Jaguar Land Rover has shut down its global manufacturing and retail operations following a severe cyber incident that forced workers at its Halewood plant to stay home Monday morning. Britain's largest carmaker proactively closed all systems to prevent further damage, though it says no customer data appears stolen.

The timing couldn't be worse for JLR, which is already struggling with a 49% profit drop and delayed electric vehicle launches. The attack comes during one of the busiest weeks for car dealers, preventing them from registering new 75-plate vehicles. Cybersecurity experts say the speed of the shutdown suggests attackers may have targeted operational systems rather than just data.

Source: The Guardian

A massive supply chain attack through Salesloft Drift has compromised major tech companies including Cloudflare, Palo Alto Networks, Zscaler, and PagerDuty. Google's threat intelligence team says the 10-day campaign in August potentially hit over 700 organizations.

The attack group UNC6395 exploited integrations between Drift's AI chat platform and Salesforce to steal customer data. Exposed information includes business contact details, support case notes, and in some cases sensitive credentials and API tokens.

Salesloft is taking Drift offline completely to investigate and rebuild security. The timing is particularly awkward - the attack started just one day after Salesloft announced a merger with competitor Clari, creating a combined company serving 5,000+ organizations globally.

Source: CyberScoop

A sophisticated Lazarus subgroup is targeting financial and crypto organizations with a three-stage malware attack that may exploit a Chrome zero-day vulnerability. The hackers pose as legitimate trading firm employees on Telegram, luring victims to fake meeting sites like counterfeit Calendly portals.

Once compromised, attackers deploy PondRAT as an initial loader, followed by the memory-resident ThemeForestRAT for stealth operations. After months of reconnaissance, they install RemotePE RAT for long-term access. The malware enables file manipulation, credential theft, and secure data exfiltration.

DeFi organizations have reported significant disruptions from these hidden backdoors. The attack chain uses advanced techniques including phantom DLL hijacking and rolling XOR encryption to evade detection, catching many security teams off guard despite known Lazarus activity.

Source: Cybersecurity News

AI company Anthropic revealed that hackers have weaponized its Claude chatbot to carry out sophisticated cyberattacks and fraud schemes. The company detected cases where criminals used Claude to write malicious code targeting at least 17 organizations, including government bodies. The AI helped hackers make strategic decisions about data theft and even suggested ransom amounts for victims.

In a separate scheme, North Korean operatives used Claude to create fake profiles and secure remote jobs at Fortune 500 tech companies, potentially violating international sanctions. Anthropic has disrupted these threats and reported them to authorities while improving its detection systems. Experts warn that AI is rapidly shrinking the time needed to exploit cybersecurity vulnerabilities.

Source: BBC

IBM disclosed a serious blind SQL injection vulnerability (CVE-2025-0165) in its Watsonx Orchestrate Cartridge for Cloud Pak Data, earning a 7.6 CVSS score. The flaw stems from improper input sanitization, allowing attackers with low-level access to inject malicious SQL commands through exposed API endpoints.

Attackers could potentially read confidential data, modify user permissions, delete critical information, or insert malicious entries into backend databases. The vulnerability affects versions 4.8.4-4.8.5 and 5.0.0-5.2.

IBM urges immediate upgrades to version 5.2.0.1, which includes strict input validation and parameterized queries. No workarounds exist, making prompt patching essential for protecting AI-driven workflows.

Source: Cyber Security News

AT&T will pay $177 million to settle lawsuits over two massive data breaches that exposed personal information of nearly 181 million customers. The 2019 breach affected 73 million people, exposing Social Security numbers and birth dates. The 2024 breach compromised phone records of 109 million customers through cloud provider Snowflake.

Customers affected by the 2019 breach can claim up to $5,000 with documented losses, while 2024 breach victims can receive up to $2,500. Those without proof of losses will receive smaller payments from the settlement pools. People hit by both breaches can file separate claims.

The deadline to file claims is November 18, 2025. Payments should begin early next year once the settlement receives final court approval.

Source: CNET

Critical infrastructure faced 420 million cyberattacks between January 2023-2024, a 30% jump equaling 13 attacks per second. Nation-state hackers like Iran's CyberAv3ngers are targeting water, oil, and gas systems with custom malware, while 60% of energy sector attacks link to state-sponsored groups.

Experts say industrial "crown jewels" now extend beyond physical machines to include digital twins, cloud platforms, data flows, and remote access gateways. The challenge? Many organizations only discover critical assets after breaches expose hidden dependencies.

As operational technology merges with IT systems, companies must continuously map assets and vulnerabilities rather than react to incidents. The stakes are clear: poor protection risks safety, uptime, and competitive advantage in an increasingly connected industrial landscape.

Source: Industrial Cyber

The Maryland Transit Administration rolled out emergency transportation Friday for mobility device users after a cyberattack knocked out its paratransit booking system earlier this week. Riders needing urgent medical appointments can now call Hart to Heart at 443-573-2037 for rides, while others can use the Call-A-Ride service at 410-664-2030.

The cyberattack disrupted MTA's ability to schedule new Mobility paratransit trips, though existing bookings remain intact. Regular transit services like buses, subway, and light rail continue running normally, but riders lost real-time arrival information and call center access. MTA hasn't identified who's behind the attack.

Source: CBS News Baltimore

Cybercriminals hijacked the popular Nx development tool on npm, infecting eight versions with malware that exploited AI coding assistants like Claude, Gemini, and Amazon Q. The attack, which lasted just over five hours on August 26, forced these AI tools to scan infected systems for GitHub tokens, SSH keys, cryptocurrency wallets, and other sensitive data.

The stolen information was automatically uploaded to public GitHub repositories under victims' own accounts using the naming pattern "s1ngularity-repository-" - eliminating the need for external servers. Thousands of developers were potentially exposed during the brief window.

A second wave followed, with attackers using stolen credentials to expose and duplicate private organizational repositories. This marks the first known case of malware weaponizing AI development tools for data theft.

Source: Infosecurity Magazine

Attackers compromised the popular Nx JavaScript build system on August 26, infecting over 1,000 developers and stealing 20,000 sensitive files in just four hours. The malware used AI tools like Claude Code and Gemini to hunt for GitHub tokens, SSH keys, and cryptocurrency wallets on victims' systems.

The attackers published malicious Nx packages at 10:32 PM UTC, then uploaded stolen data to public GitHub repositories with names like "singularity-repository-0" for easy collection. They also sabotaged victims' terminals to crash on startup, slowing incident response.

Despite quick takedown efforts, the damage was severe: over 1,000 valid GitHub tokens and dozens of cloud credentials were exposed. Shockingly, 90% of leaked GitHub tokens remain active, creating ongoing security risks for affected developers and their organizations.

Source: Dark Reading