Laboratory Services Cooperative (LSC) has released a statement informing it suffered a data breach where hackers stole sensitive information of roughly 1.6 million people from its systems. LSC is a Seattle-based nonprofit organization that provides centralized laboratory services to its member affiliates, including select Planned Parenthood centers. It plays a crucial role within its niche, supporting organizations in the reproductive health services across more than 35 U.S. states. READ MORE...
Fourlis Group, the operator of IKEA stores in Greece, Cyprus, Romania, and Bulgaria, has informed that the ransomware attack it suffered just before Black Friday on November 27, 2024, caused losses estimated to €20 million ($22.8 million). The security incident became public on December 3, 2024, when the group admitted that the technical problems IKEA online shops were facing were due to "malicious external action." READ MORE...
Threat actors are actively exploiting a vulnerability in the OttoKit WordPress plugin, with many websites potentially exposed to complete compromise, WordPress security firm Defiant warns. Formerly named SureTriggers, 'OttoKit: All-in-One Automation Platform' is a plugin that enables website administrators to automate tasks, and connect applications, websites, and WordPress plugins. READ MORE...
China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called "Smishing Triad" mainly impersonated toll road operators and shipping companies. But experts say these groups are now directly targeting customers of international financial institutions, while dramatically expanding their cybercrime infrastructure and support staff. READ MORE...
2024 brought about countless new cybersecurity challenges including significant growth of the mobile threat landscape, according to Lookout. Threat actors, ranging from nation-states to individuals, are increasingly targeting mobile devices for the onset of their attacks to steal credentials and infiltrate the enterprise cloud in a pathway known as the modern kill chain. More than ever, organizations of every size across every industry must view mobile targeting as a canary in the coal mine. READ MORE...
Shed a tear, if you can, for the poor, misunderstood cybercriminals hard at work trying to earn a dishonest crust by infecting organisations with ransomware. Newly released research has revealed that the riches to be made from encrypting a company's data and demanding a ransom are not proving so easy to come by as they once were. Because although the number of ransomware attacks are reported to have reached record-breaking heights, gangs' profits are thought to be plummeting. READ MORE...
Google is hosting dozens of extensions in its Chrome Web Store that perform suspicious actions on the more than 4 million devices that have installed them and that their developers have taken pains to carefully conceal. The extensions, which so far number at least 35, use the same code patterns, connect to some of the same servers, and require the same list of sensitive systems permissions. READ MORE...
A critical zero-day vulnerability in a file-sharing platform widely used by managed services providers (MSPs) has been under exploitation since March. The vulnerability, tracked as CVE-2025-30406, is a deserialization flaw in Gladinet's CentreStack, an enterprise file-sharing platform. According to both the CVE.org and National Vulnerability Database (NVD) entries, the CentreStack flaw, which was publicly disclosed on April 3, has been under exploitation since March. READ MORE...