Stryker Hit by Major Cyberattack as Hacktivist Group Claims Wiper Malware Operation  A major cybersecurity breach hit Stryker, the international medical tech company, throwing operations into disarray across continents. Claiming responsibility is a hacktivist faction supportive of Palestine, said to have ties to Iranian networks. Outages spread quickly through digital infrastructure after the intrusion became active. Emergency protocols were activated by staff as normal workflows collapsed without warning.  Following the incident, blame was placed on Handala - a collective that openly admitted initiating a cyberattack involving destructive software aimed at Stryker’s infrastructure. Data removal affected numerous devices throughout the organization's environment. From those systems, about 50 terabytes containing confidential material were copied before transmission outside secure boundaries.  Even though confirmation remains absent, whispers among workers stretch from Dublin to San Jose, pointing at chaos. Over two hundred thousand gadgets - servers mostly, but also handheld units - supposedly vanished under digital assault, according to Handala. Operations froze in clusters of buildings scattered through nearly thirty nations. Evidence trickles in from office staff in Perth, San José, Cork, and beyond, painting a fractured picture of stalled systems.  One moment staff noticed work phones wiped without warning. Then came reports of private gadgets - once linked to office networks - suddenly cleared too. Afterward, guidance arrived: uninstall every business-related app. Tools meant to manage phones, along with messaging software tied to the organization, had to go. Removal became expected across all equipment. Work slowed in certain areas when digital tools went offline, pushing staff toward handwritten logs instead. With networks down, employees handled tasks by hand until technology recovered.  A breach within Stryker’s Microsoft-based network led to widespread IT outages worldwide, as disclosed in a regulatory document. Right after spotting the problem, the firm triggered its internal cyber crisis protocol. Outside specialists joined the effort soon afterward - helping examine and limit further damage. Even though the disturbance was serious, Stryker said it found no signs of ransomware and thinks the situation is now under control. Still, the company admitted work continues to restore systems, without saying when operations will return fully.  Yet completion remains uncertain despite progress so far. Emerging in late 2023, Handala already shows patterns of focusing on Israeli entities - using tactics that pair information exfiltration with damaging software meant to erase digital traces. Public exposure of obtained files forms a consistent part of their method, typically done via web-based disclosure channels. Though relatively new, its actions follow a clear playbook centered around visibility and disruption.  Amid rising global tensions, a fresh assault emerges - tied to surging digital threats fueled by ongoing regional disputes. Noted specialists stress these events reveal a shift: large-scale interference now walks hand-in-hand with widespread information theft. While conflict zones heat up offline, their shadows stretch deep into network spaces. With Stryker rebuilding its digital infrastructure, the event highlights how sophisticated cyberattacks increasingly endanger vital sectors - healthcare and medtech among them - where uninterrupted function matters most.

Stryker Hit by Major Cyberattack as Hacktivist Group Claims Wiper Malware Operation #CyberAttacks #CybersecurityAttack #DataRemoval

Romania’s National Oil Pipeline Joins a Growing Cyberattack list Romania’s national oil pipeline operator, Conpet, has disclosed that it suffered a cyberattack that disrupted its corporate IT systems and temporarily knocked its website offline, adding to a growing series of digital incidents affecting the country’s critical infrastructure.  In a statement issued on Wednesday, the company said the attack affected its business information systems but did not interfere with pipeline operations or its ability to meet contractual obligations.  Conpet operates almost 4,000 kilometres of pipelines, transporting domestically produced and imported crude oil, gasoline and other petroleum derivatives to refineries across Romania, making it a key component of the country’s energy infrastructure.  The firm sought to reassure customers and authorities that its core operational technologies were not compromised. Systems responsible for supervising and controlling pipeline flows, as well as telecommunications networks, continued to function normally throughout the incident.  As a result, the transport of crude oil and fuel through the national pipeline system was not disrupted. Conpet’s public website, however, remained inaccessible as recovery efforts were under way.  Conpet said it is investigating the breach in cooperation with national cybersecurity authorities and has notified Romania’s Directorate for Investigating Organised Crime and Terrorism, filing a formal criminal complaint.  The company has not provided details on how the attackers gained access or the specific techniques used, citing the ongoing investigation. Despite this lack of official confirmation, the ransomware group Qilin has claimed responsibility for the attack.  The group has listed Conpet on its dark web leak site and alleges it exfiltrated close to one terabyte of data from the company’s systems.  To support its claim, Qilin published a selection of images said to show internal documents, including financial information and scans of passports. Qilin emerged in 2022 as a ransomware-as-a-service operation, initially operating under the name Agenda.  Since then, it has built a long list of alleged victims across the world, targeting private companies and public institutions alike. Such groups typically combine data theft with extortion, threatening to publish stolen material unless a ransom is paid.  The attack on Conpet follows a spate of ransomware incidents in Romania over the past year. Water authorities, major energy producers, electricity distributors and dozens of hospitals have all reported disruptive cyberattacks.  Together, these cases underline a persistent weakness in the corporate IT systems that support essential services, even when industrial control networks are kept separate. 

Romania’s National Oil Pipeline Joins a Growing Cyberattack list #CybersecurityAttack #datathreat #RomaniaNationalOilPipeline

Zscaler Confirms Data Breach Linked to Salesloft Drift Supply-Chain Attack  Cybersecurity firm Zscaler has revealed it suffered a data breach after attackers exploited a compromise in Salesloft Drift, an AI-driven Salesforce integration tool. The incident is part of a larger supply-chain attack in which stolen OAuth and refresh tokens were leveraged to gain unauthorized access to Salesforce environments across multiple organizations.  Zscaler confirmed that its Salesforce instance was one of the targets, resulting in the exposure of sensitive customer details. According to the company, the information accessed by threat actors included customer names, job titles, business email addresses, phone numbers, and geographic details. In addition, data related to Zscaler product licensing, commercial agreements, and content from certain support cases was also stolen.  While Zscaler has not disclosed the number of affected customers, it emphasized that the breach was limited to its Salesforce system and did not compromise any of its products, services, or underlying infrastructure.  The company stated that the unauthorized data access primarily took place between August 13 and 16, 2025, with some attempts occurring earlier. Although Zscaler has not detected any misuse of the stolen data, it has urged its customers to remain cautious of phishing emails and social engineering campaigns that could exploit the compromised information.  In response to the incident, Zscaler has taken several steps to mitigate risks, including revoking all Salesloft Drift integrations with Salesforce, rotating API tokens across its systems, and implementing stricter customer authentication protocols when handling support requests.  An internal investigation into the full scope of the breach is ongoing. The attack has been linked to a campaign attributed to the threat group UNC6395, which was previously flagged by Google Threat Intelligence. This group is believed to have targeted Salesforce support cases to collect highly sensitive credentials such as AWS access keys, passwords, and Snowflake tokens.  Google researchers also noted that the attackers attempted to cover their tracks by deleting query jobs, although audit logs remained available for review. The compromise of Salesloft Drift has had wide-reaching consequences across the SaaS ecosystem, impacting companies including Google, Cisco, Workday, Adidas, Qantas, Allianz Life, and LVMH subsidiaries.  In many of these cases, attackers used vishing tactics to trick employees into authorizing malicious OAuth applications, enabling large-scale data theft later exploited in extortion schemes.  Both Google and Salesforce have since suspended their Drift integrations while investigations continue. Security experts warn that this incident highlights the growing risks of supply-chain attacks and the urgent need for stronger oversight of third-party integrations.

Zscaler Confirms Data Breach Linked to Salesloft Drift Supply-Chain Attack #CybersecurityAttack #DataBreach #DataTheft

Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing XinXin gang (also known as Black Technology) read more about Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing.

Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing reconbee.com/lucid-phaas-...

#Lucid #PhaaS #imessage #RCSsmishing #cyberattack #CyberSecurity #CybersecurityAttack #CyberSec

Pennsylvania Education Union Alerts Over 500,000 Individuals of Data Breach   The Pennsylvania State Education Association (PSEA), the largest public-sector union in Pennsylvania, is notifying more than half a million individuals that their personal data was compromised in a cybersecurity breach that occurred in July 2024. Representing over 178,000 education professionals—including teachers, support staff, higher education employees, nurses, retirees, and future educators—PSEA disclosed the breach in letters sent to 517,487 affected individuals. "PSEA experienced a security incident on or about July 6, 2024, that impacted our network environment," the organization stated in its notification. "Through a thorough investigation and extensive review of impacted data, which was completed on February 18, 2025, we determined that the data acquired by the unauthorized actor contained some personal information belonging to individuals whose information was contained within certain files within our network." Types of Stolen Data The stolen information varies by individual and includes sensitive personal, financial, and health-related details. This may include: * Driver’s license or state ID numbers * Social Security numbers * Account PINs and security codes * Payment card details * Passport information * Taxpayer identification numbers * Online credentials * Health insurance and medical records In response to the breach, PSEA is offering free credit monitoring and identity restoration services through IDX for those whose Social Security numbers were affected. Eligible individuals must enroll by June 17, 2025. The union also advised affected individuals to monitor their financial statements, review credit reports for suspicious activity, and consider placing a fraud alert or security freeze on their credit files. Although PSEA has not directly attributed the attack to a specific threat group, the Rhysida ransomware gang took responsibility for the breach on September 9, 2024. The cybercriminals reportedly demanded a 20 BTC ransom and threatened to leak stolen data if their demands were not met. While it remains unclear if PSEA complied with the ransom request, Rhysida has since removed the stolen data from its dark web leak site. Rhysida, a ransomware-as-a-service (RaaS) group, first emerged in May 2023 and has been linked to several high-profile cyberattacks. Notable incidents include breaches at the British Library, the Chilean Army, and Sony subsidiary Insomniac Games. In November 2023, the group leaked 1.67 TB of documents after Insomniac refused to pay a $2 million ransom. More recently, Rhysida affiliates targeted Lurie Children’s Hospital in Chicago in February 2024, attempting to sell stolen data for 60 BTC (approximately $3.7 million at the time). Other victims include the Singing River Health System, which suffered a data breach affecting 900,000 individuals in August 2023, and the City of Columbus, Ohio, where 500,000 residents’ data was compromised in July 2024. Cybersecurity agencies, including the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI, have warned that Rhysida ransomware affiliates continue to launch opportunistic attacks across various industry sectors. Additionally, the U.S. Department of Health and Human Services (HHS) has linked the group to multiple cyberattacks targeting healthcare institutions.

Pennsylvania Education Union Alerts Over 500,000 Individuals of Data Breach #CybersecurityAttack #DataBreach

SSuite Office - Software Made Simple and Free We provide safe and trusted free software and office suites for daily use. Get Our Free Office Suites and Productivity Software for download now. Free downloads with no strings attached. No Java or D...

~

Kicking Ass and Taking Names... 🔥🕵️‍♂️🦹

Stopping the bad guys with Cloudflare:

433,319 malicious requests blocked or challenged in the last month against our website! 🥳 🤨 😏

www.ssuiteoffice.com

#cloudflare #CyberSecurity #CybersecurityAttack #CyberSec #NewsUpdate #News #EntertainmentNews

Cisco Talos Uncovers Lotus Blossom’s Multi-Campaign Cyber Espionage Operations Cisco Talos has uncovered a series of cyber espionage campaigns attributed to the advanced persistent threat (APT) group Lotus Blossom, also known as Spring Dragon, Billbug, and Thrip.  The group has been active since at least 2012, targeting government,…

Cisco Talos Uncovers Lotus Blossom’s Multi-Campaign Cyber Espionage Operations #cyberattackstrendingnews #CybersecurityAttack #malware

Amnesty Finds Cellebrite's Zero-Day Used to Unlock Serbian Activist's Android Phone Linux kernel was made available read more about Amnesty Finds Cellebrite's Zero-Day Used to Unlock Serbian Activist's Android Phone

Amnesty Finds Cellebrite’s Zero-Day Used to Unlock Serbian Activist’s Android Phone reconbee.com/amnesty-find...

#amnesty #androidphone #serbian #ZeroDay #CyberSecurity #CybersecurityAttack #cybersec

Mozilla Updates Firefox Terms Again After Backlash Over Broad Data License Language such data to assist you in navigating read more about Mozilla Updates Firefox Terms Again After Backlash Over Broad Data License Language

Mozilla Updates Firefox Terms Again After Backlash Over Broad Data License Language reconbee.com/mozilla-upda...

#mozilla #mozillafirefox #backlash #CybersecurityAttack #CyberSecurity #CyberSec

Lending App Data Breach Leaves Sensitive Customer Information Unprotected  A major digital lending platform has reportedly exposed sensitive customer data due to a misconfigured Amazon AWS S3 bucket that was left unsecured without authentication. Security researchers discovered the breach on November 28, 2024, but the issue…

Lending App Data Breach Leaves Sensitive Customer Information Unprotected #CyberSecurity #CyberThreats #CybersecurityAttack

Beware of Fake Viral Video Links Spreading Malware  McAfee Labs has uncovered a rise in cyber scams where fraudsters use fake viral video links to trick people into downloading malware. These attacks rely on social engineering, enticing users with promises of exclusive or leaked content.  Once a user…

Beware of Fake Viral Video Links Spreading Malware #CybersecurityAttack #malware #News

Botnet targets Basic Auth in Microsoft 365 password spray attacks sign-in monitoring are unaware of these threats read more about Botnet targets Basic Auth in Microsoft 365 password spray attacks

Botnet targets Basic Auth in Microsoft 365 password spray attacks reconbee.com/botnet-targe...

#botnet #Microsoft #microsoft365 #passwordsprayattacks #password #cybersecurity #CybersecurityAttack

New Malware Campaign Uses Cracked Software to Spread Lumma and ACR Stealer Base64-encoded C2 domain on a certain page read more about New Malware Campaign Uses Cracked Software to Spread Lumma and ACR Stealer

New Malware Campaign Uses Cracked Software to Spread Lumma and ACR Stealer reconbee.com/new-malware-...

#malware #malwarecampaign #Lumma #ACRstealer #cyberattack #CybersecurityAttack

Bybit Confirms Record-Breaking $1.5 Billion Crypto Heist in Sophisticated Cold Wallet Attack unspecified address read more about Bybit Confirms Record-Breaking $1.5 Billion Crypto Heist in Sophisticated Cold Wallet Attack

Bybit Confirms Record-Breaking $1.5 Billion Crypto Heist in Sophisticated Cold Wallet Attack reconbee.com/bybit-confir...

#Bybit #BybitHacker #CryptoScam #cryptocurrency #CryptoTrading #cybersecurity #CybersecurityAttack

Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication malicious exploitation read more about Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication

Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication reconbee.com/juniper-sess...

#Juniper #smartrouters #vulnerability #bypassauthentication #bypass #CyberSecurityAwareness #CybersecurityAttack

PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks creating a SQL injection using read more about PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks

PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks reconbee.com/postgresql-v...

#PostgreSQL #vulnerabilities #zeroday #cyberattack
#vulnerability #CybersecurityAttack