Stryker Hit by First Iran-Linked Hacker Attack

Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker

A hacktivist group with links to Iran’s intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker’s largest hub outside of the United States, said the company sent home more than 5,000 workers there today. Meanwhile, a voicemail message at Stryker’s main U.S. headquarters says the company is currently experiencing a building emergency.

Based in Kalamazoo, Michigan, Stryker [NYSE:SYK] is a medical and surgical equipment maker that reported $25 billion in global sales last year. In a lengthy statement posted to Telegram, an Iranian hacktivist group known as Handala (a.k.a. Handala Hack Team) claimed that Stryker’s offices in 79 countries have been forced to shut down after the group erased data from more than 200,000 systems, servers and mobile devices.

“All the acquired data is now in the hands of the free people of the world, ready to be used for the true advancement of humanity and the exposure of injustice and corruption,” a portion of the Handala statement reads.

Salesforce issues new security alert tied to third customer attack spree in six months

Threat hunters and a collection of unconfirmed victims are responding to a series of attacks targeting Salesforce customers, which the vendor disclosed in a security advisory Saturday.

“Salesforce is actively monitoring threat activity targeting public-facing Experience Cloud sites, including attempts to take advantage of overly permissive guest user configurations,” the company said in the alert.

The campaign marks the third widespread attack spree targeting Salesforce customers in about six months.

The number of victims ensnared by the latest attacks is unverified, but ShinyHunters, the threat group asserting responsibility for the attacks, claims about 100 companies have already been impacted.

Researchers told CyberScoop they are confident the threat group behind the campaign is associated with ShinyHunters, an outfit that’s previously stolen data from Salesforce instances for extortion attempts.

Salesforce did not attribute the attacks, but pinned blame on a “known threat actor group,” adding that the issue is not due to a vulnerability in the company’s platform.

North Korean fake IT worker tradecraft exposed

Research from GitLab has exposed the latest tradecraft behind North Korean fake IT worker scams.

GitLab banned 131 North Korean-attributed accounts last year, most of which involved JavaScript repositories that acted as resources in the so-called Contagious Interview campaign.

In most cases, GitLab projects acted as obfuscated loaders for malware payloads — such as BeaverTail and Ottercookie — hosted outside the code repository platform.

Contagious Interview

The Contagious Interview campaign revolves around North Korean threat actors posing as recruiters or hiring managers in order to trick software developers into executing malicious code projects under the pretence of technical interviews.

235,000 affected by cyberattack on largest ambulance provider in Wisconsin

A prominent ambulance service in Milwaukee confirmed that hackers targeted their systems last year and stole sensitive information on more than 235,000 people.

Bell Ambulance, which is the largest ambulance provider in the state of Wisconsin, filed breach notifications in Maine this week confirming that 237,830 people had information impacted by a data breach discovered in February 2025.

The company said Social Security numbers, driver’s license numbers, financial accounts, medical information and health insurance information was stolen during the cyberattack.

According to letters sent to victims, Bell Ambulance became aware of the attack on February 13, 2025 and hired cybersecurity experts to assist with the recovery effort. The company began notifying some who were affected in April 2025 but more victims were discovered throughout the fall.

The attack on Bell Ambulance was claimed at the time by the Medusa ransomware gang, which demanded a $400,000 ransom in exchange for the 219 GB of data that was stolen.

One month after the Bell Ambulance incident, the FBI and several U.S. law enforcement agencies released an urgent advisory about the ransomware gang’s attacks on critical infrastructure organizations across the U.S.

FBI says even in an AI-powered world, security basics still matter

Artificial intelligence may be enhancing cyber threats, but the defensive approach to those AI-amplified attacks remains the same, a top FBI official said Tuesday.

“We have seen actors both criminal and nation-state, they’re absolutely using AI to their advantage,” said Jason Bilnoski, deputy assistant director at the FBI’s cyber division. “But the way attacks unfold have not changed. Cyberattacks still follow basic steps. It just becomes an incredible speed now.”

The best way to deal with those attacks is to implement all the traditional defenses, like those the FBI has been emphasizing as part of its Operation Winter SHIELD media campaign, he said.

“Don’t worry about the speed and capability” of AI attacks, Biloski said at a Billington Cybersecurity conference. “If you’re focused on the basics, it’ll help prevent the actual intrusion from occurring.”

It’s a message that the acting director of the Cybersecurity and Infrastructure Security Agency, Nick Andersen, also shared at the conference. Sophisticated attackers are out there, he said, but the agency’s recent binding operational directive for federal agencies to get rid of unsupported edge devices was a way of shoring up basic vulnerabilities.

China-Focused Bulk Data Rule Sparks New Risk for Pixel Tracking

A recently implemented national security regulation restricting the transfer of sensitive US personal data to hostile foreign regimes—particularly China—presents new legal challenges for companies engaged in online advertising.

The Bulk Sensitive Data Rule, finalized in April of last year, prohibits or restricts the transmission of bulk data to China and five other countries in a variety of contexts. It stems from a Biden-era executive order directing the Justice Department to issue regulations to restrict access to US data where it would pose an unacceptable national security risk.

…

But the [BSDR] has ushered in a new challenge: lawsuits from private parties.

The first two private lawsuits for alleged illegal transfers under the rule—against a Microsoft Corp. subsidiary and digital advertiser Index Exchange Inc.—were filed in September, followed by seven more complaints in February and an eighth in March, including against Google LLC, Lenovo Group Ltd., and four other companies.