Ticker feed

Japan's largest brewer Asahi was forced to halt production at most of its 30 factories after a ransomware attack last month disrupted operations from beer shipments to accounting systems. The company now says personal data may have been stolen during the breach.

All facilities have partially reopened, but computer systems remain down, forcing staff to process orders using pen, paper, and fax machines. Russia-based ransomware group Qilin claimed responsibility for the attack.

Asahi is investigating the extent of data theft and will notify affected individuals if confirmed. The attack only impacted Japanese operations, which represent half of the company's sales, leaving international brands like Peroni and Grolsch unaffected.

Source: BBC

Svenska kraftnät, Sweden's national electricity transmission system operator, is investigating a data breach linked to the Everest ransomware group. The cyberattack targets critical infrastructure responsible for managing Sweden's power grid operations.

The breach raises serious concerns about national energy security, as Svenska kraftnät oversees the country's high-voltage electricity transmission network. Ransomware attacks on power grid operators can potentially disrupt electricity supply and compromise sensitive operational data.

The investigation is ongoing as authorities work to determine the full scope of the breach and any potential impact on Sweden's electrical infrastructure.

Source: Industrial Cyber

Kaspersky researchers discovered that a Chrome zero-day vulnerability (CVE-2025-2783) was exploited earlier this year using commercial spyware called "Dante" from Memento Labs. The attacks, part of "Operation ForumTroll," targeted government and private entities in Russia and Belarus through personalized phishing emails.

Memento Labs is the successor to Hacking Team, which was compromised in 2015 but relaunched in 2019. The sophisticated exploit bypassed Chrome's sandbox protections by exploiting an obscure Windows quirk involving "pseudo handles" - a decades-old optimization that became a security vulnerability.

This case highlights how commercial spyware vendors are driving zero-day attacks against major tech companies. Google has patched the flaw, but researchers warn similar vulnerabilities may exist in other applications.

Source: Dark Reading

Cybercriminals are actively exploiting a critical Windows Server Update Services vulnerability that bypasses Microsoft's earlier patch from this month. The tech giant released an emergency fix Thursday for CVE-2025-59287, but researchers detected live attacks by Friday.

Over 2,800 vulnerable servers remain exposed online, with 28% located in the United States. Security firm Huntress has tracked five active attacks so far. The flaw affects software dating back to 2012 and allows attackers to gain complete system control without authentication.

The risk extends beyond individual servers—attackers could potentially push malware to entire networks disguised as legitimate Microsoft updates, turning trusted update systems into distribution weapons.

Source: CyberScoop

A cyberattack on Jaguar Land Rover in late August has cost the UK economy an estimated £1.9 billion, making it potentially Britain's most expensive cyber incident ever. The hack forced JLR to shut down all factories and offices, affecting 5,000 organizations across its supply chain.

The carmaker, which produces about 1,000 vehicles daily across three UK factories, only managed a limited restart in early October and won't return to full production until January. Smaller suppliers were forced to lay off thousands of workers due to cash flow problems.

The government promised JLR a £1.5 billion loan guarantee in September to help support suppliers. The Cyber Monitoring Centre ranked this as a category 3 systemic event, with losses potentially higher if production delays continue.

Source: The Guardian

The Agenda ransomware group (also called Qilin) has infected 591 victims across 58 countries since January 2025, with the U.S. leading at 295 incidents. Trend Micro researchers discovered the group's sophisticated approach: deploying Linux ransomware on Windows systems while exploiting legitimate remote access tools to avoid detection.

The attackers use fake Google CAPTCHA pages to steal credentials, then target backup systems like Veeam to harvest more passwords and disable recovery options. Manufacturing (92 incidents), technology (68), and healthcare (61) sectors face the heaviest attacks.

This cross-platform strategy bypasses traditional Windows-focused security tools, making detection extremely difficult. Organizations using remote access platforms or hybrid Windows/Linux environments face the highest risk.

Source: Industrial Cyber

Cybercriminals have developed a new phishing campaign that uses randomly generated Universal Unique Identifiers (UUIDs) to slip past Secure Email Gateways undetected. Discovered by Cofense researchers in February 2025, the attack hides malicious JavaScript in fake file-sharing documents from platforms like OneDrive and DocuSign.

When victims click these documents, the script randomly selects from nine bulk-generated .org domains and creates unique UUIDs to track each target. Instead of typical redirects that change URLs, it uses sophisticated DOM manipulation to replace webpage content in real-time, creating personalized login pages that match the victim's company branding.

This server-driven approach makes the phishing pages look incredibly legitimate, significantly increasing the chances victims will enter their credentials.

Source: Cybersecurity News

Medical Specialist Group (MSG) in Guernsey faces a £100,000 fine after hackers stole thousands of patient emails containing confidential health data. The breach started in August 2021 but went undetected for over three months. Criminals later used the stolen information in phishing campaigns targeting patients.

The Office of the Data Protection Authority found MSG failed to install critical security updates and missed opportunities to detect the attack. Commissioner Brent Homan said medical information requires the highest protection levels, which MSG failed to provide.

MSG must pay £75,000 within 60 days, with another £25,000 due in 14 months unless they complete an approved action plan.

Source: BBC News

Cybercriminals are rapidly adopting AI-powered tools while nation-state hackers increasingly collaborate with financially motivated groups, according to Trellix's latest threat report covering April-September 2025.

The industrial sector bore the brunt of attacks, accounting for 36.57% of all ransomware victims. Qilin emerged as the dominant ransomware group after RansomHub's collapse, responsible for 441 victim posts and showing a clear preference for industrial targets.

The report documented the first AI-powered infostealer, LameHug, attributed to Russian APT28 hackers. This malware uses large language models to generate dynamic attack commands, marking a significant shift from theoretical AI threats to operational weapons.

Geopolitical tensions drove cyber activity spikes, particularly during Taiwan Strait military exercises in April and Israel-Iran conflicts in June. PowerShell remains the top attack vector, used in 77.7% of ransomware campaigns.

Source: Industrial Cyber

Microsoft released an emergency patch Thursday for a critical Windows Server vulnerability that's already being exploited by hackers. The flaw, CVE-2025-59287, affects the Windows Server Update Service (WSUS) and earned a severe 9.8 security rating.

The bug allows attackers to remotely execute code on vulnerable systems through unsafe object deserialization. Microsoft's initial October patch was incomplete, prompting the emergency fix after cybersecurity firms spotted active attacks targeting exposed WSUS servers on ports 8530 and 8531.

CISA added the vulnerability to its Known Exploited Vulnerabilities catalog Friday. Organizations can temporarily protect themselves by disabling the WSUS Server Role or blocking traffic to the affected ports.

Source: Dark Reading