When Healthcare Meets Hacktivism: Iran-Linked Attack Takes Down Medical Giant Stryker

We’ve seen our share of ransomware hitting healthcare, but yesterday’s attack on Stryker caught my attention for all the wrong reasons. The medical technology giant got hit with wiper malware – not ransomware, but the kind of destructive attack designed to cause maximum damage rather than make money.

Handala, an Iranian-linked hacktivist group, claimed responsibility for taking Stryker offline. What makes this particularly concerning is the shift we’re seeing from financially motivated attacks to politically driven destruction. When hacktivists target medical device manufacturers, they’re not just hitting corporate profits – they’re potentially disrupting patient care and medical procedures that depend on these systems.

Sednit’s Back With New Toys While Everyone Scrambles to Patch: A Busy Week in Security

It’s been one of those weeks where you barely finish reading one security alert before three more land in your inbox. Between Russian threat actors upgrading their arsenals and Google accidentally leaving the door open to cross-tenant data access, there’s a lot to unpack from this week’s developments.

The Return of Sednit (And Why It Matters)

The biggest story catching my attention is Sednit’s resurgence with a sophisticated new toolkit. For those who haven’t been tracking this Russia-affiliated group, they’ve been relatively quiet lately, relying on basic implants that honestly felt almost lazy compared to their earlier work.

The Zombie ZIP Attack That’s Fooling Security Tools (Plus Other Threats We Need to Watch)

I’ve been digging into some concerning developments this week that I think we all need to be aware of. The most interesting one? A new evasion technique called “Zombie ZIP” that’s making our security tools look foolish. But that’s just the beginning of what caught my attention.

When ZIP Files Come Back from the Dead

The Zombie ZIP technique is one of those “why didn’t I think of that” moments that makes you both impressed and terrified. Attackers are crafting specially malformed ZIP files that essentially trick our security scanners into missing malicious payloads entirely.

Supply Chain Attacks Hit Telecom Giant While Attackers Get Creative with DNS Infrastructure

Last week brought us a perfect storm of cybersecurity incidents that really highlight how attackers are diversifying their tactics. From supply chain compromises hitting major telecom companies to threat actors abusing fundamental internet infrastructure, we’re seeing some concerning trends that deserve our attention.

Ericsson Falls Victim to the Third-Party Problem

The biggest news came from Ericsson US, which disclosed a data breach after attackers compromised one of their service providers. What makes this particularly interesting is that it wasn’t Ericsson’s own defenses that failed – it was their supplier’s.

Russian Hackers Target Secure Messaging Apps While Attackers Get Creative with Social Engineering

Coffee in hand, I’ve been digging through this week’s security headlines, and there’s a concerning pattern emerging. We’re seeing threat actors get increasingly sophisticated with their social engineering tactics, while state-sponsored groups continue their relentless pursuit of high-value communications. Let me walk you through what caught my attention.

Signal and WhatsApp Under Fire from Russian APTs

The Dutch government issued a warning about Russian state-sponsored hackers running phishing campaigns specifically targeting Signal and WhatsApp accounts. This isn’t your typical credential harvesting operation – they’re going after government officials, military personnel, and journalists who rely on these encrypted messaging platforms for sensitive communications.

Attackers Are Getting Faster, Sneakier, and More Creative Than Ever

I’ve been digging through this week’s security news, and honestly, it’s making me rethink some of our fundamental assumptions about how attacks happen. We’re seeing a perfect storm of evolving tactics that should have every security team paying attention.

The Race Against Time Just Got Faster

Let’s start with what might be the most concerning trend: Google’s latest research shows that cloud attackers are now exploiting newly disclosed vulnerabilities within days, not weeks. Think about what this means for your patch management strategy. That comfortable two-week window you might have had to test and deploy patches? It’s basically gone.

Microsoft Teams Becomes the New Phishing Playground as Breach Numbers Spike

I’ve been watching some concerning trends this week that we all need to talk about. While Troy Hunt’s latest numbers show breach reports hitting an unprecedented pace, there’s a more immediate threat that’s literally showing up in our work chat: sophisticated phishing campaigns through Microsoft Teams.

The Teams Problem We Didn’t See Coming

Here’s what’s keeping me up at night: attackers are now directly messaging employees through Microsoft Teams to deploy A0Backdoor malware. They’re specifically targeting financial and healthcare organizations, and their approach is disturbingly effective.

iOS Exploits Hit Crypto Wallets While APT Groups Weaponize Cloud Services

I’ve been tracking some concerning developments this week that show how threat actors are getting more creative with their attack methods. We’re seeing everything from sophisticated iOS exploit kits targeting cryptocurrency wallets to nation-state groups using Google Drive as their command and control infrastructure.

The Coruna iOS Exploit Kit Changes the Game

The biggest story catching my attention is the discovery of something called Coruna - a collection of 23 iOS exploits that’s being used by multiple threat actors. What makes this particularly interesting is how it’s evolved from traditional espionage campaigns into financially motivated attacks targeting cryptocurrency wallets.

Law Enforcement Scores Major Wins While AI Security Gets Real Investment

This week brought some genuinely encouraging news from the law enforcement side of our ongoing cybersecurity battles. Between ransomware arrests and forum takedowns, it feels like we’re finally seeing some meaningful consequences for the bad actors who’ve been operating with relative impunity.

Phobos Ransomware Admin Faces the Music

A Russian national just pleaded guilty to wire fraud conspiracy for his role in running the Phobos ransomware operation. This isn’t just another small fish – we’re talking about an operation that hit hundreds of victims worldwide.

The Browser Problem: Why Your MFA Strategy Isn’t Covering Your Biggest Attack Surface

I’ve been digging into some fascinating security data that dropped this week, and honestly, it’s making me rethink how we approach enterprise security. The headline story? We’re pouring resources into endpoint and network security while our employees are essentially running their entire workday through what might be our least protected attack surface: the browser.

The Numbers Don’t Lie

Keep Aware just released their 2026 State of Browser Security Report, and the findings are eye-opening. Here’s what caught my attention: 41% of employees are using AI web tools during work hours. Think about that for a second. Nearly half your workforce is potentially uploading sensitive data to third-party AI services, and most security teams have zero visibility into it.