Issues

The Who, What, and Why of the Attack That Has Shut Down Stryker’s Windows Network

, , ,

Stryker, a major multinational medical device supplier, confirmed a cyberattack that disrupted much of its Microsoft network, with a hacking group called Handala Hack—linked to the Iranian government—claiming responsibility. The attack, suspected to have involved remote wiping of devices via Microsoft’s InTune tool rather than typical malware, followed recent US and Israeli airstrikes on Iran, suggesting retaliation through cyber means. Despite the disruption, Stryker’s critical medical devices remain operational, though the company has not yet provided a timeline for full recovery.

https://arstechnica.com/security/2026/03/whats-known-about-wiper-attack-on-stryker-a-major-supplier-of-lifesaving-devices/

Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker

, ,

Iran-linked hacktivist group Handala claims responsibility for a data-wiping attack on Stryker, a major medical technology company. The attack forced the shutdown of Stryker's global operations, impacting over 200,000 devices and disrupting supply chains for healthcare providers. The group stated the action was retaliation for a missile strike in Iran that killed many civilians. The incident has raised concerns about cybersecurity in the healthcare sector, as hospitals consider disconnecting from Stryker's services amid the attack.

https://krebsonsecurity.com/2026/03/iran-backed-hackers-claim-wiper-attack-on-medtech-firm-stryker/

Law Enforcement Shuts Down Botnet Made of Tens of Thousands of Hacked Routers

Global law enforcement shut down the SocksEscort botnet, compromising 369,000 routers, facilitating crimes like bank hacks and fraudulent claims, costing millions. The criminal service offered proxy access to hacked devices. The botnet posed significant threats, with many victims in the US and UK.

https://techcrunch.com/2026/03/12/law-enforcement-shuts-down-botnet-made-of-tens-of-thousands-of-hacked-routers/

How We Hacked McKinsey’s AI Platform

, ,

CodeWall's autonomous agent hacked McKinsey's AI platform, Lilli, by exploiting a publicly exposed SQL injection vulnerability, gaining access to sensitive data including 46.5 million chat messages, 728,000 files, and 57,000 user accounts. The agent demonstrated that AI prompts are valuable targets and highlighted security failures in a prestigious firm's system that should have been protected.

https://codewall.ai/blog/how-we-hacked-mckinseys-ai-platform

After Outages, Amazon to Make Senior Engineers Sign Off on AI-assisted Changes

, ,

Amazon is experiencing a trend of outages, some linked to AI coding tools, prompting a meeting with engineers to address the issue. The company will require a senior engineer's sign-off for AI-assisted changes and focus on improving website availability. AWS also experienced incidents involving AI coding assistants, including a 13-hour interruption of a cost calculator.

https://arstechnica.com/ai/2026/03/after-outages-amazon-to-make-senior-engineers-sign-off-on-ai-assisted-changes/

Top Dark Web Telegram Groups & Channels (2026)

,

Telegram has become a significant platform for cybercriminal activity, with its features attracting threat actors. Key categories of dark Telegram channels include credential dumps, financial fraud, hacktivism, and ransomware announcements. Effective monitoring requires automated tools and context-aware analysis, avoiding manual approaches for scalability. Legal considerations vary, but organizations can generally monitor these channels without engaging in illicit activities. The landscape has shifted due to AI moderation on Telegram, prompting criminals to migrate to other platforms, making comprehensive monitoring essential.

https://www.dexpose.io/dark-web-telegram-groups-channels/

Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model

, , ,

Anthropic identified 22 vulnerabilities in Firefox using its AI model, Claude Opus 4.6. Among these, 14 are high severity, discovering a significant number of issues addressed in Firefox 148. The model's efficiency in finding issues, compared to creating exploits, raises security concerns, highlighting AI's role in enhancing browser security. Mozilla reported additional vulnerabilities found through this collaboration, showcasing the benefits of AI-assisted analysis for continuous improvement in security.

https://thehackernews.com/2026/03/anthropic-finds-22-firefox.html

One Click on This Fake Google Meet Update Can Give Attackers Control of Your PC

,

Fake Google Meet update pages can give attackers control of your Windows PC with one click. This phishing attack uses a legitimate Windows feature for device enrollment, allowing control without malware or stolen credentials, bypassing typical security checks. Victims should check their device settings for unauthorized enrollments and disconnect if necessary.

https://www.malwarebytes.com/blog/threat-intel/2026/03/one-click-on-this-fake-google-meet-update-can-give-attackers-control-of-your-pc

InstallFix: Weaponizing Malvertized Install Guides

, ,

Attackers are using a technique called InstallFix, a social engineering attack where they clone installation pages of legitimate CLI tools and present victims with malicious install commands disguised as the real thing. This technique is particularly effective because it exploits the common practice of copying and pasting installation commands from websites, bypassing traditional security controls like email filtering. The attackers are using malvertising, specifically sponsored search results on Google, to distribute these fake installation pages, targeting popular tools like Claude Code.

https://pushsecurity.com/blog/installfix/

Vulnerability Landscape in Q4 2025

,

Q4 2025 saw a surge in high-profile vulnerability disclosures, with attackers exploiting several critical flaws in popular libraries and applications. The most prevalent exploits targeted Microsoft Office products and directory traversal vulnerabilities in WinRAR, highlighting the importance of timely security updates. Additionally, a significant increase in Linux-based exploit attempts underscores the need for robust security measures on these devices.

https://securelist.com/vulnerabilities-and-exploits-in-q4-2025/119105/

Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer

, , , ,

Microsoft revealed a new phishing campaign, ClickFix, using Windows Terminal to deploy Lumma Stealer malware. The campaign tricks users into executing commands via a trusted app, bypassing detection methods aimed at the Run dialog. It executes a multi-stage attack: downloading and extracting malicious scripts, collecting credentials from browsers, and establishing persistence. The malware targets sensitive data, emphasizing the risks of social engineering tactics in cybersecurity.

https://thehackernews.com/2026/03/microsoft-reveals-clickfix-campaign.html

Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit

, , ,

Google's Threat Intelligence Group identified a new iOS exploit kit, “Coruna,” targeting iPhone models from iOS 13.0 to 17.2.1. Coruna comprises five exploit chains and uses advanced techniques to bypass mitigations. It was initially discovered with links to commercial surveillance, later leveraged by Russian espionage and Chinese financial criminals. Users are urged to update their devices to the latest iOS version or enable Lockdown Mode for security. The kit features sophisticated mechanisms for targeting and data theft, indicating a growing market for reused zero-day exploits.

https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit

APT36: a Nightmare of Vibeware

, ,

APT36, known as Transparent Tribe, shifts from conventional malware to “vibeware,” an AI-generated model producing numerous low-quality implants using niche languages like Nim, Zig, and Crystal. This evolution aims to evade detection and employs trusted cloud services for command and control. Despite technical flaws leading to ineffective malware, this model's production volume overwhelms defenses, indicating a trend towards automated, high-volume cyberattacks. Their targeted attacks focus on the Indian government, utilizing sophisticated social engineering tactics and established frameworks alongside new, poorly coded variants. Overall, APT36 embraces a strategy of integrating AI into malware design, resulting in mass-produced threats lacking true innovation but full of operational risk.

https://businessinsights.bitdefender.com/apt36-nightmare-vibeware

Abusing .arpa: The TLD That Isn’t Supposed to Host Anything

, ,

Threat actors are exploiting the .arpa top-level domain (TLD), typically not meant for hosting content, to conduct phishing attacks. By using IPv6 tunnels, they create malicious domains that bypass security controls. These phishing campaigns employ tricks like embedding hyperlinks in images, leading victims to malicious sites through a series of redirects. The attack involves manipulating DNS record management to host phishing content, taking advantage of the .arpa domain’s trusted nature. This novel exploitation complicates detection since these domains appear legitimate and are often unblocked by security policies.

https://www.infoblox.com/blog/threat-intelligence/abusing-arpa-the-tld-that-isnt-supposed-to-host-anything/

Scroll to Top