Tag: group
-
FBI Seizes Two Websites Linked to Pro-Iranian Group Handala
The FBI has seized two websites, including the leak site, of Handala, a highly active pro-Iranian threat group responsible for the high-profile wiping attack on U.S.-based medical tech company Stryker in which it erased the data from about 80,000 corporate and personal devices. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/fbi-seizes-two-websites-linked-to-pro-iranian-group-handala/
-
Microsoft Intune MDM Gains Notoriety After Stryker Hack
Properly Configured Mobile Development Management Tools Can’t Wipe Personal Data. Mobile device management software is having a moment of notoriety after Iran-aligned hacking group Handala used Microsoft Intune to wipe the mobile devices of employees at medical device manufacture Stryker. Tens of thousands of personal devices were likely affected. First seen on govinfosecurity.com Jump to…
-
Microsoft Intune MDM Gains Notoriety After Stryker Hack
Properly Configured Mobile Development Management Tools Can’t Wipe Personal Data. Mobile device management software is having a moment of notoriety after Iran-aligned hacking group Handala used Microsoft Intune to wipe the mobile devices of employees at medical device manufacture Stryker. Tens of thousands of personal devices were likely affected. First seen on govinfosecurity.com Jump to…
-
Ransomware group exploited Cisco firewall vulnerability as a zero day, weeks before a patch appeared
Tags: attack, cisco, cve, defense, exploit, firewall, government, group, healthcare, infrastructure, malicious, malware, ransom, ransomware, service, software, tool, update, vulnerability, zero-dayCSO that the “week’s head start” he referred to was the gap between the date of the first exploit that Amazon’s later analysis had unearthed and Cisco’s discovery of the bug.Amazon gained insight into the attacker’s infrastructure by using the honeypot to mimic a vulnerable firewall system. This resulted in an attack on the honeypot,…
-
Bitrefill blames North Korean Lazarus group for cyberattack
Crypto-powered gift card store Bitrefill says that the attack it suffered at the beginning of the month was likely perpetrated by North Korean hackers of the Bluenoroff group. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/bitrefill-blames-north-korean-lazarus-group-for-cyberattack/
-
FBI seizes Handala data leak site after Stryker cyberattack
The FBI has seized two websites used by the Handala hacktivist group after the threat actors conducted a destructive cyberattack on medical technology giant Stryker that wiped approximately 80,000 devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-seizes-handala-data-leak-site-after-stryker-cyberattack/
-
FBI seizes pro-Iranian hacking group’s websites after destructive Stryker hack
The FBI and the Justice Department took down two websites linked to the pro-Iranian hacktivist group Handala, which last week hacked medical tech giant Stryker. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/19/fbi-seizes-pro-iranian-hacking-groups-websites-after-destructive-stryker-hack/
-
Russian hackers exploit Zimbra flaw to breach Ukrainian maritime agency
The Russian state-backed hacker group APT28 targeted a Ukrainian government agency by exploiting a vulnerability in Zimbra webmail software. First seen on therecord.media Jump to article: therecord.media/russia-hackers-ukraine-zimbra-breach
-
The multi-billion dollar mistake: Why cloud misconfigurations are your biggest security threat
Most cloud setup errors, 8 out of 10, happen because people slip up, not because code fails.One out of three cloud setups sits empty, ignored by any oversight. A third of online storage spaces get zero attention from monitors.Almost one out of every two hundred storage units on Amazon’s cloud sits open, per a 2024…
-
AWS Warns Hackers Have Abused Cisco Firewall Zero-Day Since January
Notorious ransomware group Interlock has been exploiting a Cisco zero-day bug since January, AWS says First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/interlock-ransomware-exploit-cisco/
-
The multi-billion dollar mistake: Why cloud misconfigurations are your biggest security threat
Most cloud setup errors, 8 out of 10, happen because people slip up, not because code fails.One out of three cloud setups sits empty, ignored by any oversight. A third of online storage spaces get zero attention from monitors.Almost one out of every two hundred storage units on Amazon’s cloud sits open, per a 2024…
-
Interlock group exploiting the CISCO FMC flaw CVE-2026-20131 36 days before disclosure
Tags: attack, cisco, cve, exploit, firewall, flaw, group, ransomware, rce, remote-code-execution, vulnerability, zero-dayThe Interlock ransomware group has exploited a Cisco FMC zero-day RCE vulnerability in attacks since late January. The Interlock ransomware group has been exploiting a critical zero-day RCE vulnerability, tracked as CVE-2026-20131 (CVSS score of 10.0), in Cisco Secure Firewall Management Center (FMC) since late January. The vulnerability is a remote code execution flaw that…
-
DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover
A new exploit kit for Apple iOS devices designed to steal sensitive data from is being wielded by multiple threat actors since at least November 2025, according to reports from Google Threat Intelligence Group (GTIG), iVerify, and Lookout.According to GTIG, multiple commercial surveillance vendors and suspected state-sponsored actors have utilized the full-chain exploit kit, codenamed…
-
Anthropic ban heralds new era of supply chain risk, with no clear playbook
Tags: ai, business, ceo, cisco, ciso, compliance, control, data, defense, framework, government, group, infrastructure, intelligence, law, monitoring, network, RedTeam, risk, risk-management, sbom, software, strategy, supply-chain, technology, threat, toolCompliance pressure before policy clarity: For organizations that do business with the federal government, the implications extend beyond technical challenges into legal and contractual risk. Alex Major, co-chair of government contracts and global trade practice at law firm McCarter and English, tells CSO that supply chain designations like the Anthropic ban tend to move quickly…
-
Anthropic ban heralds new era of supply chain risk, with no clear playbook
Tags: ai, business, ceo, cisco, ciso, compliance, control, data, defense, framework, government, group, infrastructure, intelligence, law, monitoring, network, RedTeam, risk, risk-management, sbom, software, strategy, supply-chain, technology, threat, toolCompliance pressure before policy clarity: For organizations that do business with the federal government, the implications extend beyond technical challenges into legal and contractual risk. Alex Major, co-chair of government contracts and global trade practice at law firm McCarter and English, tells CSO that supply chain designations like the Anthropic ban tend to move quickly…
-
WaterPlum Unleashes “StoatWaffle” Malware in VSCode Supply Chain Attack
A North Korea-linked threat group known as WaterPlum has introduced a new malware strain called “StoatWaffle” as part of its ongoing Contagious Interview campaign. The activity has been attributed to Team 8, a subgroup within WaterPlum also tracked as the Moralis or Modilus cluster. This team was previously associated with the OtterCookie malware, but since…
-
New iOS Exploit Uses Advanced iPhone Hacking Tools to Steal Personal Data
Google Threat Intelligence Group (GTIG) has uncovered a highly sophisticated iOS full-chain exploit dubbed DarkSword. Active since November 2025, this exploit leverages multiple zero-day vulnerabilities to compromise Apple devices running iOS 18.4 through 18.7 fully. DarkSword is highly unusual because it relies entirely on JavaScript throughout its exploit chain, thereby mitigating the need for a…
-
Interlock Ransomware Exploited Cisco Firewall Flaw for Weeks
Tags: cisco, exploit, firewall, flaw, group, hacker, infrastructure, ransomware, software, usa, vulnerabilityAWS Researchers Find an Interlock Server Laden With Tools. Ransomware hackers exploited a flaw with a maximum vulnerability score in Cisco firewall management software weeks before the networking giant disclosed the vulnerability in early March. The group has focused extensively on critical infrastructure sectors in North America and Europe. First seen on govinfosecurity.com Jump to…
-
Threat groups target cyber-physical systems to disrupt critical infrastructure providers
The Iran war has raised concerns that key industrial sectors could be the target of hacktivists, state actors and other groups. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/threat-groups-target-cyber-physical-systems-to-disrupt-critical-infrastruct/815074/
-
CISA official says agency has not seen uptick in cyber threats amid Iran war
Cybersecurity and Infrastructure Security (CISA) Acting Director Nick Andersen said the agency has been working closely with industry and sector-based groups on threats from Iran in the past couple of weeks. First seen on therecord.media Jump to article: therecord.media/cisa-official-says-agency-has-not-seen-uptick-cyber-threats-iran
-
Russians caught stealing personal data from Ukrainians with new advanced iPhone hacking tools
A suspected group of Russian government hackers was caught targeting Ukrainians with new iPhone hacking tools designed for espionage and potentially to steal crypto. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/18/russians-caught-stealing-personal-data-from-ukrainians-with-new-advanced-iphone-hacking-tools/
-
SideWinder Espionage Campaign Expands Across Southeast Asia
Tags: espionage, government, group, india, infrastructure, phishing, spear-phishing, threat, vulnerabilityThe suspected India-linked threat group targets governments, telecom, and critical infrastructure using spear-phishing, old vulnerabilities, and rapidly rotating infrastructure to maintain persistent access. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/sidewinder-espionage-campaign-expands-across-southeast-asia
-
LeakNet boosts ransomware with ClickFix lures, stealthy Deno loader
LeakNet is scaling its ransomware operation by pairing mass-market ClickFix lures with a stealthy Deno-based loader that executes almost entirely in memory, shrinking the window for defenders to intervene. Ransomware operator LeakNet is currently averaging around three victims per month. However, recent activity shows the group investing in its own delivery and execution infrastructure to grow that…
-
Stop building security goals around controls
In this Help Net Security interview, Devin Rudnicki, CISO at Fitch Group, argues that security strategy fails when it loses its connection to business outcomes. Rudnicki walks … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/18/devin-rudnicki-fitch-group-ciso-business-alignment/
-
Cyberattacks Spike 245% in the Two Weeks After the Start of War with Iran
Akamai researchers saw a 245% spike in cyberattacks in the first two weeks after the start of the U.S. and Israeli war against Iran as Iranian nation-state groups and independent hacktivists launch increasingly decentralized and destructive cyberattacks, which are expected to increase as long as the kinetic battle continues. First seen on securityboulevard.com Jump to…
-
Crypto e-commerce platform Bitrefill accuses North Korea of stealing 18,500 purchase records
Bitrefill said hackers allegedly tied to North Korea’s Lazarus group accessed around 18,500 purchase records that contained email addresses, crypto payment addresses, and metadata including IP addresses. First seen on therecord.media Jump to article: therecord.media/crypto-platform-accuses-north-korea-hack