Find notable cyber news and cases, enriched with sources, timelines, and signals.

CISA urges Intune hardening for U.S. organizations

Public Sector Action
First reported
Last updated
Happening score
H score 80
1 unique sources, 2 articles

Summary

Hide ▲

CISA urged U.S. organizations to harden Microsoft Intune and related endpoint management controls after the Stryker attack showed how those systems could be abused to wipe devices and expand damage. The alert matters because it aims to reduce the risk of similar malicious activity targeting other networks and administration consoles. CISA tied the warning to March 19, 2026 guidance that pushes stronger controls for privileged access and sensitive actions.

Related Happenings

BEC defensive guidance for exposed-credential and account-misuse risk

Defensive Guidance
H score14 First: 30.06.2026 17:00 Last: 30.06.2026 17:00 Sources 1

About this happening: **BEC defenders** are being pushed toward tighter **training** and **account-response controls** as operators combine **AI-generated business correspondence**, **call-center press...

Microsoft Teams admin policy adds approval-based control for third-party bots

Security Tool/Service
H score11 First: 30.06.2026 13:52 Last: 30.06.2026 13:52 Sources 1

About this happening: Microsoft Teams introduced an **admin policy** that lets organizers prevent **third-party bots** from joining meetings without approval. The control improves **visibility** over e...

Microsoft Teams third-party bot approval controls for meeting social-engineering risk

Defensive Guidance
H score11 First: 30.06.2026 13:52 Last: 30.06.2026 13:52 Sources 1

About this happening: **Microsoft Teams** has added admin controls that block **third-party bots** without approval, reducing **meeting social-engineering risk** across managed tenants. The policy impr...

CISA zero-trust SASE guidance for TIC 3.0

Public Sector Action
H score30 First: 25.06.2026 14:30 Last: 25.06.2026 14:30 Sources 1

About this happening: CISA published **new guidance** on **June 24** for **federal civilian executive branch agencies** to replace legacy internet gateways with **SASE** as part of the move from **TIC...

Service desk social engineering defenses tighten identity verification for password resets and MFA changes

Defensive Guidance
H score17 First: 24.06.2026 17:02 Last: 24.06.2026 17:02 Sources 1

About this happening: **Service desk identity verification** is being tightened against **social engineering attacks**, reducing impersonation-driven account takeover and unauthorized access across cor...

Timeline

  1. 19.03.2026 13:02 1 articles · 3mo ago

    Handala compromises Stryker Microsoft environment and wipes Intune-managed devices

    Exploitation Observed

    Handala claimed a March 11, 2026 compromise of Stryker Corporation's Microsoft environment, saying it stole 50 terabytes of data and used Microsoft Intune's built-in wipe command after creating a new Global Administrator account from a compromised administrator account, which erased nearly 80,000 devices.

    Show sources
  2. 19.03.2026 13:02 3 articles · 3mo ago

    CISA urges Microsoft Intune hardening for U.S. organizations

    Mitigation Patch Update

    On March 19, 2026, CISA urged U.S. organizations using Microsoft Intune and other endpoint management software to harden administrative controls after the Stryker Corporation compromise, recommending least-privilege RBAC, MFA, Microsoft Entra ID protections such as Conditional Access and risk signals, and multi-admin approval for sensitive actions like device wipes, application updates, and RBAC changes.

    Show sources