Cybersecurity News | Daily Recap [24 Sep 2025]

PyPI and developer platforms were targeted by credential-stealing phishing sites and notification-based scams that sought to drain crypto and hijack maintainer accounts – PyPI Phish, GitHub Phish, NPM Supply
Malicious search ads and fake sites are distributing macOS credential stealers like Atomic Stealer to harvest passwords and tokens from users of services such as LastPass – Atomic Stealer

Jaguar Land Rover extended its production halt until at least Oct 1, 2025 after a disruptive cyberattack that has snarled its global supply chain and operations – JLR Shutdown, JLR Shutdown
An aviation-systems compromise involving Collins Aerospace’s vMUSE/ MUSE software led to widespread European airport disruption tied to HardBit/RTX-linked ransomware and prompted arrests as investigations continue – Airport Ransom, Airport Ransom, Airport Ransom
New ransomware variant Obscura was observed infecting domain controllers and auto-propagating via shared folders with advanced crypto and evasion techniques – Obscura Ransom
A weak password and missing MFA led to a ransomware-driven collapse of 158-year-old UK firm KNP Logistics, underscoring basic security failures in preventing catastrophic outages – KNP Collapse

Casino operator Boyd Gaming disclosed a breach exposing employee and limited personal data while asserting no operational impact as investigations proceed – Boyd Breach, Boyd Breach, Boyd Breach
Retail chain Circle K’s Hong Kong operations experienced network outages affecting payments and loyalty services amid a suspected cyberattack investigation – Circle K Disruption
South Korea’s Lotte Card probe revealed a breach exposing about 3 million customers’ personal and financial data, triggering regulatory and legal scrutiny – Lotte Card

CISA attributed a prolonged U.S. federal agency breach to exploitation of CVE-2024-36401 in GeoServer, plus delayed patching and poor IR that allowed web shells and lateral movement – GeoServer Breach, GeoServer Breach, GeoServer Breach
Researchers flagged a cluster of actively exploited flaws and vendor fixes — including CVE-2025-26399 in SolarWinds Web Help Desk, multiple Supermicro BMC firmware bugs, and an emergency fix for Libraesva ESG — stressing prioritized patching to prevent supply-chain and firmware persistence attacks – Vulns Watch, SolarWinds Fix, Supermicro BMC, Supermicro BMC, Libraesva Fix, Wondershare Flaws

Suspected China-linked group UNC5221 and related activity used the BRICKSTORM/Brickstone backdoor for long-term espionage against U.S. legal and tech sectors, exploiting edge-device zero-days and sustaining >1-year dwell time – Brickstorm Spy, Brickstorm Spy
Cisco Talos and other researchers uncovered long-running espionage using a new PlugX variant targeting telco and manufacturing in Central/South Asia, and Check Point warned of Iran’s Nimbus Manticore stepping up Western European intrusions — both using custom tooling and spear-phishing – PlugX Backdoor, Nimbus Manticore
Cybercriminals are increasingly targeting law firms for sensitive client data, amplifying risks from ransomware, extortion, and deepfake-enabled attacks on privileged legal information – Law Firms

Cloudflare mitigated a record-breaking DDoS that peaked at 22.2 Tbps and ~10.6B pps, attributed to the AISURU botnet leveraging vulnerable IoT devices – DDoS Record, DDoS Record
U.S. Secret Service and partners dismantled an illicit cellular network tied to foreign actors — seizing > 300 SIM servers and ~100,000 SIM cards near the UN that could have disrupted emergency and diplomatic communications during the General Assembly – Telecom Threat, Telecom Threat, Telecom Threat

Following NPM and registry attacks (typosquatting, phishing and wormlike packages), GitHub is tightening authentication and publishing rules to harden the npm ecosystem and protect maintainers – NPM Supply

European authorities arrested suspects and dismantled a cross-border crypto investment fraud that netted ~€100M, highlighting multinational cooperation against large-scale scams – Euro Fraud, Euro Fraud
India’s evolving DPDP privacy regime is setting new timelines for breach management and compliance, pressuring organizations to accelerate detection, reporting, and remediation practices – DPDP India

Analysts warn that groups like Salt Typhoon are inspiring adversaries to adopt unconventional intrusion techniques and increased living-off-the-land tactics across telecom and enterprise environments – Salt Typhoon
WhatsApp rolled out on-device message translation for iPhone and Android, improving cross-language chat while preserving privacy protections — a notable security-conscious product update – WhatsApp Update

SHARE THIS STORY