Ticker feed

Ransomware attacks on critical infrastructure exploded in 2025, with 4,701 incidents recorded through September—a 34% jump from 2024. Half of these attacks hit vital sectors like manufacturing, healthcare, energy, and finance. The U.S. bore the brunt with 21% of global incidents.

Manufacturing took the biggest hit, seeing attacks surge 61% as criminals targeted companies like Jaguar Land Rover and Bridgestone. Just five ransomware groups were responsible for 25% of all incidents, showing how organized these criminal operations have become.

Experts warn ransomware has evolved from a business nuisance into a national security threat, capable of paralyzing supply chains and undermining public trust in critical services.

Source: Industrial Cyber

A sophisticated cyber espionage campaign dubbed "PassiveNeuron" is targeting government, industrial, and financial organizations across Asia, Africa, and Latin America. The attackers deploy two custom malware tools—Neursite and NeuralExecutor—specifically designed to compromise Windows servers.

Kaspersky researchers discovered the campaign in June 2024, with new infections observed through August 2025. The malware focuses on Microsoft SQL Server software, likely exploiting vulnerabilities or brute-forcing database credentials for initial access.

While early clues pointed to Russian actors, researchers now attribute the campaign to Chinese-speaking threat groups with "low confidence," citing similarities to previous EastWind operations and the use of GitHub for command-and-control communications. Organizations should prioritize server security and patch SQL injection vulnerabilities.

Source: Dark Reading

Aussie Fluid Power, an Australian hydraulic equipment supplier, confirmed a cyberattack after ransomware group Anubis claimed responsibility last week. The breach compromised employee, customer, and supplier information through unauthorized access to company IT systems.

The company has engaged forensic experts and reported the incident to the Australian Cyber Security Centre while strengthening security protocols. They're contacting affected stakeholders and apologizing for the breach.

This attack highlights the manufacturing sector's vulnerability, with ransomware incidents surging 87% against industrial organizations. Manufacturing faced a 71% rise in cyberattacks in 2024, with 79% carried out by cybercriminals.

Source: Industrial Cyber

AT&T customers affected by two major data breaches have until December 18, 2025, to claim their share of a $177 million settlement. The 2019 breach exposed personal data including Social Security numbers for 73 million customers, while the 2024 Snowflake hack accessed phone records for 109 million users.

Customers who can prove documented losses can receive up to $5,000 for the 2019 breach or $2,500 for the 2024 incident. Those without proof still get cash payments based on which data was compromised. You need a Class Member ID from Kroll's notification email to file a claim, or call 833-890-4930 if you didn't receive one.

Source: CNET

Chinese cyber group Salt Typhoon exploited a Citrix NetScaler Gateway vulnerability to infiltrate a European telecommunications company in July 2025. The hackers used advanced techniques including DLL sideloading and deployed SNAPPYBEE backdoor malware, hiding malicious code within legitimate antivirus software from Norton and other vendors.

Salt Typhoon, active since 2019, has targeted critical infrastructure across 80+ countries including telecommunications, energy, and government systems. The group used SoftEther VPN to mask their location and established communication with command-and-control servers.

Darktrace researchers identified the attack through behavioral anomalies, emphasizing that traditional signature-based detection isn't enough against sophisticated state-sponsored groups that blend into normal network operations.

Source: Infosecurity Magazine

A researcher has released working exploit code for CVE-2025-59287, a critical Windows Server Update Services vulnerability that lets attackers execute code remotely without authentication. The flaw affects all Windows Server versions from 2012 to 2025 and scores 9.8 out of 10 for severity.

The bug stems from unsafe data handling in WSUS's cookie processing system. Attackers can send malicious requests to port 8530, triggering code execution with full system privileges. Microsoft warns the vulnerability is "wormable," meaning it could spread across networks automatically.

With public exploit code now available on GitHub, unpatched WSUS servers face immediate risk. Organizations should apply Microsoft's October 2025 security updates immediately and restrict network access to WSUS servers until patching is complete.

Source: Cyber Security News

Renault UK suffered a cyber attack through a third-party data provider, exposing customer names, addresses, birth dates, phone numbers, and vehicle details. The car manufacturer emphasized that no financial information or passwords were compromised in what they called an "isolated incident."

Unlike Jaguar Land Rover's recent attack that shut down UK production, Renault's manufacturing operations remain unaffected since their own systems weren't breached. The company is contacting affected customers and has notified authorities, though they won't reveal how many people were impacted.

This marks another major automotive cyber attack following JLR's August breach, highlighting the growing threat to car companies' data security.

Source: Sky News

European authorities dismantled "SIMCARTEL," a sophisticated cybercrime operation that used 40,000 SIM cards to facilitate phishing attacks and fraud across more than 80 countries. The October 10 raids in Austria, Estonia, and Latvia resulted in seven arrests and seizure of 1,200 SIM box devices.

The network created 49 million fake accounts for social media and communication platforms, enabling criminals to hide their identities while conducting scams. Investigators linked the operation to over 3,200 fraud cases, including investment scams and fake emergencies, causing $5.8 million in losses.

Authorities seized luxury vehicles, froze $833,000 in accounts, and shut down servers supporting the criminal infrastructure. The case highlights the growing threat of SIM farms worldwide.

Source: CyberScoop

Tim Brown, SolarWinds' chief information security officer, lived through a nightmare when Russian hackers infiltrated his company's software in December 2020. The attack compromised 18,000 clients including the US Treasury and Commerce departments through tainted Orion network monitoring software.

Brown lost 25 pounds in 20 days from stress, appearing on major news outlets while coordinating the global response. The company had to abandon email, bring staff into the office during COVID, and spend six months rebuilding security systems.

The fallout was severe: lawsuits, SEC charges against Brown personally, and a $26 million settlement. The stress eventually triggered a heart attack when Brown learned he was being charged. Despite everything, he stayed with SolarWinds, saying "it happened on my watch."

Source: The Guardian

Russia, China, Iran, and North Korea have dramatically escalated their use of AI in cyberattacks against the United States, according to Microsoft's latest threat report. The tech giant identified over 200 instances of AI-generated fake content in July alone—double the previous year and ten times higher than 2023.

These adversaries are using AI to create sophisticated phishing emails, generate digital clones of government officials, and automate attacks on critical infrastructure like hospitals and transportation networks. The US remains the top global target, followed by Israel and Ukraine.

Microsoft warns this represents a "pivotal moment" as outdated cyber defenses struggle against rapidly evolving AI-enhanced threats. The company urges immediate investment in cybersecurity basics to counter these escalating digital dangers.

Source: Security Week