Daily Digest

Iranian Hackers Cripple Medtech Giant Stryker with Wiper Attack; Global Law Enforcement Dismantles Major Cybercrime Infrastructure

Iranian Hackers Cripple Medtech Giant Stryker with Wiper Attack; Global Law Enforcement Dismantles Major Cybercrime Infrastructure

March 14, 2026
4 articles (4 new)
12 min read

Summary

This 24-hour period saw a surge in high-impact cyber events, headlined by a destructive wiper attack on medical technology firm Stryker, attributed to the Iran-linked Handala group who weaponized Microsoft Intune. Concurrently, a massive data breach at LexisNexis was confirmed, stemming from an exploited critical vulnerability. On the defensive side, international law enforcement successfully dismantled the 'SocksEscort' botnet and the 'Tycoon 2FA' phishing platform, disrupting major cybercrime operations. Other significant events include CISA's warning of an actively exploited SharePoint RCE flaw and Microsoft's extensive March Patch Tuesday release.

Filter by Category

New Articles (4)

ShinyHunters Claims Massive Data Theft from Telus Digital, Demands $65 Million

CRITICAL

Telus Digital Investigates Breach After "ShinyHunters" Claims Petabyte-Scale Data Theft

Canadian business process outsourcer Telus Digital is investigating a major security incident after the notorious 'ShinyHunters' hacking group claimed to have stolen nearly a petabyte of data. The attackers are demanding a $65 million ransom. The breach allegedly involves customer data, call records, and sensitive information from dozens of Telus Digital's corporate clients, which include banks and tech firms. ShinyHunters reportedly gained initial access using stolen Google Cloud Platform credentials from a previous third-party breach, highlighting a significant supply chain risk.

March 14, 2026
5 min read
ShinyHuntersData BreachExtortionSupply Chain AttackCloud Security +1 more
ShinyHunters Claims Massive Data Theft from Telus Digital, Demands $65 Million
Data Breach
Threat Actor
Supply Chain Attack

Police Scotland Fined £66,000 by UK Regulator for Egregious Data Protection Failures

MEDIUM

Police Scotland Fined £66,000 by ICO for Serious Mishandling of Sensitive Data

The UK's Information Commissioner's Office (ICO) has fined Police Scotland £66,000 for severe data protection violations. The police force improperly extracted the entire contents of a crime victim's mobile phone, collecting excessive and irrelevant sensitive data. This unredacted data was then mistakenly shared with an unauthorized third party. The ICO cited a lack of adequate policies, technical controls, and staff guidance as root causes for the breach, which also involved a failure to report the incident within the mandatory 72-hour window.

March 14, 2026
4 min read
Data ProtectionICOGDPRComplianceLaw Enforcement +1 more
Police Scotland Fined £66,000 by UK Regulator for Egregious Data Protection Failures
Policy and Compliance
Data Breach
Regulatory

"DarkSword" iOS Exploit Chain Actively Used by Spyware Vendors and State Actors

CRITICAL

Sophisticated "DarkSword" iOS Exploit Chain Used in Targeted Attacks by Multiple Threat Actors

Google's Threat Analysis Group (TAG) has uncovered a sophisticated iOS exploit chain named 'DarkSword,' which is being actively used by multiple threat actors, including commercial spyware vendors and state-sponsored groups. The exploit leverages six vulnerabilities, including CVE-2026-20700 and CVE-2025-43529, to achieve full device compromise on iPhones running iOS 18.4 to 18.7. The attack can be delivered via drive-by downloads and deploys a potent data-stealing payload called 'Ghostblade,' which exfiltrates messages, contacts, location data, and information from secure messaging and crypto apps.

March 14, 2026
6 min read
iOSExploit ChainSpywareZero-DayMobile Security +1 more
"DarkSword" iOS Exploit Chain Actively Used by Spyware Vendors and State Actors
Vulnerability
Malware
Mobile Security

CISA Warns: Critical SharePoint RCE Flaw Now Actively Exploited in Attacks

CRITICAL

CISA Adds Critical SharePoint RCE Flaw (CVE-2026-20963) to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical remote code execution (RCE) vulnerability in Microsoft SharePoint Server, CVE-2026-20963, to its Known Exploited Vulnerabilities (KEV) catalog, confirming it is under active attack. The flaw, rated 9.8 in severity, allows an unauthenticated attacker to execute arbitrary code with no user interaction. It affects multiple versions of SharePoint Server. CISA has ordered federal agencies to apply the patch, originally released in January 2026, by March 21, and strongly urges all organizations to prioritize patching immediately.

March 14, 2026
6 min read
SharePointVulnerabilityRCECISAKEV +1 more
CISA Warns: Critical SharePoint RCE Flaw Now Actively Exploited in Attacks
Vulnerability
Patch Management
Cyberattack

📢 Share This Publication

Help others stay informed about cybersecurity threats