DJBSEC's CyberNews 2026-03-12

1. Iran Threatens U.S. Technology Companies Amid Rising Tensions

Iranian officials have reportedly issued warnings targeting major U.S. technology companies as geopolitical tensions escalate. Analysts believe the statements may signal an increase in cyber operations directed at American corporate infrastructure. Iranian-linked threat groups have historically targeted technology firms for both espionage and disruption. Security experts warn that companies should expect heightened phishing, credential theft, and supply-chain attacks. Organizations are being urged to strengthen monitoring and incident response readiness.

2. Iranian Handala Hackers Claim Attacks on Verifone and Stryker

The pro-Iranian hacking group Handala has claimed responsibility for cyberattacks against payment technology company Verifone and medical device manufacturer Stryker. The attackers say they accessed internal systems and exfiltrated sensitive corporate data. While the full impact has not been independently confirmed, the claims highlight growing cyber activity linked to geopolitical tensions in the Middle East. Experts note that hacktivist groups are increasingly blending political messaging with data-theft campaigns. Investigations into the alleged breaches are ongoing.

3. Researchers Trick Perplexity’s Comet AI into Revealing Data

Security researchers demonstrated that Perplexity’s Comet AI assistant could be manipulated into revealing sensitive information through carefully crafted prompts. The attack relied on prompt injection techniques designed to bypass the system’s safeguards. By altering the AI’s instructions, researchers were able to retrieve data that should have remained restricted. The experiment highlights ongoing concerns about security risks associated with AI assistants connected to sensitive systems. Developers are working on improved guardrails to prevent similar attacks.

4. Stryker Investigates Reported Cyberattack

Medical technology company Stryker is investigating a reported cyberattack following claims by a hacktivist group that it accessed internal systems. The attackers alleged they obtained sensitive corporate information during the intrusion. Stryker has stated that it is actively reviewing the claims and working with cybersecurity experts. Healthcare and medical technology companies remain frequent targets due to the value of their data and operational impact. The investigation is ongoing as the company assesses potential exposure.

5. Critical Flaw in HPE Aruba CX Switches Allows Admin Takeover

A critical vulnerability affecting HPE Aruba CX network switches could allow attackers to gain administrative control without authentication. The flaw enables attackers to bypass security checks and execute privileged commands remotely. Because these switches often operate at the core of enterprise networks, exploitation could provide attackers with broad access. HPE has released patches and mitigation guidance to address the vulnerability. Organizations are urged to update affected devices immediately.

6. Malicious Rust Crates and AI Botnet Infrastructure Discovered

Researchers have discovered several malicious Rust programming language crates that appear to be linked to a developing AI-driven botnet. The packages were uploaded to open-source repositories and designed to infect developer systems during installation. Once installed, the malware could connect to command-and-control infrastructure and execute attacker commands. The campaign demonstrates how attackers continue to abuse open-source ecosystems to distribute malware. Developers are urged to carefully review dependencies before installing packages.

7. UNC6426 Exploits NX NPM Supply Chain

A threat actor tracked as UNC6426 has been linked to a supply-chain attack targeting the NX development toolkit on the NPM platform. Attackers compromised packages within the ecosystem to distribute malicious code to developers. Because NX is widely used in modern JavaScript development environments, the impact could affect numerous projects. Supply-chain attacks like this allow malware to spread through trusted software dependencies. Security teams recommend reviewing dependency integrity and monitoring package updates.

8. Microsoft SQL Server Zero-Day Vulnerability Reported

Researchers have identified a zero-day vulnerability in Microsoft SQL Server that could allow attackers to execute malicious code or gain unauthorized access to databases. The flaw affects certain configurations and could be exploited remotely under specific conditions. Because SQL Server often stores critical enterprise data, the vulnerability poses a significant risk to organizations. Security teams are monitoring for exploitation attempts while awaiting official patches. Administrators are advised to implement mitigations and restrict database exposure.

9. Middle East Conflict Exposes Cloud Resilience Weaknesses

The ongoing conflict in the Middle East is highlighting weaknesses in global cloud infrastructure resilience. Experts warn that regional disruptions can impact cloud services relied upon by organizations worldwide. Attacks on infrastructure, combined with geopolitical tensions, can affect connectivity, data centers, and supply chains. Companies are being encouraged to review disaster recovery strategies and diversify cloud deployments. The situation underscores the growing intersection between geopolitics and cybersecurity.

10. Microsoft Patches 83 Vulnerabilities in March Security Update

Microsoft released its March Patch Tuesday update, addressing 83 security vulnerabilities across its products. The update includes fixes for several critical issues affecting Windows, Office, and enterprise services. While none of the vulnerabilities were publicly disclosed as zero-days at release, security experts warn that attackers often attempt to exploit newly patched flaws. Organizations are encouraged to deploy updates promptly. Timely patching remains one of the most effective defenses against cyberattacks.