Canon’s U.S. Subsidiary Hit by Cyberattack Leveraging Oracle EBS Zero-Day

Canon, a global imaging and optical technology leader, reported a significant data security incident at its U.S. subsidiary after threat actors exploited a zero-day flaw in Oracle’s E-Business Suite.

 

Canon Corp is a Japanese multinational company specialising in optical, imaging, and industrial products. It is best known for its cameras, printers, scanners, and medical equipment, with core strengths rooted in advanced optical and imaging technologies.

 

In a statement to the media, Canon confirmed the incident but noted that its investigation found only its U.S. subsidiary was affected.

 

 

 

“We have confirmed that the incident only affected the web server, and we have already taken security measures and resumed service. In addition, we are continuing to investigate further to ensure that there is no other impact,” Canon said.

 

Oracle E-Business Suite is a popular enterprise resource planning (ERP) system that large organisations use to manage key internal functions such as human resources, finance, and supply chain operations. Clop took advantage of a serious zero-day flaw — mainly CVE-2025-61882 (and possibly others like CVE-2025-61884) — in the Oracle EBS’s BI Publisher component. This bug let them run any code they wanted on the system from a distance without needing to log in.

 

Multiple major organisations have reported breaches tied to this vulnerability, including GlobalLogic (Hitachi Group), Cox Enterprises, The Washington Post, Allianz UK, Sato Corporation, Envoy Air, and NHS England, all of which experienced various levels of data exposure or unauthorised access. 

 

Oracle released emergency patches to fix the zero-day flaw and urged customers to update immediately, though some of the initial fixes proved ineffective and required additional urgent updates.