compromises
-
Blog
Magento supply chain attack compromises hundreds of e-stores
A supply chain attack involving 21 backdoored Magento extensions has compromised between 500 and 1,000 e-commerce stores, including one belonging to a $40 billion multinational. Sansec researchers who discovered the attack report that some extensions were backdoored as far back as 2019, but the malicious code was only activated in April 2025. “Multiple vendors were hacked in a coordinated supply…
Read More » -
Blog
Oracle Health breach compromises patient data at US hospitals
A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from legacy servers. Oracle Health has not yet publicly disclosed the incident, but in private communications sent to impacted customers and from conversations with those involved, BleepingComputer confirmed that patient data was stolen in the attack. Oracle Health, formerly known as Cerner,…
Read More » -
Blog
Infostealer campaign compromises 10 npm packages, targets devs
Ten npm packages were suddenly updated with malicious code yesterday to steal environment variables and other sensitive data from developers’ systems. The campaign targeted multiple cryptocurrency-related packages, and the popular ‘country-currency-map’ package was downloaded thousands of times a week. The malicious code was discovered by Sonatype researcher Ali ElShakankiry and is found in two heavily obfuscated scripts, “/scripts/launch.js” and “/scripts/diagnostic-report.js,” which execute upon…
Read More » -
Blog
Data breach at CODAC Behavioral Health compromises SSNs and medical information
Last week, Rhode Island’s largest non-profit opioid treatment provider, CODAC Behavioral Health, began issuing data breach notifications following a cyber attack in July 2024. This attack was claimed by ransomware gang Qilin in August with 9GB of data allegedly stolen. In its notification, CODAC said: “On July 24, 2024, CODAC detected suspicious activity in its network environment.” After securing its…
Read More » -
Blog
Data breach at Louisiana accounting firm compromises SSNs and finances
Accounting firm Wright, Moore, DeHart, Dupuis & Hutchinson this week confirmed it notified thousands of people about a July 2023 data breach that compromised names, Social Security numbers, financial account numbers, credit and debit card numbers, medical info, driver’s license numbers, and addresses. The notice (PDF) states, “On or around July 11, 2023, WMDDH became aware of unusual network activity…
Read More » -
Blog
Ransomware attack on cancer diagnostic lab compromises SSNs and medical info
Medical diagnostic lab SiParadigm this week confirmed it notified 26,534 people about a June 2024 data breach that compromised names, Social Security numbers, dates of birth, addresses, and medical information. Ransomware gang Akira claimed responsibility for the attack in July 2024, saying it stole 114 GB of data. Akira further claimed to have stolen passports, non-disclosure agreements, driver’s licenses, birth…
Read More »