Stryker ‘Handala’ incident: global Microsoft environment disruption and reported remote device wipes
Disruptive Iran-nexus hacktivist operation claims large-scale data destruction as Stryker restores services and CISA investigates.
173 reports
Disruptive Iran-nexus hacktivist operation claims large-scale data destruction as Stryker restores services and CISA investigates.
Infostealer logs from 2024 allegedly expose Funnull backend access and a separate Gate.us compliance infiltration.
A credential theft operation uses lookalike VPN download sites and GitHub-hosted ZIPs to drop signed malware that harvests VPN logins and configuration data.
A ClearSky report details a new loader and backdoor pair, and Scythe shows how to operationalise it as continuous adversary emulation.
Cisco Talos links the activity cluster to China-nexus tooling, including CrowDoor variants and ORB-style proxy infrastructure
Reverse engineering shows pragmatic obfuscation, hardcoded crypto, and cloud-native infrastructure supporting scalable intrusion delivery.
Iran • hacktivists • IRGC • MOIS • DDoS • wipers • ransomware • critical infrastructure
Cross-origin browser-to-localhost access, missing loopback throttling, and implicit device trust combine into a silent takeover path from a single web visit.
Affected ecosystem: npm registry and developer tooling supply chain Primary issue: OPSEC leakage from disposable email inbox exposure combined with npm publish notification metadata Exploitation…
Akamai SIRT identifies Mirai variant campaign actively targeting critical RCE flaws in automation platforms and routers
NDSS 2026 research shows practical injection and machine-in-the-middle paths across WPA2/WPA3, guest SSIDs, and enterprise multi-AP deployments
Censys has reported on Vshell (often stylised “VShell”) , a Go-based command-and-control (C2) platform used for post-compromise host management, pivoting, and proxying , and increasingly visible…