Latest Security News Collection
Stryker Cyberattack: Medical Tech Giant Warns SEC of Unknown Recovery Timeline
Section titled “Stryker Cyberattack: Medical Tech Giant Warns SEC of Unknown Recovery Timeline”#Stryker #CyberAttack #IntuneWipe #Handala #IranLinkedThreat #MedTechSecurity #IncidentResponse #SECFiling #SupplyChainImpact #CyberResilience
Medical device manufacturer Stryker has informed the US Securities and Exchange Commission (SEC) that it still cannot estimate when its systems will fully recover from a major cyberattack, according to The Record. The incident caused a global disruption across Stryker’s Microsoft environment, wiping devices and locking out roughly 5,500 employees across the US, Ireland, India and Australia. Early analysis suggests the attackers—linked to the Iran‑aligned group Handala—abused Microsoft Intune to remotely wipe laptops, phones and servers rather than using traditional ransomware, making restoration significantly more complex. Stryker confirmed that core medical products such as Mako, Vocera and LIFEPAK remain operational, but order processing, manufacturing and shipping are severely impacted. In its SEC 8‑K filing, the company said the recovery timeline remains unknown, with operational and financial consequences still being assessed as investigators work to contain the threat.
→ Read more on therecord.media
GlassWorm Escalates: 72 Malicious Open VSX Extensions Used in Sophisticated Supply‑Chain Attack
Section titled “GlassWorm Escalates: 72 Malicious Open VSX Extensions Used in Sophisticated Supply‑Chain Attack”#GlassWorm #SupplyChainAttack #OpenVSX #MaliciousExtensions #DeveloperSecurity #CodeSecurity #SoftwareSupplyChain #MalwareCampaign #ThreatIntelligence #CyberSecurity
Cybersecurity researchers have uncovered a major escalation in the GlassWorm malware campaign, which now abuses 72 malicious Open VSX extensions to infiltrate developer environments, according to The Hacker News. Instead of embedding malware directly into each extension, attackers misuse extensionPack and extensionDependencies fields to create transitive, delayed‑payload infections. Seemingly harmless extensions establish trust before silently pulling in a secondary, malicious GlassWorm component during later updates. The campaign targets developers by impersonating widely used tools such as linters, formatters, code runners and AI coding assistants like Clade Code and Google Antigravity. Once installed, the malware steals credentials, drains cryptocurrency wallets, and can turn infected systems into criminal proxies. Researchers note advanced evasion techniques, including heavier obfuscation, Solana‑based C2 dead‑drop resolvers and locale checks to avoid Russian systems. Open VSX has since removed the malicious packages, but the incident underscores the growing danger of software supply‑chain attacks.
→ Read more on thehackernews.com
Bell Ambulance Breach Exposes Sensitive Data of Over 238,000 Individuals
Section titled “Bell Ambulance Breach Exposes Sensitive Data of Over 238,000 Individuals”#DataBreach #BellAmbulance #HealthcareSecurity #PHI #RansomwareAttack #CyberIncident #IdentityProtection #EmergencyServices #CyberRisk #InformationSecurity
Bell Ambulance, a major emergency medical services provider in Milwaukee, has disclosed a data breach affecting more than 238,000 people, according to SecurityAffairs. The incident stems from a January 2024 ransomware attack in which threat actors accessed and exfiltrated sensitive information from the company’s internal systems. Stolen data includes names, Social Security numbers, driver’s licence details, medical information and insurance records — all highly valuable for identity theft and fraud. Although the organisation contained the breach and restored systems, investigators confirmed that attackers had viewed or copied protected health information before encryption. Bell Ambulance has begun notifying affected individuals and is offering credit monitoring. The attack highlights ongoing pressure on the US healthcare and emergency services sector, which remains a prime target for ransomware groups due to its operational urgency and high-value patient data.
→ Read more on securityaffairs.com
AI‑Generated Malware Marks New Phase in Ransomware as IBM Warns of Attribution Challenges
Section titled “AI‑Generated Malware Marks New Phase in Ransomware as IBM Warns of Attribution Challenges”#AIMalware #Ransomware #IBMXForce #Hive0163 #Slopoly #CyberThreats #MalwareEvasion #AttributionChallenges #AIinCybercrime #ThreatIntelligence
Cybercriminal groups are increasingly using AI‑generated code to accelerate ransomware operations and evade attribution, IBM’s X‑Force team has warned, according to Cybersecurity Dive. IBM researchers identified an autonomously generated backdoor—nicknamed Slopoly—used by the ransomware group Hive0163 during a 2026 attack. Although the malware was technically simple, it demonstrated how AI can dramatically speed up the hacking lifecycle, enabling attackers to create customised, disposable malware variants for each operation. IBM found that the hackers’ prompts had successfully bypassed the AI model’s safety filters, allowing the tool to produce malicious code. This shift means defenders can no longer rely solely on signatures or known malware families, as AI will enable attackers to constantly alter payloads to avoid detection. IBM notes that AI‑assisted development marks a “fundamental shift of dynamics” in cybercrime, making attribution significantly harder and signalling a future where rapid, automated malware production becomes standard.
→ Read more on cybersecuritydive.com
INTERPOL’s ‘Operation Synergia’ Takes Down 70,000 Malicious Servers in Global Cybercrime Crackdown
Section titled “INTERPOL’s ‘Operation Synergia’ Takes Down 70,000 Malicious Servers in Global Cybercrime Crackdown”#Interpol #OperationSynergia #CyberCrime #CyberSecurity #Botnets #MalwareInfrastructure #GlobalLawEnforcement #ThreatIntel #Ransomware #DigitalSafety
INTERPOL has announced the results of Operation Synergia, a major coordinated effort that dismantled more than 70,000 malicious command‑and‑control servers used for phishing, malware distribution, ransomware and financial fraud. Working with law‑enforcement agencies and private‑sector partners across 50 countries, investigators targeted criminal infrastructure supporting botnets, remote‑access trojans and data‑stealing campaigns. The crackdown led to 31 arrests, with suspects linked to large‑scale fraud, business email compromise and ransomware operations. The Register reports that Synergia focused on disrupting the core services behind cybercrime rather than pursuing individual malware variants, making it harder for attackers to rebuild their networks. INTERPOL said the campaign highlights the growing global scale of cyber operations and the need for tighter cooperation between nations, industry and security researchers. Authorities have warned that related follow‑up investigations are ongoing as seized infrastructure continues to reveal new threat actors.
→ Read more on theregister.com
Small Businesses Face Rising Ransomware Toll as Costs and Downtime Surge, Sophos Warns
Section titled “Small Businesses Face Rising Ransomware Toll as Costs and Downtime Surge, Sophos Warns”#Ransomware #SmallBusinessSecurity #SophosStudy #CyberResilience #SMBRisk #CyberThreats #IncidentResponse #DataProtection #MSPSecurity #ITSecurity
A new Sophos study shows that small and mid-sized businesses (SMBs) are increasingly struggling under the weight of ransomware attacks, with many lacking the resources to respond effectively. According to the report, SMBs are hit almost as frequently as large enterprises, yet the financial and operational impact is often more severe due to limited IT staff, weaker backup strategies and outdated security tools.
The study highlights that downtime, data loss and recovery costs make ransomware one of the most damaging threats facing smaller organisations, often forcing them into lengthy outages or expensive rebuilds. Many SMBs still underestimate the risk, leading to insufficient investment in cyber‑resilience. Sophos warns that attackers increasingly exploit managed service providers (MSPs) and supply‑chain links to infiltrate smaller firms, making proactive defence, offline backups and 24/7 monitoring essential.
→ Read more on security-insider.de
Adobe to Pay $150 Million After US Government Alleges Hidden Fees and Hard‑to‑Cancel Subscriptions
Section titled “Adobe to Pay $150 Million After US Government Alleges Hidden Fees and Hard‑to‑Cancel Subscriptions”#AdobeSettlement #ConsumerProtection #ROSCA #SubscriptionFees #DigitalServices #DOJ #FTC #HiddenFees #CustomerRights #TechRegulation
Adobe has agreed to a $150 million settlement to resolve a US government lawsuit accusing the company of hiding early termination fees and making subscription cancellations unnecessarily difficult, according to Cybernews.
The Department of Justice alleges that Adobe violated the Restore Online Shoppers’ Confidence Act (ROSCA) by burying key terms in fine print and inconspicuous hyperlinks, particularly within its popular “Annual, Paid Monthly” plan. Customers reportedly faced unexpected charges amounting to hundreds of dollars when attempting to cancel. Regulators also criticised Adobe for using convoluted and time‑consuming cancellation flows, including delays, repeated warnings, and unsolicited retention offers.
Under the proposed court order, Adobe will pay $75 million in civil penalties and provide $75 million in free services to affected users, while being required to clearly disclose fees and simplify cancellations going forward.
→ Read more on cybernews.com
Scammers Lure Drivers with Fake “Fuel‑Saving” OBD2 Dongles, Heise Warns
Section titled “Scammers Lure Drivers with Fake “Fuel‑Saving” OBD2 Dongles, Heise Warns”#ScamAlert #FuelSavingMyth #OBD2 #CyberFraud #EmailScam #HeiseSecurity #ConsumerProtection #AutomotiveSecurity #SpamWarning #OnlineScams
Cybercriminals are exploiting persistently high fuel prices by sending spam emails advertising bogus “fuel‑saving dongles”, according to a report from Heise.
The scammers claim the devices — cheap OBD2 plug‑ins — can reduce fuel consumption by 35% to 55% by “optimising” engine parameters such as injection timing and boost pressure. In reality, these dongles are completely useless, containing no functional electronics capable of communicating with a vehicle. The emails try to pressure victims by claiming the devices are sold out in stores and only available online in “limited quantities”, with a tempting price of around €30.
Heise highlights clear red flags: contradictory savings claims, unrealistic technical promises, and the classic tactic of creating artificial urgency. The campaign is not new — fuel‑saving miracle devices have circulated for years — but scammers are now aggressively capitalising on economic uncertainty and high petrol costs.
→ Read more on heise.de
State‑Sponsored Cyberattacks on Europe Surge Amid Middle East Tensions
Section titled “State‑Sponsored Cyberattacks on Europe Surge Amid Middle East Tensions”#CyberEspionage #StateSponsoredAttacks #EuropeSecurity #MiddleEastConflict #Proofpoint #TA453 #TA473 #WinterVivern #PhishingAttacks #GeopoliticalCyberThreat
A new report from it‑daily.net warns that state‑sponsored cyberattacks targeting European governments are sharply increasing, fuelled by escalating geopolitical tensions in the Middle East.
According to Proofpoint researchers, the February 2026 US‑Israeli military operation “Operation Epic Fury” triggered a wave of retaliatory cyber activity, particularly from Iran‑aligned groups such as TA453, which launched phishing operations against Western think tanks in early March. At the same time, other threat actors — potentially linked to China, Belarus, Pakistan and Hamas — have intensified espionage campaigns across Europe and the Middle East.
A notable incident involved TA473 (Winter Vivern), which impersonated a spokesperson for the President of the European Council and sent malicious emails containing a deceptive EU “statement” on the regional conflict. Once opened, the attachment secretly connected to an external server.
Researchers warn that attackers increasingly weaponise current news events, compromised government mail accounts and targeted phishing lures to infiltrate ministries and political institutions.
→ Read more on it-daily.net
Poland Confirms Cyberattack Attempt on Nuclear Research Centre, Possible Iranian Link Under Investigation
Section titled “Poland Confirms Cyberattack Attempt on Nuclear Research Centre, Possible Iranian Link Under Investigation”#CyberAttack #Poland #CriticalInfrastructure #NuclearSecurity #NCBJ #IranianHackers #ThreatIntel #ICS #NationalSecurity #CyberEspionage #SecurityWeek
Poland has reported a failed cyberattack against its National Centre for Nuclear Research (NCBJ), the country’s leading nuclear science institute, according to SecurityWeek.
The incident targeted the organisation’s IT infrastructure but was detected and stopped early, with officials confirming that no systems were compromised and the MARIA research reactor continues operating safely at full power. Initial indicators point to a potential link to Iran, Poland’s Digital Affairs Minister Krzysztof Gawkowski said, though he cautioned that attackers may have planted misleading evidence to obscure their true origin.
The attempted breach comes only two months after a Russian‑attributed cyberattack on Poland’s power grid, which caused permanent damage to some industrial control systems.
The incident highlights the growing targeting of critical infrastructure by state‑aligned threat actors amid rising geopolitical tensions.
→ Read more on securityweek.com
+49 89 360 5310 | security-awareness@metafinanz.de
The editors are not responsible for the content of each article.