Tag: Phishing

Crunchyroll Alleged Data Breach: What Do Users Need to Know? Reports of a possible Crunchyroll (A popular anime streaming platform) data breach have drawn attention after claims surfaced that a threat actor may have accessed user-related data and internal support information. Crunchyroll has not publicly confirmed the full scope of those claims, so the story […]

Alleged Rogers, StockX, and Tax Office Data Sales Plus Crypto, Bank, and Magento Listings SOCRadar’s Dark Web Team identified several new underground posts this week, including an alleged database sale tied to Rogers Communications and Fido, a U.S.-focused tax office dataset advertised with sensitive tax and banking fields, and multiple credential-oriented listings connected to Australian […]

Ransomware 3.0: The Autonomous Threat That Changed Everything Ransomware has changed a lot over time and gone through major shifts, it’s now “Ransomware 3.0.” The changes across the years explain why the threats in 2026 look very different from what security teams faced ten years ago. Ransomware 1.0 (1989–2018): Encrypt and Demand The first era […]

Financial Crime in 2026: How Organized Threat Ecosystems Are Outsmarting AML ControlsFinancial crime has changed dramatically over the last few years. Fraud is no longer driven primarily by isolated attackers or opportunistic scams. Instead, it has evolved into a coordinated ecosystem where identity theft, account takeover, money laundering, and infrastructure services operate as interconnected criminal […]

CISA is aware of malicious cyber activity targeting endpoint management systems of U.S. organizations based on the March 11, 2026 cyberattack against U.S.-based medical technology firm Stryker Corporation, which affected their Microsoft environment.¹ To defend against similar malicious cyber activity, CISA urges organizations to harden endpoint management system configurations using the recommendations and resources provided in this alert. CISA is conducting enhanced coordination with federal partners, including the Federal Bureau of Investigation (FBI), to identify additional threats and determine mitigation actions.

To defend against similar malicious activity that misuses legitimate endpoint management software, CISA urges organizations to implement Microsoft’s newly released best practices for securing Microsoft Intune; the principles of these recommendations can be applied to Intune and more broadly to other endpoint management software: 

• Use principles of least privilege when designing administrative roles.
  • Leverage Microsoft Intune’s role-based access control (RBAC) to assign the minimum permissions necessary to each role for completing day-to-day operations—permissions include what actions the role can take, and what users and devices it can apply that action to.
• Enforce phishing-resistant multi-factor authentication (MFA) and privileged access hygiene.
  • Use Microsoft Entra ID capabilities (including Conditional Access, MFA, risk signals, and privileged access controls) to block unauthorized access to privileged actions in Microsoft Intune.
• Configure access policies to require Multi Admin Approval in Microsoft Intune.
  • Set up policies that require a second administrative account’s approval to allow changes to sensitive or high-impact actions (such as device wiping), applications, scripts, RBAC, configurations, etc.  

Additionally, CISA recommends reviewing the following resources to strengthen defenses against similar malicious cyber activity:

• Microsoft resources:
  • For recommendations on securing Microsoft Intune, see Best practices for securing Microsoft Intune.
  • For guidance on implementing Multi Admin Approval in Microsoft Intune, see Use Access policies to implement Multi Admin Approval.
  • For recommendations on configuring Microsoft Intune using zero trust principles, see Configure Microsoft Intune for increased security.
  • For guidance on implementing Microsoft Intune RBAC policies, see Role-based access control (RBAC) with Microsoft Intune.
  • For guidance on deploying Privileged Identity Management (PIM) across Microsoft Intune, Entra ID, and other Microsoft software, see Plan a Privileged Identity Management deployment.  
• CISA resources:
  • For guidance on implementing phishing-resistant multifactor authentication (MFA), see Implementing Phishing-Resistant MFA. 

Disclaimer

The information in this report is being provided “as is” for informational purposes only. CISA does not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA.  

Acknowledgements

Microsoft and Stryker contributed to this alert. 

Notes

1 For updates from Stryker on the incident, see “Customer Updates: Stryker Network Disruption,” Stryker, last modified March 15, 2026, https://www.stryker.com/us/en/about/news/2026/a-message-to-our-customers-03-2026.html.

Stryker Cyberattack: What You Need to Know On March 11, 2026, Stryker disclosed a cyberattack that caused a global disruption to its Microsoft environment. Within days, the incident became one of the clearest examples of how attackers can cause enterprise-wide damage by abusing trusted cloud administration tools instead of deploying traditional malware. As of March […]

Dark Web Profile: DieNet Every kinetic spike in the Iran-Israel confrontation is now mirrored by a surge of cyber activity. In this environment, DieNet has emerged as the single most prolific disruptive force on the pro-Iranian side. First announced on Telegram in March 2025, the group claimed over 60 DDoS attacks in its opening months. […]

Chrome zero-days continue to pose a major risk for cyber defenders. Earlier this year, Google patched CVE-2026-2441, the first actively exploited Chrome zero-day of 2026. Now, another emergency update has been released, fixing two more flaws already exploited in the wild, CVE-2026-3910 in Chrome’s V8 JavaScript and WebAssembly engine and CVE-2026-3909, an out-of-bounds write bug […]

The post CVE-2026-3910: Chrome V8 Zero-Day Used for In-the-Wild Attacks appeared first on SOC Prime.

Security teams are no longer short on data. They are drowning in it. Cloud control plane logs, endpoint telemetry, identity events, SaaS audit trails, application logs, and network signals keep expanding, while the SOC is still expected to deliver faster detection and cleaner investigations. That is why SIEM vs log management is not just a […]

The post SIEM vs Log Management: Observability, Telemetry, and Detection appeared first on SOC Prime.