Ticker feed

UK car production plummeted 27.1% in September after a devastating cyber attack shut down Jaguar Land Rover for five weeks. The attack halted all manufacturing at JLR's West Midlands and Merseyside plants from late August to early October, with zero vehicles produced during that period.

The breach is considered the most financially damaging cyber attack in UK history, costing an estimated £1.9 billion. September's output hit the lowest level since 1952, worse than during COVID lockdowns.

While JLR has restarted production, the automotive sector remains under severe pressure. Nearly half of September's limited output was electric or hybrid vehicles, with 76% destined for export to the EU, US, and Asia.

Source: Sky News

GCHQ head Anne Keast-Butler told companies Wednesday they must prepare for inevitable cyber attacks, including keeping paper copies of crisis plans in case all systems go down. Her warning comes as "highly significant" cyber attacks jumped 50% in the past year, with security agencies now handling several new attacks weekly.

The Jaguar Land Rover hack in August exemplifies the threat, costing the UK economy an estimated £1.9bn and potentially becoming Britain's most expensive cyber attack. JLR shut down all factories and offices, with production possibly disrupted until January.

Keast-Butler urged companies to add cybersecurity experts to their boards and share attack information with government agencies through "safe spaces" that protect commercial secrets.

Source: The Guardian

Chinese threat actors exploited the ToolShell vulnerability (CVE-2025-53770) just two days after Microsoft patched it in July 2025, compromising a Middle Eastern telecom company and government agencies across Africa and South America. Symantec researchers linked the attacks to Chinese groups Glowworm and UNC5221, who deployed malware including Zingdoor and KrustyLoader.

The hackers targeted critical infrastructure through mass scanning, then focused on networks of interest for espionage. They used legitimate tools like Trend Micro and BitDefender binaries to hide their malicious payloads, demonstrating sophisticated tradecraft.

Microsoft previously identified three Chinese groups exploiting ToolShell, including Budworm and Storm-2603. The widespread targeting suggests coordinated state-sponsored activity aimed at stealing credentials and maintaining persistent access to victim networks.

Source: Industrial Cyber

The Iranian threat group MuddyWater is conducting a massive cyberespionage campaign targeting over 100 government organizations across the Middle East and North Africa. The campaign, discovered by Group-IB, began August 19 and uses phishing emails sent through a compromised mailbox accessed via NordVPN to appear legitimate.

Victims receive blurred Word documents that prompt them to enable macros, which then deploy the Phoenix backdoor version 4 through a FakeUpdate injector. The malware establishes persistence and connects to command-and-control servers for intelligence gathering. Targets include embassies, diplomatic missions, and foreign affairs ministries, supporting MuddyWater's geopolitical objectives and Iran's Ministry of Intelligence operations.

Source: Dark Reading

The September cyber attack on Jaguar Land Rover has become Britain's costliest cyber incident ever, with analysts estimating damages at £1.9 billion. The hack shut down JLR's global production for five weeks starting September 1st, affecting major UK plants in Solihull, Halewood, and Wolverhampton.

The Cyber Monitoring Centre found 5,000 businesses caught in the supply chain disruption, with full recovery not expected until January 2026. JLR will bear more than half the costs through lost earnings and recovery expenses, while thousands of suppliers and local businesses face ongoing impacts.

The attack's exact nature remains unclear. JLR is gradually restarting production but declined to comment on the damage estimates.

Source: BBC

Ransomware attacks on critical infrastructure exploded in 2025, with 4,701 incidents recorded through September—a 34% jump from 2024. Half of these attacks hit vital sectors like manufacturing, healthcare, energy, and finance. The U.S. bore the brunt with 21% of global incidents.

Manufacturing took the biggest hit, seeing attacks surge 61% as criminals targeted companies like Jaguar Land Rover and Bridgestone. Just five ransomware groups were responsible for 25% of all incidents, showing how organized these criminal operations have become.

Experts warn ransomware has evolved from a business nuisance into a national security threat, capable of paralyzing supply chains and undermining public trust in critical services.

Source: Industrial Cyber

A sophisticated cyber espionage campaign dubbed "PassiveNeuron" is targeting government, industrial, and financial organizations across Asia, Africa, and Latin America. The attackers deploy two custom malware tools—Neursite and NeuralExecutor—specifically designed to compromise Windows servers.

Kaspersky researchers discovered the campaign in June 2024, with new infections observed through August 2025. The malware focuses on Microsoft SQL Server software, likely exploiting vulnerabilities or brute-forcing database credentials for initial access.

While early clues pointed to Russian actors, researchers now attribute the campaign to Chinese-speaking threat groups with "low confidence," citing similarities to previous EastWind operations and the use of GitHub for command-and-control communications. Organizations should prioritize server security and patch SQL injection vulnerabilities.

Source: Dark Reading

Aussie Fluid Power, an Australian hydraulic equipment supplier, confirmed a cyberattack after ransomware group Anubis claimed responsibility last week. The breach compromised employee, customer, and supplier information through unauthorized access to company IT systems.

The company has engaged forensic experts and reported the incident to the Australian Cyber Security Centre while strengthening security protocols. They're contacting affected stakeholders and apologizing for the breach.

This attack highlights the manufacturing sector's vulnerability, with ransomware incidents surging 87% against industrial organizations. Manufacturing faced a 71% rise in cyberattacks in 2024, with 79% carried out by cybercriminals.

Source: Industrial Cyber

AT&T customers affected by two major data breaches have until December 18, 2025, to claim their share of a $177 million settlement. The 2019 breach exposed personal data including Social Security numbers for 73 million customers, while the 2024 Snowflake hack accessed phone records for 109 million users.

Customers who can prove documented losses can receive up to $5,000 for the 2019 breach or $2,500 for the 2024 incident. Those without proof still get cash payments based on which data was compromised. You need a Class Member ID from Kroll's notification email to file a claim, or call 833-890-4930 if you didn't receive one.

Source: CNET

Chinese cyber group Salt Typhoon exploited a Citrix NetScaler Gateway vulnerability to infiltrate a European telecommunications company in July 2025. The hackers used advanced techniques including DLL sideloading and deployed SNAPPYBEE backdoor malware, hiding malicious code within legitimate antivirus software from Norton and other vendors.

Salt Typhoon, active since 2019, has targeted critical infrastructure across 80+ countries including telecommunications, energy, and government systems. The group used SoftEther VPN to mask their location and established communication with command-and-control servers.

Darktrace researchers identified the attack through behavioral anomalies, emphasizing that traditional signature-based detection isn't enough against sophisticated state-sponsored groups that blend into normal network operations.

Source: Infosecurity Magazine