Daily Digest

Iran-Linked Wiper Attack Cripples Medtech Giant Stryker; ShinyHunters Breaches Telus & Aura.com

Iran-Linked Wiper Attack Cripples Medtech Giant Stryker; ShinyHunters Breaches Telus & Aura.com

March 15, 2026
9 articles (5 new, 4 updated)
27 min read

Summary

A destructive wiper attack attributed to the Iran-linked Handala group caused global disruptions at medical technology firm Stryker by abusing its Microsoft Intune platform to wipe over 200,000 devices. This incident highlights a week marked by significant supply chain and extortion attacks, with the ShinyHunters group claiming major data breaches at Canadian outsourcer Telus Digital and security firm Aura.com. Other key events include a supply-chain attack on the AppsFlyer SDK, a phishing-induced breach at Starbucks, and new critical vulnerabilities disclosed for OneUptime and end-of-life D-Link routers. The cybersecurity landscape was also shaped by policy, as a new CA/Browser Forum mandate reduces TLS certificate lifespans to 200 days, forcing organizations toward automated certificate management.

Filter by Category

New Articles (5)

Critical CVSS 9.9 SQL Injection Flaw (CVE-2026-32306) Hits OneUptime Platform

CRITICAL

OneUptime Hit with Critical SQL Injection Flaw (CVSS 9.9)

A critical SQL injection vulnerability, CVE-2026-32306, with a CVSS score of 9.9 has been disclosed in the OneUptime open-source observability platform. The flaw allows a low-privileged authenticated user to execute arbitrary SQL commands against the backend ClickHouse database. This could enable an attacker to read or modify data across all tenants in a shared environment and potentially achieve remote code execution (RCE). The vulnerability, which stems from improper sanitization of API parameters, has been patched in version 10.0.23. This is the fourth critical vulnerability to impact OneUptime in just six weeks, raising serious concerns about the platform's security posture and prompting recommendations for users of self-hosted instances to apply the patch immediately.

March 15, 2026
4 min read
SQL InjectionRCEOpen SourceObservabilityMulti-tenancy
Critical CVSS 9.9 SQL Injection Flaw (CVE-2026-32306) Hits OneUptime Platform
Vulnerability
Patch Management

AppsFlyer Web SDK Hijacked in Supply-Chain Attack to Deploy Crypto-Stealing Malware

HIGH

AppsFlyer Web SDK Supply-Chain Attack Deploys Crypto-Stealing Malware

The widely used AppsFlyer Web SDK was compromised in a software supply-chain attack reported on March 14, 2026. For a brief period, the official SDK hosted on 'websdk.appsflyer.com' was replaced with a malicious version that delivered a crypto-stealing JavaScript payload. The malware was designed to intercept cryptocurrency wallet addresses entered by users on any of the thousands of websites integrating the SDK, replacing them with attacker-controlled addresses to divert funds. AppsFlyer confirmed that a domain registrar incident on March 10 led to the compromise. The company has since resolved the issue and stated that its mobile SDK and customer data were not affected. The event highlights the significant downstream risk of supply-chain attacks targeting popular third-party scripts.

March 15, 2026
5 min read
JavaScriptCryptocurrencyClipboard HijackingDNS HijackingSubresource Integrity
AppsFlyer Web SDK Hijacked in Supply-Chain Attack to Deploy Crypto-Stealing Malware
Supply Chain Attack
Malware
Cyberattack

Payload Ransomware Hits Royal Bahrain Hospital, Threatens to Leak 110 GB of Patient Data

HIGH

Payload Ransomware Claims Attack on Royal Bahrain Hospital, Threatens Data Leak

The Payload ransomware group has claimed responsibility for a cyberattack on the Royal Bahrain Hospital (RBH), a major healthcare provider in the Gulf region. In a post on their dark web leak site dated March 15, 2026, the group alleged it had stolen 110 gigabytes of sensitive data and published images of compromised systems as proof. Payload is employing a double-extortion tactic, threatening to publish the stolen data if a ransom is not negotiated by their March 23 deadline. The attack on RBH, which serves patients from across the region, poses a significant threat to patient privacy and hospital operations, and is another stark example of the healthcare sector's continued targeting by financially motivated ransomware gangs.

March 15, 2026
4 min read
Double ExtortionHealthcareDark WebPatient DataPHI
Payload Ransomware Hits Royal Bahrain Hospital, Threatens to Leak 110 GB of Patient Data
Ransomware
Data Breach
Threat Actor

HHS Launches Free Cybersecurity Toolkit to Help Healthcare Orgs Assess Risk

INFORMATIONAL

ASPR Launches Cybersecurity Module to Bolster Healthcare Risk Assessment

The U.S. Department of Health and Human Services' (HHS) Administration for Strategic Preparedness and Response (ASPR) has launched a new cybersecurity module for its free RISC 2.0 Toolkit. Announced on March 14, 2026, the web-based tool is designed to help healthcare organizations of all sizes assess their cybersecurity posture. The module guides users through a questionnaire about their security practices and scores their responses against two key standards: the NIST Cybersecurity Framework (CSF) 2.0 and the HHS Cybersecurity Performance Goals (CPGs). This enables facilities to identify security gaps, prioritize investments, and improve their overall resilience against cyber threats, as part of a broader federal effort to bolster the security of the healthcare sector.

March 15, 2026
4 min read
Risk AssessmentHealthcare SecurityHHSNIST CSFCompliance +1 more
HHS Launches Free Cybersecurity Toolkit to Help Healthcare Orgs Assess Risk
Policy and Compliance
Regulatory
Security Operations

CA/Browser Forum Mandate Cuts TLS Certificate Lifespan to 200 Days, Forcing Automation

INFORMATIONAL

CA/Browser Forum Mandate Cuts TLS Certificate Validity to 200 Days

Effective March 15, 2026, a major industry-wide policy change mandated by the CA/Browser Forum has reduced the maximum lifespan of all newly issued public TLS/SSL certificates from 398 days to just 200 days. This change, which affects all Certificate Authorities (CAs) and browsers, is designed to improve security by forcing more frequent re-validation of website identities and limiting the window for misuse of compromised certificates. The move is the first step in a phased plan that will see lifespans shrink to 100 days in 2027 and 47 days in 2029. This accelerated renewal cadence will make manual certificate management impractical, creating a strong imperative for organizations to adopt automated certificate lifecycle management (CLM) solutions to avoid outages and security risks.

March 15, 2026
4 min read
PKICertificate ManagementCA/B ForumAutomationCrypto-Agility +1 more
CA/Browser Forum Mandate Cuts TLS Certificate Lifespan to 200 Days, Forcing Automation
Policy and Compliance
Security Operations
Patch Management

Updated Articles (4)

CISA Issues Binding Directive: Federal Agencies Must Remove Unsupported Edge Devices

MEDIUM

CISA Mandates Removal of End-of-Life Edge Devices from Federal Networks to Combat Exploitation

Update:

On March 15, three critical zero-day vulnerabilities (CVE-2026-4181, CVE-2026-4182, CVE-2026-4183) were disclosed for the End-of-Life D-Link DIR-816 router. These unauthenticated remote command injection flaws, each with a CVSS score of 9.3, allow attackers full control over the device. D-Link has confirmed no patches will be issued due to the product's EoL status, leaving users permanently exposed. This incident serves as a stark, real-world example of the severe risks posed by unsupported edge devices, directly validating the urgency of CISA's directive for federal agencies to remove such hardware. Immediate decommissioning and replacement are the only effective mitigations.

February 14, 2026
Updated: March 15, 2026
5 min read
CISADirectiveEoLEdge DeviceNetwork Security +1 more
CISA Issues Binding Directive: Federal Agencies Must Remove Unsupported Edge Devices
Policy and Compliance
Regulatory
Patch Management

Google and Partners Dismantle Chinese Espionage Campaign (UNC2814) Targeting Global Telecoms

HIGH

Google Leads Takedown of Chinese State-Sponsored Group UNC2814 After Global Cyber-Espionage Campaign

Update:

Costa Rican officials have publicly attributed a January 2026 cyberattack on the state-owned Instituto Costarricense de Electricidad (ICE) to the Chinese-linked threat actor UNC2814. The attack resulted in the exfiltration of 9 gigabytes of data from administrative email systems. This attribution has sparked a diplomatic dispute, with China's ambassador demanding technical evidence from Costa Rica to substantiate the claims and rejecting the 'politicization' of cybersecurity incidents. This incident highlights the ongoing impact and geopolitical fallout of UNC2814's espionage activities, adding a specific victim and a significant international dimension to the campaign.

February 28, 2026
Updated: March 15, 2026
5 min read
cyber-espionageAPTChinaC2living off the land +3 more
Google and Partners Dismantle Chinese Espionage Campaign (UNC2814) Targeting Global Telecoms
Threat Actor
Threat Intelligence
Cyberattack

Canadian Retail Giant Loblaw Investigates Data Breach Exposing Customer Info

MEDIUM

Loblaw Notifies Customers of Data Breach Affecting Names, Phone Numbers, and Email Addresses

Update:

Further analysis of the Loblaw data breach provides deeper technical insights into the incident. Potential attack vectors include exploitation of public-facing applications (T1190) or phishing (T1566). The report details cyber observables for detection, such as large outbound data transfers and suspicious database queries. Mitigation strategies emphasize network segmentation (M1030, D3-NI), Data Loss Prevention (DLP), Network Traffic Analysis (D3-NTA), User Behavior Analytics (UBA), vulnerability management, and robust access controls. The breach remains contained to non-critical systems, with no change in the types of data compromised.

March 11, 2026
Updated: March 15, 2026
3 min read
Data BreachRetailCanadaPII
Canadian Retail Giant Loblaw Investigates Data Breach Exposing Customer Info
Data Breach
Regulatory

Starbucks Discloses Data Breach After Phishing Attack on Employee Portal

HIGH

Starbucks Employee Portal Breach Exposes Social Security Numbers and Financial Data of 889 Employees

Update:

The latest report on the Starbucks data breach specifies that the compromised financial information includes employees' bank account and routing numbers, which were used for payroll. This provides a more granular understanding of the sensitive data exposed. Additionally, the article notes a new filing date with the Maine Attorney General's Office on March 14, 2026, indicating a recent regulatory update regarding the incident. The number of affected employees remains 889.

March 13, 2026
Updated: March 15, 2026
5 min read
Data BreachPhishingStarbucksCredential HarvestingPII +1 more
Starbucks Discloses Data Breach After Phishing Attack on Employee Portal
Data Breach
Phishing

📢 Share This Publication

Help others stay informed about cybersecurity threats