Nineteen Sophos Women Recognized by CRN’s Women of the Channel

Seventeen Critical-severity CVEs ready to deck your halls; also, new blog guidance for Windows Server admins

A.J. Vicens and Christy Santhosh report: An Iranian-linked hacking group on Wednesday claimed ‌responsibility for a destructive cyberattack on U.S.-based medical device and services provider Stryker, according to messages posted to the group’s Telegram channel. The Michigan-based company, with 56,000 employees and operations in 61 countries, said in a filing with the SEC that the……

Spanish authorities have arrested an individual who allegedly hacked several high-profile organizations, including NATO and the US army. The post Hacker Who Targeted NATO, US Army Arrested in Spain appeared first on SecurityWeek.

Jonathan Greig reports: The sensitive healthcare information of millions in the U.S. has been leaked through data breaches that multiple insurance companies, clinics, hospitals and more reported recently. The largest involves Blue Shield of California, which informed the U.S. Department of Health and Human Services (HHS) of an incident impacting 4.7 million people. In breach notification…

Cybersecurity researchers have called attention to a “massive campaign” that has systematically targeted cloud native environments to set up malicious infrastructure for follow-on exploitation. The activity, observed around December 25, 2025, and described as “worm-driven,” leveraged exposed Docker APIs, Kubernetes clusters, Ray dashboards, and Redis servers, along with the recently disclosed

Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE-2026-35616 (CVSS score: 9.1), has been described as a pre-authentication API access bypass leading to privilege escalation. “An improper access control vulnerability [CWE-284] in FortiClient EMS may allow an