Ticker feed

Microsoft is disabling hands-free deployment in Windows Deployment Services after discovering CVE-2026-0386, a critical vulnerability that lets attackers steal credentials and execute code during network OS installations. The flaw affects Windows Server 2008 through 2025, exposing the Unattend.xml configuration file over unauthenticated channels.

Starting January 13, 2026, administrators can manually disable the feature. By April 2026, Microsoft will automatically block it entirely unless organizations explicitly re-enable it through registry settings.

The vulnerability carries SYSTEM-level privileges and poses supply chain risks in enterprise environments. Microsoft recommends migrating to secure alternatives like Intune or Configuration Manager before the April deadline.

Source: Cybersecurity News

The Iran-linked hacker group Handala attacked Michigan-based Stryker Corporation, a major medical device manufacturer, claiming retaliation for the bombing of Iran's Minab school. The Wednesday cyberattack disrupted thousands of employees' Microsoft systems globally, causing Stryker's stock to drop 3%.

Handala claimed to have wiped systems and stolen 50 terabytes of data, calling Stryker a "Zionist-rooted corporation." The company says there's no ransomware detected and the incident appears contained, though full restoration timeline remains unknown.

Cybersecurity experts warn this marks escalation as Iran's conflict spreads to US cyber targets, with more attacks likely coming.

Source: The Guardian

The massive 2024 Polyfill supply chain attack that compromised over 100,000 websites has been linked to North Korean hackers, not just Chinese actors as initially believed. The attack began when Chinese company Funnull acquired the popular Polyfill.io service and injected malicious code that redirected mobile users to gambling sites.

New evidence from Hudson Rock shows Funnull was likely a front for North Korean operations. Security researchers discovered this after analyzing data stolen from a North Korean hacker's infected computer, which contained credentials for Polyfill control panels and conversations about the attack.

The ultimate goal was reportedly to funnel users to gambling sites owned by China's Suncity Group, which laundered cryptocurrency back to North Korea. This fits a pattern of North Korean cyber operations that have stolen over $2 billion in cryptocurrency.

Source: Security Week

Cybercriminals launched a coordinated attack wave in early 2026, exploiting three critical FortiGate firewall vulnerabilities to breach enterprise networks. The attacks leveraged CVE-2025-59718 and CVE-2025-59719 (both rated 9.8 severity), which allow hackers to gain admin access using fake SAML tokens, plus a zero-day flaw CVE-2026-24858 that enabled login through attackers' own FortiCloud accounts.

Once inside, attackers extracted firewall configurations and decrypted embedded service account credentials for Active Directory systems. In one case, hackers maintained access for two months undetected, creating fake admin accounts and deploying remote access tools. They ultimately stole domain controller databases containing all user passwords.

Fortinet has released patches, but organizations must immediately update firmware, rotate all LDAP credentials, and strengthen firewall monitoring to prevent further breaches.

Source: Cybersecurity News

Iranian-linked hacker group Handala attacked Michigan-based Stryker Corporation, a major medical device manufacturer, claiming it was retaliation for the bombing of Iran's Minab school. The Wednesday cyberattack disrupted thousands of employees' Microsoft systems, causing what the company called "global disruption" with no timeline for full restoration.

Stryker's stock dropped 3% following news of the breach. The hackers claimed they wiped thousands of systems and extracted 50 terabytes of data, though Stryker says there's no evidence of ransomware or malware.

Cybersecurity experts warn this marks an escalation as Iran's conflict spreads to US cyber targets, with more attacks likely coming.

Source: The Guardian

Medical technology company Stryker confirmed Thursday that an Iran-linked cyberattack severely disrupted its global operations, affecting order processing, manufacturing, and shipping worldwide. The $25 billion company was forced to shut down offices in dozens of countries and send staff home in Ireland, its largest hub outside the US.

The Handala hacker group claimed responsibility, saying they wiped over 200,000 devices and stole 50TB of data. Rather than using traditional malware, the attackers exploited Microsoft Intune, a cloud management service, to remotely wipe systems across Stryker's network.

Handala, believed to be a front for Iranian intelligence services, has ramped up attacks since the Israel-Gaza conflict began, targeting companies perceived as Israeli allies.

Source: Security Week

Google rushed out an urgent Chrome update after discovering two high-severity zero-day vulnerabilities being actively exploited by attackers. The company updated Chrome to version 146.0.7680.75/76, addressing flaws in both the Skia graphics engine (CVE-2026-3909) and V8 JavaScript engine (CVE-2026-3910).

Both vulnerabilities allow attackers to execute malicious code on victims' systems by crafting weaponized webpages. Google's internal security team discovered the exploits on March 10, 2026, and confirmed they're already being used in real-world attacks.

Users should update immediately by going to Chrome's menu, selecting Help > About Google Chrome, and letting it auto-update. Organizations need to prioritize deploying this patch across their networks without delay.

Source: Cybersecurity News

The Community College of Beaver County closed its campus Monday after cyberattackers encrypted all college data and demanded ransom payments. The ransomware attack hit on the first day of spring break, blocking access to grades, transcripts, and financial information.

Vice President Leslie Tennant said the IT department discovered a ransom note Monday morning, prompting administrators to lock down all computers and devices. Students and staff are banned from using laptops or logging into VPN networks, even from home.

The college is working with its insurance company to identify the attackers and potentially lift the encryption. School is scheduled to reopen next Monday, giving officials one week to resolve the crisis before classes resume.

Source: CBS Pittsburgh

Microsoft patched a dangerous vulnerability on March 10, 2026, that affects Office across Windows, Mac, and Android devices. The flaw, CVE-2026-26110, scores 8.4 out of 10 for severity and lets attackers execute malicious code without any user clicks or elevated permissions.

The scariest part? Simply viewing a malicious file in Windows Preview Pane triggers the attack. Users don't need to open anything – just highlighting the file is enough for hackers to gain system control.

Fortunately, no active attacks have been detected yet, and Microsoft calls future exploitation "less likely." Still, the vulnerability affects millions of Office installations from 2016 through 2024 versions, plus Office 365 and mobile apps. IT teams should patch immediately or disable Preview Pane as a temporary fix.

Source: Cybersecurity News

Michigan-based medical equipment company Stryker confirmed Wednesday it's dealing with a cyberattack causing "global network disruption." The Kalamazoo-area company, which makes artificial joints and hospital beds, says there's no sign of ransomware or malware and believes the incident is contained.

The Wall Street Journal reports that Handala, a group linked to Iran, left their logo on Stryker's login pages. With $25 billion in annual revenue and 56,000 employees worldwide, Stryker says it has business continuity measures in place to keep supporting customers while teams work to assess the attack's full impact.

Source: CBS News Detroit