LinkedIn Carousel - #CyberWeekly Week 11

Devices Wiped Worldwide

Iranian hackers abused Microsoft Intune to remotely wipe 200,000 devices at medtech giant Stryker across 79 countries

Platform: Learn Library Now Maps to CyFun Controls

Belgium Helps Bust LeakBase — 142K Stolen-Data Traders

March Patch Tuesday: Zero-Day in SQL Server

Easy Cyber Protection

1/4

Iranian hackers wipe 200,000 devices at Stryker — using the IT admin tools you already have

On March 11, Iran-linked hacktivist group Handala wiped over 200,000 laptops, phones, and servers at medtech giant Stryker — in a single morning — using…

79 countries, 200K+ devices, 50TB stolen: Stryker filed an SEC 8-K disclosing a "global disruption to the Company's Microsoft environment." Offices reverted to pen-and-paper workflows
The attack vector: Handala gained access to Stryker's Intune environment and triggered mass remote wipes — the same "lost device" feature every MDM admin has access to. It's a legitimate tool turned weapon
Personal devices caught in the crossfire: employees with personal phones enrolled for work lost data too, before being told to remove the Intune Company Portal app

BleepingComputer: Stryker attack → https://www.bleepingcomputer.com/news/security/medtech-giant-stryker-offline-after-iran-linked-wiper-malware-attack/

2/4

Platform Spotlight: Every learn article now shows you which CyFun controls it covers

Reading a news story about a wiper attack and wondering which CyFun control covers MDM security? You can now find out in one click.

CyFun callouts on every applicable article: NIS2 guides, security basics, implementation how-tos — each article now surfaces the relevant CyFun controls directly. No more cross-referencing the framework PDF by hand
Connected knowledge base: articles link to related guides, comparison pages, and framework documentation — so you can follow a topic from "what is it" to "how to implement it" to "how to prove it to an auditor" without losing your place
56 articles updated this week: basics, guides, NIS2, CyberFundamentals, compare, getting-started, and industry sections — the full library is now cross-linked

Explore the learn library → https://easycyberprotection.com/learn

3/4

Belgium helped take down LeakBase — the stolen-credential market with 142,000 users

On March 3-4, Europol coordinated a global law enforcement operation that dismantled LeakBase, one of the internet's largest stolen-credential trading forums.

What LeakBase was: a credential market specializing in "stealer logs" — archives of usernames, passwords, and session tokens harvested by infostealer malware. Attackers bought access credentials for specific organizations, then used them to log in and attack
Belgium's data was on there: Belgian SME credentials stolen in phishing campaigns or software breaches regularly end up on platforms like this. LeakBase's closure removes one resale channel — but the stolen data still exists elsewhere
The deanonymisation warning: Europol seized the forum database and contacted users through their own encrypted channels. "No one is truly invisible online" is the message — which also applies to any SME employee who reused a work password on a breached site
One rule the forum had: prohibited publishing data related to Russia. Draw your own conclusions about who was operating it

Europol: Operation LEAK → https://www.europol.europa.eu/media-press/newsroom/news/major-data-leak-forum-dismantled-in-global-action-against-cybercrime-forum

4/4

March Patch Tuesday: patch your SQL Server now — zero-day actively exploited

Microsoft's March 2026 Patch Tuesday dropped 84 fixes including two actively exploited zero-days, and one of them is in SQL Server.

CVE-2026-21262 — SQL Server EoP (CVSS 8.8): privilege escalation via network access to any SQL Server instance. No authentication required. If your SQL Server is network-accessible (common in SME environments), this is a P1 patch
CVE-2026-26127 — .NET 9/10 DoS (CVSS 7.5): denial-of-service affecting .NET across Windows, Mac, and Linux. A broad blast radius — any line-of-business app running on modern .NET is potentially vulnerable to crashing
CVE-2026-21536 — RCE via file upload (Critical): unauthenticated remote code execution through unrestricted file upload. Critical severity, no patch complexity — just upload and execute
84 CVEs total, 8 Critical: a heavier-than-average Patch Tuesday. The patch management guide covers how to triage and prioritize when everything seems urgent

BleepingComputer: March Patch Tuesday → https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2026-patch-tuesday-fixes-2-zero-days-79-flaws/