-day is getting hammered. Did anyone actually patch after last year’s Clop fiasco?

Further Reading: TechRadar

beehiiv is the one platform that does everything for your newsletter. And they do mean everything:

If you’ve got a newsletter (or even just the idea for one), beehiiv is the ultimate no-brainer.

Start for free on the absolute best platform for newsletters. No credit card required.

Intro: You know you’re in strange territory when hackers say “sorry” after a breach.
What Happened: Hackers breached Kido Schools, stealing photos and sensitive records of children. Then, bizarrely, they issued a public “apology” and claimed to delete everything.
Why It’s Important: Even if true, the precedent is chilling — criminals framing themselves as ethical actors after committing the crime.
The Other Side: Security experts point out that “we deleted it, promise” is about as trustworthy as a Nigerian prince email.
👉 Takeaway: There’s no “ethical hacker” badge for stealing kids’ data — just a reminder that attackers will say anything to soften blowback.
TL;DR: Hackers hit a nursery chain, then said sorry. Does remorse count in cybercrime, or is this just villain cosplay?

Further Reading: Washington Post

Thanks for reading this week’s edition. Like what you see? Forward it!

Hate everything you see or have other feedback? Reply back to this email!