At some point in the last fortnight, a security team at Stryker Corporation watched data disappear from over 200,000 devices across 79 countries at once. Not because an attacker found a gap in the perimeter. Because someone who had gotten admin access to the company’s device management platform pressed a button. The entire attack ran through a system Stryker already trusted.
That’s the thread running through every incident in the latest ColorTokens Threat Advisory. It forces a harder question than gap analysis: what do you do when the entry point is something you already trust?
The Attack Tool Was Already There
Handala didn’t need sophisticated malware to wipe Stryker’s global device fleet. They gained administrative access to Microsoft Intune, the platform Stryker used to manage endpoints across 79 countries, and issued a remote wipe. Employees in the US, Ireland, Australia, and Costa Rica watched the Handala logo appear on their screens before their devices went dark. CISA responded with a formal alert the same week.
What the Stryker incident makes visible is a risk that lives inside most enterprise environments and rarely gets the same scrutiny as external-facing systems. An attacker who reaches the endpoint management layer doesn’t need to be sophisticated. They need to be there. And once they are, the blast radius isn’t limited to what they can reach through lateral movement. It’s every enrolled device in the organization. This is exactly the scenario microsegmentation is built for: containing what an attacker can do after they’re inside, by enforcing boundaries at the workload and device level so that a single compromised administrative plane doesn’t become a kill switch for the entire estate.
When The Supply Chain Is the Weapon
LiteLLM is the library millions of AI developers use to connect their applications to over a hundred AI services. It functions as load-bearing infrastructure for a significant portion of the AI development ecosystem, which is why it was targeted. The attackers didn’t approach LiteLLM directly. They started upstream, by compromising Trivy, a security scanner that LiteLLM’s build pipeline used without pinning to a specific version. Once Trivy was poisoned, two malicious versions of LiteLLM reached developers’ systems through PyPI. Major AI frameworks including Microsoft GraphRAG, Google ADK, DSPy, and CrewAI pulled the compromised version as an indirect dependency during the three hours it was live. The credentials those systems held were exposed.
The entry point was a misconfigured workflow in a security tool. Security tooling was the vector. This is the same trust-chain logic that makes third-party risk and identity attack paths so difficult to close at the perimeter alone — and it’s a pattern that’s been building across supply chain attacks since 2025. The full breach timeline and remediation steps are in the report.
What Happened in Healthcare and Finance
CareCloud stores electronic health records for more than 45,000 providers covering millions of patients. Unauthorized access to one of its records environments lasted over eight hours before detection. The company filed a material event disclosure with the SEC shortly after, which is a formal acknowledgment that the incident is significant enough to affect its business. The investigation into what was accessed or taken is still ongoing. For healthcare organizations evaluating how network isolation limits exposure in exactly this kind of scenario, the this page walks through what that looks like in practice. And the IoMT and biomedical device security approach covers the connected device risk that sits alongside EHR environments.
In finance, ShinyHunters named Ameriprise Financial as its latest target, claiming to hold a large volume of Salesforce customer data and SharePoint files, with a ransom deadline attached. The gang has been working the same method across multiple financial services firms, pulling on Salesforce credentials from prior campaigns. Separately, Lloyds Banking Group disclosed that a coding error in their banking platform briefly allowed hundreds of thousands of customers to view each other’s account and transaction details. No attacker required.
Access Forrester Wave™ Report: Discover why ColorTokens was rated ‘Superior’ in OT, IoT, and Healthcare Security.
What These Incidents Are Telling You
The report points to five immediate actions:
- If any system in your environment ran a PyPI install between March 19 and 22, rotate everything on it: secrets, SSH keys, environment variables, and cloud credentials.
- Audit who holds admin access to your endpoint management platform and enforce MFA on every administrative account. Set real-time alerts for bulk actions.
- If NetScaler is in your stack and configured as a SAML identity provider, patch to the fixed versions now. The vulnerability scores a 9.8 for a reason.
- Lock down your AI development pipelines with dependency pinning and lockfile enforcement. If your team doesn’t know which libraries arrive as transitive dependencies rather than direct installs, that’s the first thing to find out.
- For Salesforce environments, review OAuth grants, connected app permissions, and active sessions. ShinyHunters is actively working credentials from prior campaigns across the financial services sector.
And here’s a thread that connects them all. Organizations that contained damage fastest had already mapped what an attacker can reach once they’re inside one trusted system. Microsegmentation that enforces boundaries at the workload and device level is what limits that radius once the trusted layer gives way. See how ColorTokens Xshield puts a micro-perimeter around every asset, stopping lateral movement before it becomes a business crisis.
The Trusted Layer Is the Attack Surface
An endpoint management platform became a wiper. A security scanner became a supply chain entry point. An EHR environment held unauthorized access for eight hours before anyone knew. A coding error exposed what a threat actor didn’t have to work for. The trusted layer is where attacks are landing now, and the question it puts to every security team is the same: if an attacker got through one trusted system in your environment today, how far could they move before something stopped them?
Get the full threat advisory report for the complete breach breakdowns, CVE details, and attack timelines. If you want to see how these patterns map to your own environment, talk to our advisors. And if you want a clear picture of where your exposure actually sits, start with a free breach readiness and impact assessment.
