Issue #190 - March 16, 2026
- Mar 16
- 3 min read
FBI Seizes Handala Data Leak Site After Stryker Cyberattack
Source: BleepingComputer
The FBI has seized two websites operated by the Handala hacktivist group following the group's destructive cyberattack on medical technology giant Stryker, which remotely wiped approximately 80,000 devices. Both the group's clearnet domains now display a federal seizure notice issued under a warrant from the US District Court for the District of Maryland. The seizure follows confirmation that Handala — believed to be a pro-Palestinian hacktivist persona controlled by Iran's Ministry of Intelligence and Security — compromised a Windows domain administrator account and created a new Global Administrator account to execute the attack via Stryker's Microsoft Intune endpoint management system.
GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers
Source: The Hacker News
The GlassWorm supply-chain campaign has significantly escalated, with researchers identifying at least 72 additional malicious Open VSX extensions since January 2026 that mimic legitimate developer tools including linters, code runners, and AI coding assistants. A related sub-campaign called ForceMemo used stolen GitHub tokens to force-push obfuscated malware into 151 repositories between March 3 and March 9, silently rewriting Python files while keeping original commit metadata intact to evade detection. The decoded payload fetches instructions from a hard-coded Solana wallet address, with the attacker updating the payload URL multiple times per day.
OFAC Sanctions DPRK IT Worker Network Funding WMD Programs Through Fake Remote Jobs
Source: The Hacker News
The US Department of the Treasury's Office of Foreign Assets Control has sanctioned six individuals and two entities for their roles in a North Korean IT worker scheme designed to defraud US businesses and generate illicit revenue to fund the regime's weapons of mass destruction programs. The sanctioned individuals posed as legitimate remote workers to gain employment at American technology companies, funneling earnings back to Pyongyang. The action is part of a broader US government effort to disrupt North Korea's use of cyber-enabled fraud and illicit employment to finance its nuclear and ballistic missile development.
Security Firm Executive Targeted in Sophisticated Phishing Attack
Source: SecurityWeek
A C-level executive at cybersecurity firm Outpost24 was targeted in a highly sophisticated phishing attack that leveraged a seven-step infrastructure chain — including a DKIM-signed email, compromised redirect servers, and Cloudflare-protected phishing pages — to harvest Microsoft 365 credentials. The attack, attributed to a recently identified phishing-as-a-service kit named Kratos, impersonated JP Morgan financial services and was designed to appear as part of an existing email thread. While the attack was detected and blocked before any compromise occurred, Outpost24 disclosed full technical details to help defenders understand the increasing sophistication of modern credential phishing infrastructure.
Financial Brands Targeted in Global Mobile Banking Malware Surge
Source: Infosecurity Magazine
Mobile banking fraud has surged 67% year over year, with more than 1,200 financial apps now under active attack globally, according to new research from Zimperium. The report warns that modern mobile banking malware has advanced well beyond simple credential theft — today's strains intercept authentication codes, monitor live sessions, and convincingly mimic legitimate app behavior to make fraudulent transactions appear indistinguishable from normal user activity. More than 60% of banking apps lack basic code protection, leaving them vulnerable to reverse engineering. Zimperium urges financial institutions to prioritize mobile threat defense and app shielding as primary controls.