MedTech Giant Stryker Crippled by Iran-Linked Hacker Attack

Article Link: https://www.securityweek.com/medtech-giant-stryker-crippled-by-iran-linked-hacker-attack/

• Iran-linked hacker group Handala took credit for a large-scale cyberattack on Stryker, a U.S. company that makes medical devices and equipment.
• The group claims they have deleted data from over 200,000 systems, including servers and laptops. They also claim to have stolen 50 terabytes of data in the attack.
• Stryker offices across the world have shut down because of the attack. This is just one of the attacks Handala has claimed responsibility for.
• The group has a history of taking responsibility for cyberattacks however, many claimed attacks have been hard to verify and attribute to the hacktivists.

ShinyHunters Claims Ongoing Salesforce Aura Data Theft Attacks

Article Link: https://www.bleepingcomputer.com/news/security/shinyhunters-claims-ongoing-salesforce-aura-data-theft-attacks/

• Salesforce is warning customers that misconfigurations in Salesforce Experience Cloud could expose information to unauthenticated users. Hackers, such as ShinyHunters, are using a modified version of AuraInspector, a security tool used to identify misconfigured access controls.
• Malicious actors are using AuraInspector to scan Salesforce implementations for Experience Cloud sites with excessive guest permissions, once identified they steal sensitive data.
• The data is used to conduct additional attacks, such as using cyber extortion or using stolen contact information for targeted social engineering attacks.
• Salesforce advises customers to audit guest user permissions and restrict access to only what is needed, set default sharing settings to private, and disable self-registration unless needed.

Attackers Don’t Just Send Phishing Emails. They Weaponize Your SOC’s Workload

Article Link: https://thehackernews.com/2026/03/attackers-dont-just-send-phishing.html  

• Phishing attacks are not only used to target employees, but they are also meant to overwhelm security teams that investigate them.
• Attackers are sending thousands of simple and easy to identify phishing emails to companies hoping that employees will recognize them and report them. This leads to a large number of reports being sent to security teams.
• While security teams investigate these reports, attackers are coordinating more sophisticated attacks hoping they go undetected due to the distraction caused by the phishing reports.
• Mitigations such as rule-based filters can be exploited by attackers as well by allowing them to compromise or spoof known trusted domains. One of the best defenses is a well-trained SOC capable of maintaining a high quality of work even at a high volume.

New ‘BlackSanta’ EDR killer spotted targeting HR departments

Article Link: https://www.bleepingcomputer.com/news/security/new-blacksanta-edr-killer-spotted-targeting-hr-departments/amp/  

• Researchers at Aryaka have identified a new type of malware called BlackSanta that is being used to target human resource departments and company recruiters.
• The attack is primarily email driven, with hackers sending links that look like resumes or job applications. Once downloaded, a fake resume opens while the malware secretly installs itself on the computer. The malware leverages a mixture of EDR exclusions and suppression of Windows notifications to install silently.
• The malware is able to collect information such as operating system, accounts, and configurations. Due to the dynamic nature of the malware it is difficult to detect using normal forensic tools. Indicators of compromise (IOCs) include files such as DWrite.dll, .LNK files disguised as resumes, and trusight.sys and IObitUnlocker.sys being found on the system. For a full list of IOCs please review the full article. 
• Additional information: http://www.aryaka.com/docs/reports/blacksanta-edr-killer-threat-report.pdf

FBI Says Even in an AI-Powered World, Security Basics Still Matter

Article Link: https://cyberscoop.com/fbi-operation-winter-shield-ai-cyber-defense-jason-bilnoski/

• As exploits get more advanced, and thanks to AI faster, the FBI is reminding organizations in the public and private sector that security basics remain effective.
• The FBI has started Operation Winter Shield, a campaign to raise awareness about simple but effective security practices. These include phish-resistant multi-factor authentication, risk-based vulnerability management, reliable and robust logging and monitoring, and immutable offline backups.
• Jason Biloski, Deputy Assistant Director of the Cyber Operations Branch at the FBI, said that basic security controls are still the best defense, even against AI-based threats. He explained that focusing on the basics can help stop attacks before they happen.
• Additional Information: https://www.fbi.gov/file-repository/operation-winter-shield-slick.pdf/view

Microsoft Azure CTO Set Claude on His 1986 Apple II Code, Says It Found Vulns

Article Link: https://www.theregister.com/2026/03/09/claude_legacy_code_vulns/

• Microsoft Azure CTO Mark Russinovich used Claude Opus 4.6 to review code he wrote 40 years ago. The AI identified several vulnerabilities in the code that went undetected for decades.  
• While this example is more entertaining than threatening, it gives credibility to Anthropic’s warning that Opus 4.6 would result in rapid identification of vulnerabilities.  
• The proof of concept highlights the capability for Claude to decompile code and identify vulnerabilities putting legacy systems in production environments at risk.

AI Fake-News Detectors May Look Accurate but Fail in Real Use, Study Finds

Article Link: https://techxplore.com/news/2026-03-ai-fake-news-detectors-accurate.html

• A study conducted at the University of Montreal found that AI tools used to identify fake news provide accurate results in lab testing but fail in real-world use.
• The systems do not actually fact check information. Instead use training data to predict if something is false based on probability not research. They also can cause biases, such as gender and political bias in their checks.
• Use of these tools, such as integrations with social media platforms and search engines can lead to misinformation being labeled factual, reinforcement of bias, and censorship of certain viewpoints.
• Researchers say that accuracy in lab testing should not be the only metric used to evaluate these tools. Transparency, equity, and privacy should also be considered.
• Additional Information: https://ojs.aaai.org/index.php/AIES/article/view/36530/38668

Telus Says It Is Investigating Hack of Its Systems

Article Link: https://www.reuters.com/business/media-telecom/telus-says-it-is-investigating-hack-its-systems-2026-03-12/

• Canadian telecommunications company Telus is investigating an incident involving unauthorized access to its systems. The hacking group ShinyHunters claims to have stolen 700 terrabyes of data from the company.
• The hackers claim the data contains personally identifiable information, call recordings, background check data, and source code. Telus has not yet confirmed the full extent or details of the incident.
• Services and customer networks are reported to be unaffected, but forensic teams and law enforcement are continuing to investigate.
• If the claims made by ShinyHunters are confirmed, the breach could expose sensitive information belonging to both individuals and businesses that use Telus networks.

FBI Seeks Victims of Steam Games Used to Spread Malware

Article Link: https://www.bleepingcomputer.com/news/security/fbi-seeks-victims-of-steam-games-used-to-spread-malware/amp/  

• The Federal Bureau of Investigation (FBI) is investigating multiple games on Steam that contained malware. The games included BlockBlasters, Chemia, Dashverse/DashFPS, Lampy, Lunara, PirateFi, and Tokenova.
• The games may have initially been added to Steam without malware then, such as with BlockBlasters, the malware was added later. The malware targeted passwords, accounts, and cryptocurrency from victims.  
• Another game, Chemia, was linked to threat actor EncryptHub which used malware such as HijackLoader and Fickle Stealer to steal credentials, browser data, cookies, and cryptocurrency.
• The FBI is asking anyone who downloaded these games to report it so they can find victims, track the hackers, and possibly help people recover stolen funds.
• FRSecure suggests reviewing all corporate systems for Steam or other violations of the acceptable use policy and removing such software immediately.