Alright team, it's been a pretty packed 24 hours in the cyber world! We've got updates on some significant breaches, a deep dive into nation-state tactics, a round-up of critical vulnerabilities, and some interesting shifts in the regulatory and threat landscapes. Let's get into it:Recent Cyber Attacks and Breaches - Jaguar Land Rover (JLR) has confirmed data theft following a cyberattack that severely disrupted production and retail operations. The "Scattered Lapsus$ Hunters" group, linked to Scattered Spider, ShinyHunters, and Lapsus$, claimed responsibility, stating they deployed ransomware and shared internal SAP system screenshots.- European crypto platform SwissBorg saw $41 million in Solana (SOL) coins stolen from a partner company, Kiln, via an API breach. SwissBorg has pledged to reimburse all affected users, highlighting the ongoing risks in the decentralised finance ecosystem.- The npm open-source supply-chain attack, initially causing widespread fear due to its potential reach (impacting ~10% of cloud environments), ultimately resulted in minimal financial gain for the attackers (around $600 in crypto) thanks to quick detection and a crypto-jacking payload that was easily thwarted. The Register | https://go.theregister.com/feed/www.theregister.com/2025/09/10/jaguar_key_lessons/ Bleeping Computer | https://www.bleepingcomputer.com/news/security/jaguar-land-rover-jlr-confirms-data-theft-after-recent-cyberattack/ The Register | https://go.theregister.com/feed/www.theregister.com/2025/09/10/jagar_land_rover_breach/️ The Record | https://therecord.media/swissborg-platform-solana-cryptocurrency-stolen🤫 CyberScoop | https://cyberscoop.com/open-source-npm-package-attack/ Bleeping Computer | https://www.bleepingcomputer.com/news/security/hackers-left-empty-handed-after-massive-npm-supply-chain-attack/Ransomware Kingpin Indicted - A Ukrainian national, Volodymyr Tymoshchuk, has been indicted by the US for allegedly orchestrating the LockerGoga, MegaCortex, and Nefilim ransomware operations, causing an estimated $18 billion in damages globally.- Tymoshchuk is accused of attacking over 250 US companies and hundreds more worldwide, including the infamous Norsk Hydro incident in 2019.- The US is offering an $11 million bounty for information leading to his arrest or extradition, underscoring the global effort to bring ransomware operators to justice. The Register | https://go.theregister.com/feed/www.theregister.com/2025/09/10/us_nefilim_ransomware_indictment/New Threat Research & Spyware Defences ️- China-linked APT41 is actively targeting US trade officials and stakeholders with spear-phishing campaigns, impersonating a Republican Congressman to steal sensitive data and Microsoft 365 credentials amidst ongoing trade talks.- Researchers have found the commercially available FlexiSPY spyware on the phones of two Kenyan filmmakers, allegedly installed by Kenyan authorities while the devices were in custody, highlighting the use of surveillance tools against civil society.- Apple has unveiled Memory Integrity Enforcement (MIE) in its new iPhone 17 and A19 chips, a hardware-level memory safety feature designed to significantly disrupt sophisticated mercenary spyware attacks by preventing memory corruption vulnerabilities like buffer overflows and use-after-free bugs.- A modular macOS backdoor named ChillyHell, linked to Mandiant's UNC4487, was found to have bypassed Apple's notarization process and remained undetected for up to four years, using multiple persistence mechanisms and C2 protocols to evade detection. The Hacker News | https://thehackernews.com/2025/09/china-linked-apt41-hackers-target-us.html️ The Record | https://therecord.media/researchers-spyware-kenya-filmmaker-phone The Hacker News | https://thehackernews.com/2025/09/apple-iphone-air-and-iphone-17-feature.html🤫 CyberScoop | https://cyberscoop.com/apple-memory-integrity-enforcement-iphone-ios-anti-spyware/ The Register | https://go.theregister.com/feed/www.theregister.com/2025/09/10/chillyhell_modular_macos_malware/Vulnerabilities & Patch Tuesday Round-up ️- SAP has released critical patches for NetWeaver, including a deserialization vulnerability (CVE-2025-42944, CVSS 10.0) allowing unauthenticated OS command execution, and an insecure file upload flaw (CVE-2025-42922, CVSS 9.9). A previously exploited S/4HANA flaw (CVE-2025-42957) was also addressed.- Adobe Commerce and Magento Open Source are vulnerable to a critical improper input validation flaw (CVE-2025-54236, CVSS 9.1) that could allow attackers to take over customer accounts via the REST API. Adobe has deployed WAF rules for cloud customers and released hotfixes.- Microsoft's Patch Tuesday addressed 80 flaws, including a publicly known privilege escalation in Windows SMB (CVE-2025-55234) and a critical Azure Networking privilege escalation (CVE-2025-54914, CVSS 10.0) that requires no customer action. Other notable fixes include RCE in HPC Pack and several BitLocker bypasses. The Hacker News | https://thehackernews.com/2025/09/adobe-commerce-flaw-cve-2025-54236-lets.html The Hacker News | https://thehackernews.com/2025/09/sap-patches-critical-netweaver-cvss-up.html The Register | https://go.theregister.com/feed/www.theregister.com/2025/09/10/microsoft_patch_tuesday/ The Hacker News | https://thehackernews.com/2025/09/microsoft-fixes-80-flaws-including-smb.htmlThreat Landscape Commentary - The FBI is adapting its threat hunting methods due to the increased stealth and patience of Chinese hacking groups like Salt Typhoon and Volt Typhoon, who are now focusing on "living off the land" techniques and targeting cloud and edge devices.- A report by the Atlantic Council reveals that the number of US-based investors in spyware firms nearly tripled in 2024, making the US the largest investor in the global spyware market, despite aggressive government actions against the sector.- A top NSC cyber official expressed dismay at the lag in security technology within critical infrastructure, particularly in the energy sector, advocating for "secure-by-design" principles to mitigate threats.🤫 CyberScoop | https://cyberscoop.com/chinas-typhoons-changing-the-way-fbi-hunts-sophisticated-threats/️ The Record | https://therecord.media/us-investors-in-spyware-tripled-in-2024🤫 CyberScoop | https://cyberscoop.com/alexei-bulazel-critical-infrastructure-security-tech-needs-to-be-as-good-as-our-smartphones/Data Privacy Incidents & Enforcement - A Birmingham secondary school accidentally exposed the personal data (names, gender, DOB, parent contact details) of hundreds of students via a spreadsheet linked in a flu jab consent email, highlighting the risks of human error in data handling.- California, Connecticut, and Colorado have launched a joint investigative sweep targeting companies that fail to honour consumer opt-out requests or implement Global Privacy Control (GPC), a browser extension for automatic data collection opt-out. The Register | https://go.theregister.com/feed/www.theregister.com/2025/09/10/birmingham_school_data_blunder/🤫 CyberScoop | https://cyberscoop.com/states-investigative-sweep-global-privacy-control-data-privacy/Regulatory Issues & Scrutiny ️- Chinese lawmakers are considering amendments to the country's Cybersecurity Law, introducing certification requirements for tech products and significantly increasing penalties (up to ¥10 million for companies, ¥100,000 for executives) for security incidents in critical sectors and for using uncertified products or international cloud storage.- Senator Ron Wyden has called on the FTC to investigate Microsoft for "gross cybersecurity negligence," citing the company's default support for the insecure RC4 encryption protocol, which contributed to the 2024 Ascension hospital ransomware attack via Kerberoasting.️ The Record | https://therecord.media/china-cybersecurity-law-update-penalties-companies-executives🤫 CyberScoop | https://cyberscoop.com/ron-wyden-ftc-microsoft-default-security-flaws-rc4-kerberoasting-ascension-ransomware/US Federal Cyber Priorities - Michael Duffy, the acting US Chief Information Security Officer, outlined three key priorities for federal cyber officials: enhancing enterprise cyber defense, increasing operational resilience, and securing a modern US government, all with a strong emphasis on interagency collaboration and proactive measures.🤫 CyberScoop | https://fedscoop.com/acting-federal-cyber-chief-outlines-three-priorities-for-next-year-ciso/#CyberSecurity #ThreatIntelligence #Ransomware #APT #Vulnerabilities #PatchTuesday #DataPrivacy #RegulatoryAffairs #InfoSec #SupplyChainAttack #Spyware #CriticalInfrastructure #ZeroTrust

It's been a busy 24 hours in the cyber world with significant updates on recent breaches, new malware campaigns, critical vulnerabilities, and shifts in government cyber policy. Let's dive in:Recent Cyber Attacks & Breaches - Plex, the media streaming platform, has once again urged users to reset passwords following another data breach that exposed emails, usernames, and hashed passwords. This isn't their first rodeo, so 2FA is a must!- The New York Blood Center disclosed a January ransomware attack that leaked sensitive health information and, for employees, SSNs and financial data, impacting thousands.- HelloGym, a service for major fitness brands, left 1.6 million unencrypted audio call recordings exposed online, containing names, financial details, and potentially biometric voice data, raising serious social engineering and deepfake risks.- The US Department of Defense (DoD) was found to have publicly exposed social media stream keys for years on its DVIDS website, leaving its livestreams vulnerable to hijacking. This has now been fixed.- A Brazilian lesbian dating app, Sapphos, shut down after an API flaw (IDOR) exposed sensitive user data, including identity verification photos, leading to the deletion of its entire user database.- The npm supply chain saw an attack where a developer's account was phished, leading to popular packages being backdoored with crypto-stealing malware. While the attackers only netted about $925, the incident highlights the fragility of the JavaScript ecosystem and the persistent threat of phishing. Bleeping Computer | https://www.bleepingcomputer.com/news/security/plex-tells-users-to-reset-passwords-after-new-data-breach/ The Register | https://go.theregister.com/feed/www.theregister.com/2025/09/09/plex_breach/️ The Record | https://therecord.media/blood-center-discloses-details-on--january-ransomware-attack The Register | https://go.theregister.com/feed/www.theregister.com/2025/09/09/gym_audio_recordings_exposed/ The Register | https://go.theregister.com/feed/www.theregister.com/2025/09/09/us_dod_exposed_keys/️ The Record | https://therecord.media/brazil-lesbian-dating-app-shuts-down-vulnerability The Register | https://go.theregister.com/feed/www.theregister.com/2025/09/09/npm_supply_chain_attack/New Threat Research & Ransomware ️- Researchers detailed new malware campaigns: MostereRAT, a banking malware turned RAT, uses advanced evasion techniques and drops tools like AnyDesk. "ClickFix-esque" social engineering is distributing MetaStealer via fake AnyDesk installers.- A novel adaptation of ClickFix leverages CSS-based obfuscation and "prompt overdose" to weaponise AI summarisers, potentially delivering malicious instructions for ransomware deployment.- RatOn, a new Android malware, has evolved to include NFC relay and Automated Transfer System (ATS) capabilities, targeting cryptocurrency wallets and banking apps, often distributed via fake TikTok 18+ listings.- Ukrainian national Volodymyr Viktorovich Tymoshchuk has been indicted by the US for his alleged role as an administrator of LockerGoga, MegaCortex, and Nefilim ransomware operations, which targeted hundreds of organisations globally, causing millions in damages. The State Department is offering an $11 million reward for information leading to his arrest.- A threat actor targeting exposed Docker APIs has updated its tooling to deploy a more complex payload, block API access, enable persistent SSH, and install scanning tools, suggesting an evolution towards a sophisticated botnet. The Hacker News | https://thehackernews.com/2025/09/from-mostererat-to-clickfix-new-malware.html The Hacker News | https://thehackernews.com/2025/09/raton-android-malware-detected-with-nfc.html️ The Record | https://therecord.media/lockergoga-megacortex-nefilim-ransomware-ukrainian-indictment-unsealed🤫 CyberScoop | https://cyberscoop.com/nefilim-ransomware-indictment-volodymyr-tymoshchuk-department-of-justice/ Bleeping Computer | https://www.bleepingcomputer.com/news/security/us-charges-admin-of-lockergoga-megacortex-nefilim-ransomware/ Bleeping Computer | https://www.bleepingcomputer.com/news/security/hackers-hide-behind-tor-in-exposed-docker-api-breaches/Vulnerabilities & Patches ️- SAP has patched 21 vulnerabilities, including three critical flaws in its NetWeaver software. The most severe, CVE-2025-42944 (CVSS 10.0), is an insecure deserialization leading to arbitrary OS command execution.- Adobe released an emergency patch for CVE-2025-54236, dubbed "SessionReaper," a critical vulnerability in Commerce and Magento Open Source that allows unauthenticated account takeover via the REST API.- Microsoft's September Patch Tuesday addressed 81 vulnerabilities, including eight critical and one high-severity, though none are actively exploited. Notable flaws include a deserialization RCE in High Performance Compute Pack (CVE-2025-55232) and elevation of privilege issues in Windows NTLM and SMB protocols. Bleeping Computer | https://www.bleepingcomputer.com/news/security/sap-fixes-maximum-severity-netweaver-command-execution-flaw/ Bleeping Computer | https://www.bleepingcomputer.com/news/security/adobe-patches-critical-sessionreaper-flaw-in-magento-ecommerce-platform/🤫 CyberScoop | https://cyberscoop.com/microsoft-patch-tuesday-september-2025/Threat Landscape Commentary - Senator Angus King (I-ME) described the cyber domain as a "hellscape," criticising recent US government job cuts in cybersecurity agencies like CISA, which he claims has lost 30% of its staff, warning the US is "unilaterally disarming."- Anthropic's Claude Code, an AI for security reviews, has been shown to miss vulnerabilities and potentially introduce new risks by executing code during testing. Researchers advise against fully trusting AI for security without rigorous human oversight.- National Cyber Director Sean Cairncross called on the private sector to collaborate with the federal government to advance an "America First" vision in cyberspace, emphasising the need for strategic coherence and shifting the burden of risk to adversaries.️ The Record | https://therecord.media/angus-king-cyber-domain-cuts-cisa The Register | https://go.theregister.com/feed/www.theregister.com/2025/09/09/ai_security_review_risks/️ The Record | https://therecord.media/sean-cairncross-oncd-billington-cybersecurity-speech/Data Privacy Concerns - WhatsApp's former head of security is suing Meta, alleging retaliation for reporting systemic security failings, including 1,500 engineers having unrestricted access to user data without audit trails, violating FTC privacy orders. The Register | https://go.theregister.com/feed/www.theregister.com/2025/09/08/whatsapp_exsecurity_head_sues_company/Regulatory & Legal Actions ️- The US Treasury Department has sanctioned 19 individuals and organisations involved in major cyber scam hubs in Burma and Cambodia, which collectively stole over $10 billion from Americans last year and rely on forced labour.- The UK's Online Safety Act has been toughened, making self-harm content a "priority offence" that legally requires tech companies to proactively prevent its publication, rather than just removing it.- The Department of Justice is pursuing civil forfeiture of $5 million in Bitcoin stolen from five victims through SIM swapping attacks between late 2022 and early 2023, with funds traced through multiple wallets to an online casino.- New cybersecurity rules under the Cybersecurity Maturity Model Certification (CMMC) program will come into effect on November 9, requiring all US DoD contractors to meet specific compliance levels based on the sensitivity of unclassified information they handle.🤫 CyberScoop | https://cyberscoop.com/southeast-asia-scam-hubs-sanctions/ Bleeping Computer | https://www.bleepingcomputer.com/news/security/us-sanctions-cyber-scammers-who-stole-billions-from-americans/ The Register | https://go.theregister.com/feed/www.theregister.com/2025/09/09/selfharm_online_safety_act/️ The Record | https://therecord.media/us-seeks-5-million-bitcoin-taken-in-sim-swaps The Register | https://go.theregister.com/feed/www.theregister.com/2025/09/09/new_cybersecurity_compliance_rules_dod/Government Cyber Structure ️- The Trump administration has decided to maintain the "dual-hat" leadership of US Cyber Command and the National Security Agency, shelving plans to split the roles due to the immense complexity and time required for such a reorganisation.️ The Record | https://therecord.media/cyber-command-nsa-dual-hat-single-leader-trump-administrationOther Noteworthy Updates - Encrypted messaging app Signal is rolling out a new opt-in feature offering 100MB of free, encrypted cloud storage for media from the past 45 days, with a paid tier for 100GB, funded by user subscriptions as a non-profit.- Finnish phone maker HMD Global is launching HMD Secure, a new business unit focused on sovereign mobile security products for European governments and critical customers, with its first "Euro-made" Android smartphone, the HMD Ivalo XE, due in Q1 2026.- Microsoft is working to resolve an anti-spam bug that is mistakenly blocking URLs and quarantining emails for Exchange Online and Microsoft Teams users, caused by its engine incorrectly flagging URLs within other URLs as malicious.- Mitsubishi Electric is set to acquire industrial cybersecurity firm Nozomi Networks for approximately $883 million, with Nozomi continuing to operate independently, highlighting the growing focus on securing operational technology (OT) environments. The Register | https://go.theregister.com/feed/www.theregister.com/2025/09/09/storage_message_signal/ The Register | https://go.theregister.com/feed/www.theregister.com/2025/09/09/hmd_ivalo_xe/ Bleeping Computer | https://www.bleepingcomputer.com/news/microsoft/microsoft-anti-spam-bug-blocks-links-in-exchange-online-teams/️ The Record | https://therecord.media/nozomi-networks-mitsubishi-electric-acquisition🤫 CyberScoop | https://cyberscoop.com/nozomi-networks-mitsubishi-electric-acquisition-ot-ics-cybersecurity/#CyberSecurity #ThreatIntelligence #Ransomware #Malware #Vulnerabilities #DataBreach #SupplyChainAttack #SocialEngineering #AI #DataPrivacy #RegulatoryCompliance #InfoSec #IncidentResponse #PatchTuesday