Ticker feed

Iranian-linked hacker group Handala attacked Michigan-based Stryker Corporation, a major medical device manufacturer, claiming it was retaliation for the bombing of Iran's Minab school. The Wednesday cyberattack disrupted thousands of employees' Microsoft systems, causing what the company called "global disruption" with no timeline for full restoration.

Stryker's stock dropped 3% following news of the breach. The hackers claimed they wiped thousands of systems and extracted 50 terabytes of data, though Stryker says there's no evidence of ransomware or malware.

Cybersecurity experts warn this marks an escalation as Iran's conflict spreads to US cyber targets, with more attacks likely coming.

Source: The Guardian

Medical technology company Stryker confirmed Thursday that an Iran-linked cyberattack severely disrupted its global operations, affecting order processing, manufacturing, and shipping worldwide. The $25 billion company was forced to shut down offices in dozens of countries and send staff home in Ireland, its largest hub outside the US.

The Handala hacker group claimed responsibility, saying they wiped over 200,000 devices and stole 50TB of data. Rather than using traditional malware, the attackers exploited Microsoft Intune, a cloud management service, to remotely wipe systems across Stryker's network.

Handala, believed to be a front for Iranian intelligence services, has ramped up attacks since the Israel-Gaza conflict began, targeting companies perceived as Israeli allies.

Source: Security Week

Google rushed out an urgent Chrome update after discovering two high-severity zero-day vulnerabilities being actively exploited by attackers. The company updated Chrome to version 146.0.7680.75/76, addressing flaws in both the Skia graphics engine (CVE-2026-3909) and V8 JavaScript engine (CVE-2026-3910).

Both vulnerabilities allow attackers to execute malicious code on victims' systems by crafting weaponized webpages. Google's internal security team discovered the exploits on March 10, 2026, and confirmed they're already being used in real-world attacks.

Users should update immediately by going to Chrome's menu, selecting Help > About Google Chrome, and letting it auto-update. Organizations need to prioritize deploying this patch across their networks without delay.

Source: Cybersecurity News

The Community College of Beaver County closed its campus Monday after cyberattackers encrypted all college data and demanded ransom payments. The ransomware attack hit on the first day of spring break, blocking access to grades, transcripts, and financial information.

Vice President Leslie Tennant said the IT department discovered a ransom note Monday morning, prompting administrators to lock down all computers and devices. Students and staff are banned from using laptops or logging into VPN networks, even from home.

The college is working with its insurance company to identify the attackers and potentially lift the encryption. School is scheduled to reopen next Monday, giving officials one week to resolve the crisis before classes resume.

Source: CBS Pittsburgh

Microsoft patched a dangerous vulnerability on March 10, 2026, that affects Office across Windows, Mac, and Android devices. The flaw, CVE-2026-26110, scores 8.4 out of 10 for severity and lets attackers execute malicious code without any user clicks or elevated permissions.

The scariest part? Simply viewing a malicious file in Windows Preview Pane triggers the attack. Users don't need to open anything – just highlighting the file is enough for hackers to gain system control.

Fortunately, no active attacks have been detected yet, and Microsoft calls future exploitation "less likely." Still, the vulnerability affects millions of Office installations from 2016 through 2024 versions, plus Office 365 and mobile apps. IT teams should patch immediately or disable Preview Pane as a temporary fix.

Source: Cybersecurity News

Michigan-based medical equipment company Stryker confirmed Wednesday it's dealing with a cyberattack causing "global network disruption." The Kalamazoo-area company, which makes artificial joints and hospital beds, says there's no sign of ransomware or malware and believes the incident is contained.

The Wall Street Journal reports that Handala, a group linked to Iran, left their logo on Stryker's login pages. With $25 billion in annual revenue and 56,000 employees worldwide, Stryker says it has business continuity measures in place to keep supporting customers while teams work to assess the attack's full impact.

Source: CBS News Detroit

Salesforce issued a security alert Saturday warning of ongoing attacks targeting customers' Experience Cloud sites. The threat group ShinyHunters claims to have breached about 100 companies by exploiting misconfigured guest user settings that allow unauthorized access to customer data.

Attackers are using a modified version of Mandiant's AuraInspector tool to scan public-facing sites and steal data from instances with overly permissive guest profiles. These settings are meant to give unauthenticated users access to public information, but excessive permissions let attackers view additional data without logging in.

This marks the third widespread attack spree against Salesforce customers since August, following incidents involving Gainsight and Salesloft Drift integrations.

Source: CyberScoop

Microsoft has issued an emergency security update for a newly discovered .NET Framework vulnerability (CVE-2026-26127) that allows remote attackers to crash applications without authentication. The flaw, scored 7.5 on the CVSS scale, affects .NET 9.0 and 10.0 across Windows, macOS, and Linux systems.

The vulnerability stems from an out-of-bounds read error that can be triggered by specially crafted network requests, causing applications to crash and denying service to users. While Microsoft rates exploitation as "unlikely," an anonymous researcher has publicly disclosed the technical details, raising concerns about potential attacks.

Administrators must immediately update .NET 9.0 to version 9.0.14 and .NET 10.0 to version 10.0.4. Organizations using Microsoft.Bcl.Memory packages should also apply the corresponding patches to prevent service disruptions.

Source: Cyber Security News

Signal has issued a scam warning after Dutch intelligence revealed a Russia-backed campaign targeting high-profile users including government officials, military staff, and journalists. The hackers posed as Signal support staff to steal account details and hijack devices through sophisticated phishing attacks.

Dutch agencies MIVD and AIVD identified this "large-scale global cyber campaign" targeting people of interest to Russia. The attackers tried to trick users into sharing SMS codes and Signal PINs to gain account access.

Signal emphasized its systems remain secure but stressed that "user vigilance" is crucial. Experts warn that convenient features like QR code logins have become primary attack vectors for criminals targeting encrypted messaging apps.

Source: BBC

Ericsson's US subsidiary disclosed a data breach affecting roughly 15,000 people after unauthorized access occurred at a third-party service provider between April 17-22, 2025. The breach wasn't discovered until April 2025, with the investigation only wrapping up in February 2026.

The telecommunications giant shares both employee and customer data with third-party providers but hasn't specified which group was impacted. While Ericsson claims there's "no evidence of misuse," security experts note this is standard language companies use even when stolen data surfaces publicly. The delayed discovery and lengthy investigation timeline raise questions about monitoring practices at third-party vendors handling sensitive information.

Source: Security Week