Alright team, it's been a pretty packed 24 hours in the cyber world!

Alright team, it's been a pretty packed 24 hours in the cyber world! We've got updates on some significant breaches, a deep dive into nation-state tactics, a round-up of critical vulnerabilities, and some interesting shifts in the regulatory and threat landscapes. Let's get into it:

Recent Cyber Attacks and Breaches

- Jaguar Land Rover (JLR) has confirmed data theft following a cyberattack that severely disrupted production and retail operations. The "Scattered Lapsus$ Hunters" group, linked to Scattered Spider, ShinyHunters, and Lapsus$, claimed responsibility, stating they deployed ransomware and shared internal SAP system screenshots.
- European crypto platform SwissBorg saw $41 million in Solana (SOL) coins stolen from a partner company, Kiln, via an API breach. SwissBorg has pledged to reimburse all affected users, highlighting the ongoing risks in the decentralised finance ecosystem.
- The npm open-source supply-chain attack, initially causing widespread fear due to its potential reach (impacting ~10% of cloud environments), ultimately resulted in minimal financial gain for the attackers (around $600 in crypto) thanks to quick detection and a crypto-jacking payload that was easily thwarted.

The Register | https://go.theregister.com/feed/www.theregister.com/2025/09/10/jaguar_key_lessons/
Bleeping Computer | https://www.bleepingcomputer.com/news/security/jaguar-land-rover-jlr-confirms-data-theft-after-recent-cyberattack/
The Register | https://go.theregister.com/feed/www.theregister.com/2025/09/10/jagar_land_rover_breach/
️ The Record | https://therecord.media/swissborg-platform-solana-cryptocurrency-stolen
🤫 CyberScoop | https://cyberscoop.com/open-source-npm-package-attack/
Bleeping Computer | https://www.bleepingcomputer.com/news/security/hackers-left-empty-handed-after-massive-npm-supply-chain-attack/

Ransomware Kingpin Indicted

- A Ukrainian national, Volodymyr Tymoshchuk, has been indicted by the US for allegedly orchestrating the LockerGoga, MegaCortex, and Nefilim ransomware operations, causing an estimated $18 billion in damages globally.
- Tymoshchuk is accused of attacking over 250 US companies and hundreds more worldwide, including the infamous Norsk Hydro incident in 2019.
- The US is offering an $11 million bounty for information leading to his arrest or extradition, underscoring the global effort to bring ransomware operators to justice.

The Register | https://go.theregister.com/feed/www.theregister.com/2025/09/10/us_nefilim_ransomware_indictment/

New Threat Research & Spyware Defences ️

- China-linked APT41 is actively targeting US trade officials and stakeholders with spear-phishing campaigns, impersonating a Republican Congressman to steal sensitive data and Microsoft 365 credentials amidst ongoing trade talks.
- Researchers have found the commercially available FlexiSPY spyware on the phones of two Kenyan filmmakers, allegedly installed by Kenyan authorities while the devices were in custody, highlighting the use of surveillance tools against civil society.
- Apple has unveiled Memory Integrity Enforcement (MIE) in its new iPhone 17 and A19 chips, a hardware-level memory safety feature designed to significantly disrupt sophisticated mercenary spyware attacks by preventing memory corruption vulnerabilities like buffer overflows and use-after-free bugs.
- A modular macOS backdoor named ChillyHell, linked to Mandiant's UNC4487, was found to have bypassed Apple's notarization process and remained undetected for up to four years, using multiple persistence mechanisms and C2 protocols to evade detection.

The Hacker News | https://thehackernews.com/2025/09/china-linked-apt41-hackers-target-us.html
️ The Record | https://therecord.media/researchers-spyware-kenya-filmmaker-phone
The Hacker News | https://thehackernews.com/2025/09/apple-iphone-air-and-iphone-17-feature.html
🤫 CyberScoop | https://cyberscoop.com/apple-memory-integrity-enforcement-iphone-ios-anti-spyware/
The Register | https://go.theregister.com/feed/www.theregister.com/2025/09/10/chillyhell_modular_macos_malware/

Vulnerabilities & Patch Tuesday Round-up ️

- SAP has released critical patches for NetWeaver, including a deserialization vulnerability (CVE-2025-42944, CVSS 10.0) allowing unauthenticated OS command execution, and an insecure file upload flaw (CVE-2025-42922, CVSS 9.9). A previously exploited S/4HANA flaw (CVE-2025-42957) was also addressed.
- Adobe Commerce and Magento Open Source are vulnerable to a critical improper input validation flaw (CVE-2025-54236, CVSS 9.1) that could allow attackers to take over customer accounts via the REST API. Adobe has deployed WAF rules for cloud customers and released hotfixes.
- Microsoft's Patch Tuesday addressed 80 flaws, including a publicly known privilege escalation in Windows SMB (CVE-2025-55234) and a critical Azure Networking privilege escalation (CVE-2025-54914, CVSS 10.0) that requires no customer action. Other notable fixes include RCE in HPC Pack and several BitLocker bypasses.

The Hacker News | https://thehackernews.com/2025/09/adobe-commerce-flaw-cve-2025-54236-lets.html
The Hacker News | https://thehackernews.com/2025/09/sap-patches-critical-netweaver-cvss-up.html
The Register | https://go.theregister.com/feed/www.theregister.com/2025/09/10/microsoft_patch_tuesday/
The Hacker News | https://thehackernews.com/2025/09/microsoft-fixes-80-flaws-including-smb.html

Threat Landscape Commentary

- The FBI is adapting its threat hunting methods due to the increased stealth and patience of Chinese hacking groups like Salt Typhoon and Volt Typhoon, who are now focusing on "living off the land" techniques and targeting cloud and edge devices.
- A report by the Atlantic Council reveals that the number of US-based investors in spyware firms nearly tripled in 2024, making the US the largest investor in the global spyware market, despite aggressive government actions against the sector.
- A top NSC cyber official expressed dismay at the lag in security technology within critical infrastructure, particularly in the energy sector, advocating for "secure-by-design" principles to mitigate threats.

🤫 CyberScoop | https://cyberscoop.com/chinas-typhoons-changing-the-way-fbi-hunts-sophisticated-threats/
️ The Record | https://therecord.media/us-investors-in-spyware-tripled-in-2024
🤫 CyberScoop | https://cyberscoop.com/alexei-bulazel-critical-infrastructure-security-tech-needs-to-be-as-good-as-our-smartphones/

Data Privacy Incidents & Enforcement

- A Birmingham secondary school accidentally exposed the personal data (names, gender, DOB, parent contact details) of hundreds of students via a spreadsheet linked in a flu jab consent email, highlighting the risks of human error in data handling.
- California, Connecticut, and Colorado have launched a joint investigative sweep targeting companies that fail to honour consumer opt-out requests or implement Global Privacy Control (GPC), a browser extension for automatic data collection opt-out.

The Register | https://go.theregister.com/feed/www.theregister.com/2025/09/10/birmingham_school_data_blunder/
🤫 CyberScoop | https://cyberscoop.com/states-investigative-sweep-global-privacy-control-data-privacy/

Regulatory Issues & Scrutiny ️

- Chinese lawmakers are considering amendments to the country's Cybersecurity Law, introducing certification requirements for tech products and significantly increasing penalties (up to ¥10 million for companies, ¥100,000 for executives) for security incidents in critical sectors and for using uncertified products or international cloud storage.
- Senator Ron Wyden has called on the FTC to investigate Microsoft for "gross cybersecurity negligence," citing the company's default support for the insecure RC4 encryption protocol, which contributed to the 2024 Ascension hospital ransomware attack via Kerberoasting.

️ The Record | https://therecord.media/china-cybersecurity-law-update-penalties-companies-executives
🤫 CyberScoop | https://cyberscoop.com/ron-wyden-ftc-microsoft-default-security-flaws-rc4-kerberoasting-ascension-ransomware/

US Federal Cyber Priorities

- Michael Duffy, the acting US Chief Information Security Officer, outlined three key priorities for federal cyber officials: enhancing enterprise cyber defense, increasing operational resilience, and securing a modern US government, all with a strong emphasis on interagency collaboration and proactive measures.

🤫 CyberScoop | https://fedscoop.com/acting-federal-cyber-chief-outlines-three-priorities-for-next-year-ciso/

#CyberSecurity #ThreatIntelligence #Ransomware #APT #Vulnerabilities #PatchTuesday #DataPrivacy #RegulatoryAffairs #InfoSec #SupplyChainAttack #Spyware #CriticalInfrastructure #ZeroTrust