University of Phoenix Breach Exposes 3.5 Million Records via Zero-Day Exploit
On December 2, 2025, the University of Phoenix disclosed a major data breach affecting approximately 3.5 million individuals. The breach was attributed to a zero-day vulnerability (CVE-2025-61882) within Oracle's E-Business Suite, allowing attackers to infiltrate systems that manage sensitive HR and financial records. Details of the breach surfaced after it was listed on an extortion site on November 21, 2025, indicating extensive data exfiltration activities. The breach underscores the significant risks organizations face due to unpatched vulnerabilities and the need for immediate action in response to security threats. This incident marks a critical point in understanding the impact of zero-day vulnerabilities on organizational security and the importance of vigilance in monitoring and patching systems to protect sensitive data. Stakeholders are urged to assess their exposure to similar vulnerabilities and reinforce their cybersecurity strategies accordingly.
Also In Security Today
1. 700Credit API Breach: Over 5.6 million records were compromised due to flawed API connections at 700Credit. The breach, which lasted from May to October 2025, exposed sensitive personal information, leading to notifications sent to federal authorities on October 25, 2025. source2. BRICKSTORM Malware Warning: CISA and NSA issued a warning regarding BRICKSTORM malware, attributed to Chinese state-sponsored actors. This malware targets government and IT sectors, capable of creating rogue virtual machines and stealing sensitive data, emphasizing the ongoing threats posed by nation-state actors. source
3. Ransomware Surge in Education Sector: A recent report revealed a 25% increase in ransomware attacks targeting educational institutions in 2025, prompting calls for enhanced cybersecurity measures within schools and universities to safeguard student data and institutional integrity. source