This month's Cyber Threats Report covers five significant developments that highlight the evolving tactics employed by threat actors and the broadening attack surface facing organisations today.
Our first article examines the destructive cyberattack against Stryker, in which the Iranian-linked hacktivist group Handala abused Microsoft Intune's remote wipe functionality to erase over 200,000 endpoints across 79 countries. The second article covers a new wave of phishing campaigns exploiting OAuth redirect mechanisms to funnel users from trusted login pages into malicious infrastructure, bypassing multi-factor authentication entirely. The third article addresses a confirmed data breach affecting LexisNexis Legal & Professional, in which threat actors exploited a web application vulnerability to access legacy systems and leak approximately 2GB of data. Our fourth article covers two high-severity zero-day vulnerabilities in Google Chrome that are being actively exploited in the wild and require urgent patching.
A common thread across all four articles is the speed at which threat actors are capitalising on trusted platforms and widely used technologies. These developments reinforce the need for organisations to maintain robust patch management, continuous monitoring and a healthy scepticism of even seemingly legitimate digital interactions.
As a final note, the National Cyber Security Centre (NCSC) issued an alert on 2 March 2026 advising UK organisations to review their cyber security posture in light of the evolving situation in the Middle East. Organisations are encouraged to consult the NCSC's published guidance and take appropriate steps to ensure their defences remain aligned with the current threat landscape.