breach

ShinyHunters Claims the Hack of the European Commission

The European Commission was reportedly breached by the cybercrime group ShinyHunters, which claimed to have stolen over 350 GB of data, including mail servers, databases, and confidential documents. The Commission confirmed the cyberattack affected part of its cloud infrastructure but stated that its internal systems were not compromised, and mitigation measures were promptly applied with ongoing investigations into the full impact.

https://securityaffairs.com/190095/data-breach/shinyhunters-claims-the-hack-of-the-european-commission.html

Stryker Says Malware Was Involved in Recent Cyberattack as Production Lines Reopen

Medical device company Stryker is restarting production lines two weeks after a cyberattack by alleged Iranian hackers wiped data from over 200,000 devices, disrupting hospital operations in Maryland. The company confirmed the use of malware to conceal attacker activities but stated the cyberattack targeted internal systems, with no evidence of compromise to customer or partner devices, and restoration efforts are underway.

https://therecord.media/stryker-cyberattack-malware-iran

The Company Paid to Protect Your Identity Just Got Hacked

Aura, a major U.S. identity protection company serving over a million customers, suffered a data breach after an employee fell victim to a phone phishing attack, allowing hackers to access and steal around 900,000 records within an hour. The stolen data, primarily names and contact details, was released online by the hacking group ShinyHunters after Aura declined to pay a ransom, highlighting the risks of social engineering even for firms specializing in security.

https://gizmodo.com/the-company-paid-to-protect-your-identity-just-got-hacked-2000735410

New Alert: Hackers Hijack Corporate M365 Accounts With OAuth Device Codes

A recent surge in phishing attacks abuses Microsoft's OAuth Device Code flow, allowing hackers to hijack corporate Microsoft 365 accounts without stealing passwords by tricking victims into authenticating on legitimate Microsoft login pages. This token-based technique is difficult to detect with traditional tools and enables attackers to access sensitive corporate data, but solutions like ANY.RUN’s SSL decryption and interactive sandbox analysis provide earlier visibility and help security teams respond faster to these sophisticated threats.

https://cyberpress.org/new-alert-hackers-hijack-corporate-m365-accounts-with-oauth-device-codes/

Stryker Attack Wiped Tens of Thousands of Devices, No Malware Needed

Last week's cyberattack on medical technology company Stryker involved the remote wiping of nearly 80,000 employee devices by exploiting Microsoft Intune administrative privileges, but no malware was deployed and no medical devices were affected. The incident, attributed to the Handala group linked to Iran, disrupted internal corporate systems and electronic ordering, with restoration efforts ongoing to resume normal operations.

https://www.bleepingcomputer.com/news/security/stryker-attack-wiped-tens-of-thousands-of-devices-no-malware-needed/

The Who, What, and Why of the Attack That Has Shut Down Stryker’s Windows Network

Stryker, a major multinational medical device supplier, confirmed a cyberattack that disrupted much of its Microsoft network, with a hacking group called Handala Hack—linked to the Iranian government—claiming responsibility. The attack, suspected to have involved remote wiping of devices via Microsoft’s InTune tool rather than typical malware, followed recent US and Israeli airstrikes on Iran, suggesting retaliation through cyber means. Despite the disruption, Stryker’s critical medical devices remain operational, though the company has not yet provided a timeline for full recovery.

https://arstechnica.com/security/2026/03/whats-known-about-wiper-attack-on-stryker-a-major-supplier-of-lifesaving-devices/

Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker

Iran-linked hacktivist group Handala claims responsibility for a data-wiping attack on Stryker, a major medical technology company. The attack forced the shutdown of Stryker's global operations, impacting over 200,000 devices and disrupting supply chains for healthcare providers. The group stated the action was retaliation for a missile strike in Iran that killed many civilians. The incident has raised concerns about cybersecurity in the healthcare sector, as hospitals consider disconnecting from Stryker's services amid the attack.

https://krebsonsecurity.com/2026/03/iran-backed-hackers-claim-wiper-attack-on-medtech-firm-stryker/

United States Leads Dismantlement of One of the World’s Largest Hacker

The Department of Justice announced the seizure of the LeakBase database, a major online forum for cybercriminals. Coordinated actions by law enforcement in 14 countries, including the United States, shut down the forum, seized data, and arrested individuals involved. This operation disrupts a significant platform for cybercriminals to profit from stolen data and demonstrates international cooperation in combating cybercrime.

https://www.justice.gov/opa/pr/united-states-leads-dismantlement-one-worlds-largest-hacker-forums

Hacker Used Anthropic’s Claude to Steal Sensitive Mexican Data

A hacker exploited Anthropic’s AI chatbot, Claude, to breach Mexican government agencies, stealing 150 gigabytes of sensitive data, including taxpayer and voter records. The hacker used Claude to identify vulnerabilities, write scripts, and automate data theft, bypassing Claude’s guardrails by posing as a bug bounty hunter. The attack highlights the growing trend of cybercriminals using AI tools to enhance their hacking capabilities.

https://www.bloomberg.com/news/articles/2026-02-25/hacker-used-anthropic-s-claude-to-steal-sensitive-mexican-data

Amazon: AI-assisted Hacker Breached 600 FortiGate Firewalls in 5 Weeks

Russian-speaking hacker used AI to breach 600 Fortinet firewalls in 55 countries within five weeks, exploiting weak credentials and exposed interfaces without zero-day exploits. The attack involved automating access and reconnaissance tasks with AI-generated tools, leading to stolen configurations and credentials. Recommendations for FortiGate admins include disabling internet exposure of management interfaces and enabling MFA.

https://www.bleepingcomputer.com/news/security/amazon-ai-assisted-hacker-breached-600-fortigate-firewalls-in-5-weeks/

PayPal Data Breach Exposes SSNs and Business PII of Customers for Over Six Months

PayPal experienced a data breach due to a coding error in its Working Capital loan application, exposing customers' personal information, including Social Security numbers and business details, for about six months. The breach was identified on December 12, 2025, and reported to affected customers on February 10, 2026. No external intrusion was involved; it was an internal issue. PayPal has since rolled back the problematic code, terminated unauthorized access, initiated a full investigation, and is offering affected users two years of free credit monitoring.

https://cybersecuritynews.com/paypal-data-breach-expose-customer-data/

Chinese Hackers Exploiting Dell Zero-day Flaw Since Mid-2024

Chinese hackers have been exploiting a critical Dell security flaw, identified as CVE-2026-22769, in their RecoverPoint for Virtual Machines since mid-2024. The UNC6201 group uses hardcoded credentials for unauthorized access, deploying sophisticated malware like Grimbolt to infiltrate VMware networks. To mitigate these attacks, Dell advises affected customers to apply recommended remediations.

https://www.bleepingcomputer.com/news/security/chinese-hackers-exploiting-dell-zero-day-flaw-since-mid-2024/

Eurail Says Stolen Traveler Data Now up for Sale on Dark Web

Eurail's stolen customer data is for sale on the dark web after a breach revealed sensitive records, including names and bank details. The company is investigating the extent of the breach and has notified data protection authorities. Affected customers should be alert for phishing attempts and update their passwords.

https://www.bleepingcomputer.com/news/security/eurail-says-stolen-traveler-data-now-up-for-sale-on-dark-web/

2026 State of Enterprise Infostealer Identity Exposure

In 2025, enterprise identity exposure intensified, with enterprise identity logs increasing from 8% to 11% of all logs. Microsoft Entra ID credentials appeared in 79% of these logs, making them the most compromised. Over 18% of identity logs contained credentials for multiple providers, expanding the potential impact of a single breach.

https://flare.io/learn/resources/2026-enterprise-infostealer-identity-exposure/

Have I Been Pwned: SoundCloud Data Breach Impacts 29.8 Million Accounts

SoundCloud experienced a data breach affecting 29.8 million accounts, exposing email addresses and public profile information. The breach was confirmed on December 15, 2025, after users reported access issues. An investigation revealed no sensitive data was accessed, but the ShinyHunters group claimed responsibility and attempted extortion.

https://www.bleepingcomputer.com/news/security/have-i-been-pwned-soundcloud-data-breach-impacts-298-million-accounts/

Scroll to Top