🚨 Major Breaches & Incidents - Stryker says hospital tools are safe but ordering systems are still down; Telus investigates a hack with potentially sensitive fallout; law enforcement pulls the plug on a huge router botnet

🛠️ Emerging Threats & Vulnerabilities - Google patches two Chrome zero-days exploited in attacks; Oracle EBS fallout keeps widening as major companies stay quiet

🔐 Privacy Watch - TriZetto confirms 3.4 million people had health and personal data stolen

🕵️ APTs and State Sponsored Attacks - APT28 revives advanced malware against Ukraine; the EU sanctions Chinese and Iranian companies over cyberattacks

🤖 AI in Cyber - North Korean threat groups scale fake worker schemes with generative AI; researchers find browser-level flaws in agentic AI tools

🏥 Stryker says hospital tools are safe, but digital ordering systems still down after cyberattack
A week after the cyberattack, Stryker said its electronic ordering systems were still down, forcing sales reps to coordinate replenishment manually while the company restores ordering, shipping, and support platforms. The company also stressed that the incident was contained to its internal Microsoft environment and did not affect connected hospital products, including devices already in use by customers. That is reassuring for clinicians, but it also means this story has moved from "what broke" to "how long can a major healthcare supplier operate by hand before everyone gets cranky."
👉 Key takeaway: The products may be safe, but manual workarounds at a healthcare supplier this large are still a major operational headache.

📡 Telus says it is investigating hack of its systems
Telus said it is investigating unauthorized access to some of its systems after the ShinyHunters hacking group claimed it stole at least 700 terabytes of data. The company was still assessing what happened, which leaves the familiar gap between attacker claims and confirmed impact hanging over the story. For a telecom giant, that uncertainty is not exactly calming, because these incidents tend to age badly before they age well.
👉 Key takeaway: When a major provider confirms unauthorized access and the alleged haul is measured in terabytes, everyone downstream starts checking their own pulse.

🌐 Law enforcement shuts down botnet made of tens of thousands of hacked routers
A global law-enforcement operation took down SocksEscort, a criminal proxy service powered by hundreds of thousands of hacked routers and IoT devices across 163 countries. Authorities say the botnet helped facilitate bank and crypto account takeovers, unemployment fraud, ransomware activity, DDoS attacks, and even CSAM distribution, which is a deeply cursed feature list for one service. The takedown is good news, but it is also another reminder that neglected edge devices remain one of cybercrime’s favorite low-effort building blocks.
👉 Key takeaway: Cheap, badly maintained routers keep turning into criminal infrastructure because the internet still rewards attackers for going after the boring stuff.

🧩 Google fixes two new Chrome zero-days exploited in attacks
Google shipped an emergency Chrome update for two high-severity zero-days, CVE-2026-3909 and CVE-2026-3910, and said exploits for both existed in the wild. One bug sits in Skia and could lead to a crash or code execution, while the other affects the V8 JavaScript and WebAssembly engine, which is not where anyone wants surprises. These are already the second and third actively exploited Chrome zero-days patched this year, because apparently the browser calendar needed more drama.
👉 Key takeaway: If Chrome is anywhere in your environment, this is an update-now story, not a circle-back-later story.

🏢 Oracle EBS Hack: Only 4 Corporate Giants Still Silent on Potential Impact
This Oracle EBS follow-up zeroes in on the companies still saying nothing while alleged victim listings and leaked data continue to circulate around the Cl0p campaign. SecurityWeek reports that more than 100 organizations were named, many large firms have acknowledged breaches and notified affected people, and only a small handful of major companies had yet to issue any public statement at all. The awkward part is not just the possibility of impact - it is how long silence can last before it becomes its own kind of answer.
👉 Key takeaway: In big enterprise breach stories, the second wave is often about disclosure discipline, and some companies are still failing that test.

🩺 TriZetto confirms 3.4M people’s health and personal data was stolen during breach
TriZetto said more than 3.4 million people had personal and health information stolen in a 2024 cyberattack that went undetected for nearly a year. The exposed data reportedly includes names, dates of birth, addresses, Social Security numbers, and health and insurance details pulled from insurance eligibility transaction reports. In healthcare, a breach this large is bad enough on its own, but adding a year-long detection gap is how a bad story graduates into a full-body compliance migraine.
👉 Key takeaway: Sensitive healthcare data plus a long dwell time is a brutal combination for patients, providers, and whoever now has to explain the timeline.

🎯 Russian military hackers revive advanced malware to spy on Ukraine, researchers say
Researchers say APT28 has returned to using more advanced malware in espionage operations targeting Ukraine, including tools such as SlimAgent and BeardShell for surveillance and long-term access. ESET says the group had relied more heavily on simpler phishing tradecraft in recent years, so the renewed use of custom tooling stands out. Same actor, new emphasis, and unfortunately the lesson remains that state groups rarely stay boring for long.
👉 Key takeaway: The big signal here is not just that APT28 is active - it is that its tooling appears to be getting sharper again.

🧭 EU sanctions Chinese and Iranian companies for cyber attacks
The EU sanctioned two China-based companies and one Iranian company for cyberattacks against member states, adding asset freezes, travel bans for listed individuals, and restrictions on making funds available to the named entities. Reuters reports the EU linked one Chinese company to hacks affecting more than 65,000 devices across six member states, while another was tied to attacks on critical infrastructure. It is still diplomacy, not magic, but this is at least a reminder that governments occasionally do more than publish a strongly annoyed statement.
👉 Key takeaway: Attribution hits differently when it comes with sanctions, financial restrictions, and named entities instead of just public blame.

A curated collection of 200+ profitable opportunities spanning content creation, e-commerce, gaming, and emerging digital markets—each vetted for real-world potential

Step-by-step implementation guides designed for beginners, making AI accessible regardless of your technical background

Cutting-edge strategies aligned with current market trends, ensuring your ventures stay ahead of the curve

🧑‍💼 Microsoft warns North Korean threat groups are scaling up fake worker schemes with generative AI
Microsoft says North Korean threat groups are using generative AI as a force multiplier for fake worker schemes, helping operatives tailor personas, research job requirements, improve language fluency, and even manipulate images for stolen identity documents. The reporting also says AI is helping these actors after hiring by generating professional responses, answering technical questions, and supporting post-compromise tasks like lateral movement and privilege escalation. That is not just resume fraud with better grammar - it is a more scalable insider-risk operation with AI quietly doing the polishing.
👉 Key takeaway: AI is making fake-worker campaigns more convincing at the front end and more dangerous after access is gained.

🖥️ Researchers discover suite of agentic AI browser vulnerabilities
Researchers at Zenity Labs found vulnerabilities in agentic AI browsers, including Perplexity’s Comet, that could let attackers hijack browser behavior through seemingly legitimate content such as a calendar invite. The issue centers on prompt injection and the still-not-great reality that many AI systems struggle to distinguish user instructions from outside content they ingest. Agentic browsers are trying to be helpful, but right now they also look a little too willing to take bad advice from the internet, which is not a trait anyone should admire.
👉 Key takeaway: Agentic AI tools are opening new attack paths because instruction-following at browser level can become instruction-trusting far too easily.