A security researcher used automated TruffleHog scans across all 5.6 million public GitLab Cloud repositories and found 17,430 live secrets tied to 2,804 domains—including cloud, database, messaging, and OpenAI keys—showing that many organizations still expose long-lived credentials in public code despite some revocations after notification.

Synthesizing all three sources, the OSINT indicates that an unauthorized third party exploited a previously unknown vulnerability in Oracle E-Business Suite in August 2025 to hack the Oracle EBS environments of the University of Pennsylvania and the University of Phoenix.