Tag: technology

Operation Epic Fury: Why exposure data changes everything about Iran’s cyber-kinetic campaign

Mar 18, 2026 5:10 AM

Tags: access, ai, api, apt, attack, backdoor, breach, cctv, cisa, cloud, country, cve, cvss, cyber, cybersecurity, data, data-breach, ddos, detection, dns, espionage, exploit, firewall, flaw, fortinet, government, group, healthcare, identity, infrastructure, intelligence, Internet, iot, iran, kev, malware, microsoft, military, network, office, phishing, radius, remote-code-execution, risk, strategy, supply-chain, technology, threat, unauthorized, update, vpn, vulnerability, warfare, windows

Iran’s retaliatory campaign following Operation Epic Fury has collapsed the boundary between physical and digital warfare. Tenable’s exposure data analysis across seven target countries reveals that the largest exploitable attack surface isn’t the headline threat, it’s a Microsoft Word N-day affecting nearly 14 million assets. Key takeaways: Exposure data rebalances the threat picture. A Microsoft…
FAQ on CVE-2026-21514: OLE bypass N-Day in Microsoft Word

Mar 18, 2026 5:10 AM

Tags: access, ai, apt, attack, awareness, backdoor, cctv, cisa, cloud, control, cve, cyber, cyberattack, data, data-breach, detection, email, endpoint, exploit, flaw, fortinet, google, government, group, healthcare, identity, infrastructure, intelligence, Internet, iran, kev, malicious, malware, microsoft, mitigation, network, office, phishing, remote-code-execution, risk, technology, theft, threat, training, unauthorized, update, vulnerability, windows, zero-day

An N-day vulnerability in Microsoft Word exposes nearly 14 million assets. Attackers can exploit this flaw to bypass security prompts, enabling deployment of malware and establishing persistent access without triggering user warnings. Key takeaways: CVE-2026-21514 is a Microsoft Word n-day that bypasses OLE and Mark-of-the-Web protections, executing payloads silently without triggering user security prompts Tenable’s…
FAQ on CVE-2026-21514: OLE bypass N-Day in Microsoft Word

Mar 18, 2026 5:10 AM

Tags: access, ai, apt, attack, awareness, backdoor, cctv, cisa, cloud, control, cve, cyber, cyberattack, data, data-breach, detection, email, endpoint, exploit, flaw, fortinet, google, government, group, healthcare, identity, infrastructure, intelligence, Internet, iran, kev, malicious, malware, microsoft, mitigation, network, office, phishing, remote-code-execution, risk, technology, theft, threat, training, unauthorized, update, vulnerability, windows, zero-day

An N-day vulnerability in Microsoft Word exposes nearly 14 million assets. Attackers can exploit this flaw to bypass security prompts, enabling deployment of malware and establishing persistent access without triggering user warnings. Key takeaways: CVE-2026-21514 is a Microsoft Word n-day that bypasses OLE and Mark-of-the-Web protections, executing payloads silently without triggering user security prompts Tenable’s…
Operation Epic Fury: Why exposure data changes everything about Iran’s cyber-kinetic campaign

Mar 18, 2026 5:10 AM

Tags: access, ai, api, apt, attack, backdoor, breach, cctv, cisa, cloud, country, cve, cvss, cyber, cybersecurity, data, data-breach, ddos, detection, dns, espionage, exploit, firewall, flaw, fortinet, government, group, healthcare, identity, infrastructure, intelligence, Internet, iot, iran, kev, malware, microsoft, military, network, office, phishing, radius, remote-code-execution, risk, strategy, supply-chain, technology, threat, unauthorized, update, vpn, vulnerability, warfare, windows

Iran’s retaliatory campaign following Operation Epic Fury has collapsed the boundary between physical and digital warfare. Tenable’s exposure data analysis across seven target countries reveals that the largest exploitable attack surface isn’t the headline threat, it’s a Microsoft Word N-day affecting nearly 14 million assets. Key takeaways: Exposure data rebalances the threat picture. A Microsoft…
Technology accelerating crime, boosts case for national police service says NCA chief

Mar 17, 2026 9:10 PM

Tags: crime, service, technology

NCA director general Graeme Biggar says that technology had helped criminals get smarter, faster and more connected, boosting case for National Police Serivce First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366640462/Technology-accelerating-crime-boosts-case-for-national-police-service-says-NCA-chief
Data Privacy in Technology: Finding Balance in the Age of Surveillance

Mar 17, 2026 11:10 AM

Tags: data, privacy, regulation, technology

Data privacy technologies help organizations protect sensitive information while balancing innovation, regulation and user trust. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/data-privacy-in-technology-finding-balance-in-the-age-of-surveillance/
Data Privacy in Technology: Finding Balance in the Age of Surveillance

Mar 17, 2026 11:10 AM

Tags: data, privacy, regulation, technology

Data privacy technologies help organizations protect sensitive information while balancing innovation, regulation and user trust. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/data-privacy-in-technology-finding-balance-in-the-age-of-surveillance/
Top IoT Security Best Practices to Prevent Cyber Attacks in 2026

Mar 17, 2026 11:10 AM

Tags: attack, best-practice, cyber, healthcare, Internet, iot, technology

The Internet of Things (IoT) continues to expand across industries, connecting smart devices, sensors, and systems that help organizations automate operations and collect real-time data. From smart manufacturing equipment to connected healthcare devices and smart buildings, IoT technology improves efficiency and productivity. However, the growing number of connected devices also increases exposure to cyber threats….…
Attack on Stryker’s Microsoft environment wiped employee devices without malware

Mar 17, 2026 10:09 AM

Tags: attack, cyberattack, malware, microsoft, technology

The recent cyberattack on Stryker wiped tens of thousands of employee devices through its Microsoft environment, and systems are still offline. A recent cyberattack on medical technology giant Stryker targeted its internal Microsoft environment and remotely wiped tens of thousands of employee devices without using malware. The company confirmed that its medical devices were not…
Runtime: The new frontier of AI agent security

Mar 17, 2026 9:10 AM

Tags: access, ai, automation, ceo, ciso, computer, container, control, crowdstrike, cybersecurity, data, detection, edr, endpoint, firewall, framework, incident response, jobs, monitoring, network, openai, risk, saas, technology, threat, tool, vulnerability, zero-day

What runtime monitoring looks like: Once an organization knows where its agents are, the question is what to watch for, and how.Elia Zaitsev, CTO of CrowdStrike, tells CSO that existing endpoint detection and response (EDR) tools already capture the kinds of behavior needed to track AI agents. They instrument operating systems like a flight data…
Stryker Targeted by Large-Scale Wiper Attack, Tens of Thousands of Devices Lost

Mar 17, 2026 7:10 AM

Tags: attack, corporate, cyber, cyberattack, cybersecurity, group, iran, microsoft, technology

Global medical technology giant Stryker suffered a massive cybersecurity incident on March 11, 2026, resulting in the remote wiping of thousands of corporate devices. A pro-Iranian hacktivist group known as Handala has claimed responsibility for the attack, which severely disrupted Stryker’s internal Microsoft environment, manufacturing, and shipping operations. Technical Execution Vector Unlike traditional destructive cyberattacks,…
Simply Offensive Podcast: The Future of Pentesting: AI, Automation, and Better Reporting with Dan DeCloss

Mar 17, 2026 5:10 AM

Tags: ai, automation, computer, corporate, cybersecurity, data, exploit, hacker, hacking, jobs, penetration-testing, skills, technology, threat, tool, update, vulnerability

<div cla The Future of Pentesting: AI, Automation, and Better Reporting with Dan DeCloss In this episode of Simply Offensive, Philip Wylie welcomes Dan DeCloss, the founder of PlexTrac. The two veterans of the cybersecurity industry discuss their history together, the evolution of report writing, and the seismic shift AI is bringing to offensive security.…
Simply Offensive Podcast: The Future of Pentesting: AI, Automation, and Better Reporting with Dan DeCloss

Mar 17, 2026 5:10 AM

Tags: ai, automation, computer, corporate, cybersecurity, data, exploit, hacker, hacking, jobs, penetration-testing, skills, technology, threat, tool, update, vulnerability

<div cla The Future of Pentesting: AI, Automation, and Better Reporting with Dan DeCloss In this episode of Simply Offensive, Philip Wylie welcomes Dan DeCloss, the founder of PlexTrac. The two veterans of the cybersecurity industry discuss their history together, the evolution of report writing, and the seismic shift AI is bringing to offensive security.…
How smart should your secrets rotation technology be

Mar 17, 2026 12:09 AM

Tags: data, technology

What Are Non-Human Identities and Why Are They Crucial? Where technology drives innovation, safeguarding our digital environments remains paramount. How do organizations ensure that their data doesn’t inadvertently become public knowledge? Non-Human Identities (NHIs) hold the key to solving this puzzle. But what exactly are NHIs, and how do they impact data security across industries?……
Big Tech Unites: Industry Giants Sign Global Accord to Combat AI-Driven Scams

Mar 16, 2026 10:10 PM

Tags: adobe, ai, defense, google, linkedin, microsoft, network, openai, scam, service, technology

In a rare display of unified defense, eight of the world’s most powerful technology firms have signed a landmark pact to disrupt the global scam networks currently siphoning billions of dollars from consumers. The Online Services Accord Against Scams signed by Google, Amazon.com Inc., Microsoft Corp., Meta Platforms Inc., OpenAI, LinkedIn, Adobe Inc., and Match..…
Beyond CVSS: OT Security Looks for Its Risk Methodology

Mar 16, 2026 10:10 PM

Tags: cvss, flaw, risk, technology, vulnerability

Individual Vulnerability Severity Not Always a Good Measure of Risk Exposure. A mainstay of IT security programs across the world, the Common Vulnerability Scoring System, may have terminal flaws when applied to the mirror universe of operational technology – a place where ordinary assumptions about risk don’t apply. First seen on govinfosecurity.com Jump to article:…
Stryker attack wiped tens of thousands of devices, no malware needed

Mar 16, 2026 9:10 PM

Tags: attack, cyberattack, malware, microsoft, technology

Last week’s cyberattack on medical technology giant Stryker was limited to its internal Microsoft environment and remotely wiped tens of thousands of employee devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/stryker-attack-wiped-tens-of-thousands-of-devices-no-malware-needed/
16th March Threat Intelligence Report

Mar 16, 2026 5:09 PM

Tags: communications, cyberattack, intelligence, technology, threat

United States-based medical technology company Stryker has suffered a cyberattack that caused a global disruption to its environment. The company said its surgical robotics, clinical communications platform, and life support monitors are […] First seen on research.checkpoint.com Jump to article: research.checkpoint.com/2026/16th-march-threat-intelligence-report/
Justin Fulcher on AI’s Role in Modernizing Government Operations

Mar 16, 2026 2:09 PM

Tags: ai, government, infrastructure, intelligence, technology

Government systems weren’t built for the digital age. Many federal agencies still operate on infrastructure designed decades ago, creating bottlenecks that slow decision-making, strain resources, and frustrate both employees and citizens. Artificial intelligence offers a potential pathway forward, but only if deployed with precision and institutional awareness. Justin Fulcher, a technology founder and former government…
What it takes to win that CSO role

Mar 16, 2026 9:09 AM

Tags: access, ai, attack, automation, business, ceo, ciso, cloud, compliance, control, cybersecurity, data, defense, finance, flaw, framework, google, identity, insurance, jobs, monitoring, network, resilience, risk, skills, startup, strategy, technology, threat

Govern the explosion of shadow AI and establish guardrails for generative AI before it creates material data leakage.Move beyond prevention and operate as a business enabler, proving the organization can maintain a minimum viable business during a sustained outage.Address compliance burdens, such as SEC disclosure rules or the EU AI Act, not as a checklist,…
What it takes to win that CSO role

Mar 16, 2026 9:09 AM

Tags: access, ai, attack, automation, business, ceo, ciso, cloud, compliance, control, cybersecurity, data, defense, finance, flaw, framework, google, identity, insurance, jobs, monitoring, network, resilience, risk, skills, startup, strategy, technology, threat

Govern the explosion of shadow AI and establish guardrails for generative AI before it creates material data leakage.Move beyond prevention and operate as a business enabler, proving the organization can maintain a minimum viable business during a sustained outage.Address compliance burdens, such as SEC disclosure rules or the EU AI Act, not as a checklist,…
OT Security: The New Attack Surface of AI-Powered Robots

Mar 13, 2026 8:10 PM

Tags: ai, attack, cyber, technology

AI-powered humanoid robots are introducing a new cyber-physical attack surface that blends operational technology with enterprise IT. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/artificial-intelligence/ot-security-the-new-attack-surface-of-ai-powered-robots/
Iran-Linked Hacktivists Claim Destructive Cyberattack on Medtech Firm Stryker

Mar 13, 2026 3:09 PM

Tags: cyberattack, group, intelligence, international, iran, technology

A hacktivist group with alleged links to Iran’s intelligence agencies has claimed responsibility for a destructive cyberattack against Stryker, the Michigan-based global medical technology company, in an incident that reportedly disrupted operations across the company’s international network. News reports from Ireland, Stryker’s largest hub outside the United States, said the company sent more than 5,000…
Understanding SOC 2 Controls for SaaS Providers

Mar 13, 2026 12:10 PM

Tags: business, control, data, framework, governance, saas, soc, software, technology

For SaaS providers, trust is a core part of the offering. Customers rely on software platforms to process data, support business operations, and integrate with wider technology ecosystems. As a result, demonstrating effective security and governance controls using frameworks like SOC 2 has become an increasingly important requirement when selling to enterprise customers. SOC 2″¦…
The Cyber Express Weekly Roundup: Global Cyberattacks, Espionage, Malware, and Critical Security Updates

Mar 13, 2026 12:10 PM

Tags: breach, cyber, cyberattack, cybersecurity, espionage, government, malware, technology, update

This week’s The Cyber Express weekly roundup highlights major cybersecurity developments affecting organizations, governments, and individuals worldwide. Key stories include destructive cyberattacks, such as system-wide wipes and targeted breaches, as well as state-backed cyber espionage targeting technology and research sectors. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/the-cyber-express-weekly-roundup-march/
Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients

Mar 13, 2026 11:10 AM

Tags: advisory, authentication, credentials, data, detection, endpoint, exploit, github, google, group, infrastructure, malicious, malware, microsoft, network, password, phishing, scam, software, strategy, tactics, technology, theft, threat, tool, vpn, windows

vpn-fortinet[.]com and ivanti-vpn[.]org, hosting malicious ZIP files on GitHub, the advisory said.The malware itself arrives as a ZIP file containing a Windows Installer package. When a user launches the downloaded installer, it drops a fake Pulse Secure application into a directory that closely mimics a legitimate Pulse Secure installation path, Microsoft said.”This installation path blends…
Storm-2561 targets enterprise VPN users with SEO poisoning, fake clients

Mar 13, 2026 11:10 AM

Tags: advisory, authentication, credentials, data, detection, endpoint, exploit, github, google, group, infrastructure, malicious, malware, microsoft, network, password, phishing, scam, software, strategy, tactics, technology, theft, threat, tool, vpn, windows

vpn-fortinet[.]com and ivanti-vpn[.]org, hosting malicious ZIP files on GitHub, the advisory said.The malware itself arrives as a ZIP file containing a Windows Installer package. When a user launches the downloaded installer, it drops a fake Pulse Secure application into a directory that closely mimics a legitimate Pulse Secure installation path, Microsoft said.”This installation path blends…
Hybrid resilience: Designing incident response across on-prem, cloud and SaaS without losing your mind

Mar 13, 2026 11:10 AM

Tags: access, authentication, business, cloud, communications, data, data-breach, group, identity, incident response, metric, mitigation, network, radius, resilience, saas, service, strategy, technology, update

Severity is driven by customer impact, not by who is pagedWe maintain one current hypothesis, even if it is wrongWe keep one shared timeline that captures decisions, not just symptomsWe communicate on a predictable cadence, even when answers are incompleteEvery action has a named owner and an explicit “time we expect to learn”The biggest behavior…
Hybrid resilience: Designing incident response across on-prem, cloud and SaaS without losing your mind

Mar 13, 2026 11:10 AM

Tags: access, authentication, business, cloud, communications, data, data-breach, group, identity, incident response, metric, mitigation, network, radius, resilience, saas, service, strategy, technology, update

Severity is driven by customer impact, not by who is pagedWe maintain one current hypothesis, even if it is wrongWe keep one shared timeline that captures decisions, not just symptomsWe communicate on a predictable cadence, even when answers are incompleteEvery action has a named owner and an explicit “time we expect to learn”The biggest behavior…
The cyber perimeter was never dead. We just abandoned it.

Mar 13, 2026 9:10 AM

Tags: access, advisory, authentication, awareness, backup, cisa, ciso, cloud, control, cyber, cybersecurity, data-breach, email, exploit, firewall, flaw, governance, government, Hardware, identity, infrastructure, Internet, resilience, risk, router, rust, service, software, strategy, technology, update, zero-trust

Industry has comforted itself with the idea that the perimeter is dead. It is not. What happened is far worse. We ignored the edge, let unsupported hardware decay in place, and effectively donated our perimeter to adversaries who were more than willing to accept it.The FBI’s Winter SHIELD effort is the operational side of the…