Cyberattacks Hit Multiple Targets, Including Medtech Giant Stryker

What Happened

A wave of cyberattacks has targeted multiple organizations, including medical technology giant Stryker, which was forced to shut down its operations after a wiper malware attack claimed by an Iran-linked hacktivist group. The attack, which affected Stryker's offices in 79 countries, resulted in the theft of 50 terabytes of data and the wiping of tens of thousands of systems and servers.

Meanwhile, a SQL injection vulnerability in the Elementor Ally plugin, which has over 400,000 installations, was discovered, affecting all versions up to 4.0.3. The vulnerability, tracked as CVE-2026-2313, allows an unauthenticated attacker to inject SQL commands, potentially leading to the theft of sensitive data.

In addition, a remote code execution vulnerability in the n8n workflow automation platform, which has over 50,000 weekly downloads on the npm registry, was actively exploited. The vulnerability, tracked as CVE-2025-68613, allows authenticated attackers to execute arbitrary code on vulnerable servers with the privileges of the n8n process.

Why It Matters

These cyberattacks highlight the growing threat of cybercrime, particularly from nation-state actors and hacktivist groups. The attack on Stryker, which is a leading medical technology company, demonstrates the potential consequences of a successful cyberattack on critical infrastructure.

The SQL injection vulnerability in the Elementor Ally plugin and the remote code execution vulnerability in n8n also underscore the importance of cybersecurity hygiene and the need for organizations to prioritize vulnerability management and patching.

What Experts Say

"Cyberattacks are becoming increasingly sophisticated and targeted, and organizations need to be aware of the risks and take proactive measures to protect themselves," said a cybersecurity expert. "The attack on Stryker is a wake-up call for the medical technology industry, which is a critical sector that requires robust cybersecurity measures."

Key Numbers

• 250,000+ WordPress sites affected by SQL injection vulnerability in Elementor Ally plugin
• 50 terabytes of data stolen from Stryker
• 200,000+ systems, servers, and mobile devices wiped in Stryker attack
• 50,000+ weekly downloads of n8n on npm registry
• 100 million+ pulls of n8n on Docker Hub

Background

The attack on Stryker is not the first time that the company has been targeted by cybercriminals. In 2020, Stryker was hit by a ransomware attack that forced the company to shut down its operations.

The SQL injection vulnerability in the Elementor Ally plugin is a common type of vulnerability that has been exploited by attackers for many years. The vulnerability is often caused by poor coding practices and can be easily exploited by attackers.

What Comes Next

The attack on Stryker and the vulnerabilities in the Elementor Ally plugin and n8n highlight the need for organizations to prioritize cybersecurity and take proactive measures to protect themselves. This includes implementing robust vulnerability management and patching procedures, as well as providing cybersecurity awareness training to employees.

As the threat landscape continues to evolve, organizations need to stay vigilant and adapt to new threats and vulnerabilities. The consequences of a successful cyberattack can be severe, and organizations need to take action to protect themselves and their customers.