Issue #189 - March 9, 2026
- 4 days ago
- 2 min read
Medtech giant Stryker offline after Iran-linked wiper malware attack
Source: BleepingComputer
Iranian-backed hacktivist group Handala claimed responsibility for a devastating wiper malware attack against medical technology giant Stryker, reportedly wiping over 200,000 systems, servers, and mobile devices across offices in 79 countries. The group also claims to have stolen 50 terabytes of data before triggering the destructive wipe. Stryker confirmed the incident in an SEC filing, describing a global disruption to its Microsoft environment. Staff were instructed to immediately disconnect all company devices, and many locations reverted to pen-and-paper workflows.
CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed
Source: The Hacker News
CISA added a critical remote code execution vulnerability in the n8n workflow automation platform to its Known Exploited Vulnerabilities catalog after confirming active in-the-wild exploitation. Tracked as CVE-2025-68613 with a CVSS score of 9.9, the flaw allows authenticated attackers to inject malicious expressions that execute arbitrary code on the host system. Over 24,700 vulnerable instances remain exposed online, with federal agencies ordered to patch by March 25, 2026.
US Cyber Strategy Targets Adversaries, Critical Infrastructure, and Emerging Technologies
Source: SecurityWeek
The White House released President Trump's Cyber Strategy for America on March 6, outlining six policy pillars: shaping adversary behavior through more aggressive offensive and defensive operations; promoting regulatory reform; modernizing federal networks with zero-trust and AI-driven tools; securing critical infrastructure; sustaining US leadership in AI and quantum technologies; and building cyber talent. Released alongside an executive order targeting cybercrime and fraud, the strategy is notably brief at seven pages — the shortest national cyber strategy in over a decade — drawing both praise for its clarity and criticism for its lack of implementation detail.
ShinyHunters Targets Hundreds of Websites in New Salesforce Campaign
Source: Infosecurity Magazine
Salesforce has urged Experience Cloud customers to urgently audit their configurations after the notorious ShinyHunters group claimed to have stolen data from nearly 400 websites and approximately 100 high-profile US companies — including Snowflake, Okta, LastPass, AMD, and Salesforce itself. The group exploited overly permissive guest user profiles using a weaponized version of Mandiant's open-source AuraInspector tool to mass-scan public-facing Experience Cloud sites and extract CRM data without credentials. Salesforce confirmed the campaign is ongoing and clarified it stems from customer misconfiguration, not a platform vulnerability.
SAP Patches Critical FS-QUO and NetWeaver Vulnerabilities
Source: SecurityWeek
SAP's March 2026 Security Patch Day included fixes for two critical vulnerabilities. CVE-2019-17571 (CVSS 9.8) is a code injection flaw in the FS-QUO insurance application rooted in an outdated Apache Log4j component that could allow remote code execution. CVE-2026-27685 (CVSS 9.1) is an insecure deserialization vulnerability in NetWeaver Enterprise Portal Administration that could enable attackers to execute code, trigger denial-of-service conditions, or escalate privileges through maliciously uploaded content.