Ticker feed

Jaguar Land Rover's production lines have sat idle for over a month after a devastating cyber attack in late August, costing an estimated £50 million per week. The attack hit during peak demand season, forcing thousands of suppliers into financial crisis.

This isn't isolated. Major retailers like Marks & Spencer and Co-op have faced attacks costing £300 million and £120 million respectively this year. A government survey found 612,000 UK businesses were targeted by hackers.

Experts blame the surge on teenage hackers renting ransomware from Russian criminals, targeting companies with vulnerable "just-in-time" supply chains. The UK's "laissez-faire" approach to cyber security over 15 years is now backfiring, with critical infrastructure increasingly at risk.

Source: BBC

A new 88-page Booz Allen Hamilton report warns that China has developed a sophisticated cyber strategy using AI, supply chain infiltration, and edge device exploitation to gradually erode U.S. strategic advantages globally. The report identifies four key force multipliers Beijing uses: trusted-relationship compromise, edge device exploitation, AI acceleration, and attribution contestation.

China's cyber operations target three strategic arenas: constraining U.S. power in East Asia, fracturing alliance coordination in Europe and Five Eyes countries, and embedding leverage across developing nations. The strategy exploits vendor relationships and PRC-manufactured networking hardware to maintain persistent access to critical infrastructure.

Booz Allen emphasizes this isn't just isolated cyber intrusions but a coordinated national effort to reshape global competition. The report recommends urgent action including zero-trust architecture implementation, vendor access reform, and proactive strategic engagement to counter China's growing cyber dominance before these advantages become permanent.

Source: Industrial Cyber

A critical security flaw (CVE-2025-27237) in Zabbix Agent and Agent 2 for Windows lets attackers with local access escalate privileges through DLL injection attacks. The vulnerability, scored 7.3 (High), affects versions 6.0.0-6.0.40, 7.0.0-7.0.17, 7.2.0-7.2.11, and 7.4.0-7.4.1.

The issue stems from improper handling of OpenSSL configuration files, where low-privileged users can modify the config path to inject malicious DLLs. When the agent restarts, it loads the malicious code with elevated system privileges.

Zabbix has released patches (versions 6.0.41, 7.0.18, 7.2.12, and 7.4.2) that fix the access controls. System administrators should update immediately, as no workarounds exist for this widespread enterprise monitoring solution vulnerability.

Source: Cyber Security News

UK schools are facing a cyber security crisis, with 60% of secondary schools suffering attacks or breaches in the past year, according to new government data. The numbers are even worse for colleges (80%) and universities (90%), compared to just 40% of private businesses.

Phishing emails targeting passwords are the most common attack method. Recent ransomware hits include West Lothian council's education network and several universities like Newcastle and Manchester. Experts say schools aren't deliberately targeted but get "caught up in the dragnet" of opportunistic cybercrime.

Funding pressures leave state schools particularly vulnerable, while universities face risks from thousands of students who may lack cyber awareness. The government is considering banning ransomware payments for public institutions.

Source: The Guardian

Security researchers at LayerX discovered a dangerous vulnerability called "CometJacking" that weaponizes Perplexity's AI-powered Comet browser against users. The attack works through a single malicious URL that tricks the browser's AI assistant into stealing personal data from connected services like Gmail and Google Calendar.

Unlike traditional browser attacks, CometJacking exploits the trust relationship between users and their AI assistants. When someone clicks the malicious link, hidden commands in the URL instruct the AI to access user memory and encode stolen data using base64 before sending it to attacker-controlled servers.

Researchers successfully demonstrated email theft and calendar harvesting during testing. LayerX reported the vulnerability to Perplexity in August 2025, but the company initially dismissed it as having "no security impact."

Source: Cybersecurity News

A Chinese cybercrime group called UAT-8099 is hijacking web servers at universities, tech companies, and telecom providers worldwide to run a sophisticated dual-purpose operation. The hackers exploit vulnerable Internet Information Services (IIS) servers, then install "BadIIS" malware that floods search engines with gambling-related spam terms while redirecting unsuspecting users to illegal gambling sites.

The attack is particularly clever because legitimate visitors see nothing unusual, making it nearly invisible to website owners. Meanwhile, the hackers steal sensitive data including credentials and certificates for future attacks or dark web sales.

Victims span multiple countries including Brazil, Canada, India, Thailand, and Vietnam. Security experts warn that the same vulnerabilities could be exploited for more damaging attacks like credential theft or website defacement.

Source: Dark Reading

Japan's most popular beer brand Asahi could run out within hours after a cyber attack on Monday shut down dozens of factories nationwide. The breach disabled ordering and delivery systems, forcing supermarkets and izakayas (Japanese pubs) to face potential shortages.

One wholesaler expects to exhaust beer kegs by Saturday, while Tokyo izakaya owner Akira Kudo already can't get one of his regular Asahi brands. The company suspended launches of new products including soft drinks and coffee.

Asahi executives are working with police to investigate possible ransomware, stressing no customer data leaked. With Japanese consumers drinking 34.5 liters of beer annually and Asahi commanding fierce loyalty, retailers fear panic buying as they consider stocking alternative brands.

Source: Sky News

Oracle confirmed that customers using its E-Business Suite software have received extortion emails claiming sensitive data theft. The company's investigation suggests attackers exploited known vulnerabilities that were patched in Oracle's July 2025 Critical Patch Update, which fixed around 200 flaws.

Google Threat Intelligence and Mandiant researchers discovered the extortion campaign, with emails allegedly coming from the notorious Cl0p cybercrime group and sent from accounts linked to FIN11. While researchers haven't verified the hackers' theft claims, both groups have previously targeted enterprise software vulnerabilities.

Oracle's July update addressed nine E-Business Suite vulnerabilities, including three remotely exploitable flaws without authentication and three high-severity issues. This follows Oracle's earlier admission that hackers stole data from a legacy cloud environment.

Source: SecurityWeek

Phishing attacks are rapidly shifting from email to mobile platforms, with 41% of incidents now using multichannel tactics including SMS (smishing), voice calls (vishing), and QR codes (quishing). These mobile-first attacks bypass traditional email security defenses that enterprises spend millions on annually.

The three fastest-growing attack methods all target mobile devices directly. Smishing uses text messages disguised as trusted contacts or urgent alerts. Vishing employs spoofed phone calls from fake executives or IT departments. Quishing tricks users into scanning malicious QR codes that feel routine and safe.

While the global email security market is expected to grow from $5.17 billion to $10.68 billion by 2032, mobile security investment remains minimal. This creates a dangerous blind spot as attackers exploit the human layer where users are most distracted and vulnerable on their phones.

Source: Dark Reading

Cybercriminals calling themselves Radiant have deleted stolen data from thousands of children at UK-based Kido nurseries after facing widespread criticism from both the public and fellow hackers. The gang had demanded £600,000 in bitcoin from Kido but removed the sensitive information from their extortion website following a backlash.

Even other criminals on underground forums told Radiant to stop targeting children, with one hacker writing "reputation important, don't attack child right." The group apologized, saying "We are sorry for hurting kids" and confirmed all data on under-19s had been deleted.

Cybersecurity experts say the move wasn't kindness but damage control, as targeting children hurt the group's credibility in criminal circles.

Source: The Guardian