November saw a wave of attacks exploiting a zero-day vulnerability in Oracle E-Business Suite (EBS). Auto parts maker LKQ and the University of Pennsylvania were among the victims of the Clop ransomware group. Concurrently, a breach at Gainsight further compromised Salesforce-integrated customer data. These incidents served as a stark reminder that legacy enterprise software, if left unpatched even for a few days, can become the primary entry point for large-scale data exfiltration and corporate extortion.