Security firms report expanded ALPHV/CL0P ransomware and extortion campaigns, including exploitation of Oracle E‑Business Suite vulnerabilities and new victims in education and aviation. Responders warn of downstream risks such as financial fraud, data misuse and impersonation scams tied to stolen records.

Recent industry reporting documents an expansion of ALPHV/CL0P ransomware and extortion activity targeting organizations across sectors, with notable exploitation of vulnerabilities in Oracle E‑Business Suite among the tactics observed. Incident responders and security vendors identified fresh intrusions affecting education institutions, airlines and other critical services, and they caution that compromised vendor software and supply‑chain gaps are enabling wider targeting. Beyond immediate encryption and extortion impacts, operators are exfiltrating data that can fuel downstream financial fraud, identity theft and sophisticated impersonation scams, increasing long‑term harm to victims. Security firms emphasize the importance of rapid patching, rigorous vendor risk management, segmented networks, and multifactor authentication to limit both initial access and lateral movement. Law enforcement and industry advisories urge organizations to treat public disclosure and negotiation with caution, preserve forensic evidence, and coordinate with response partners to mitigate cascading fraud risks that often follow ransomware data exposures.