Ticker feed

Harrods has warned customers that personal data including names and contact details was stolen from a third-party provider's system. The luxury London department store emphasized that passwords and payment information weren't compromised in what the provider called an "isolated incident."

This breach is separate from earlier cyberattacks targeting Harrods this year. In May, the store restricted internet access as a precaution after attempted break-ins. Four people were arrested in July for suspected involvement in cyber-attacks against Harrods, Marks & Spencer, and the Co-op.

Harrods has notified authorities and affected customers, working with the third-party provider to address the security incident.

Source: The Guardian

The Cybersecurity and Infrastructure Security Agency issued an emergency directive Thursday after discovering attackers have been exploiting Cisco firewall vulnerabilities since at least November 2024. The attacks began with reconnaissance activity and escalated to memory modification on hundreds of federal government firewalls.

Cisco launched its investigation in May but waited four months to disclose the vulnerabilities and release patches. CISA's Chris Butera said the delay was necessary for proper investigation and patch development. Federal agencies must take immediate action by Friday's deadline.

While officials won't confirm attribution, outside researchers link the espionage campaign to Chinese state-sponsored groups. CISA warns attackers may accelerate or shift tactics now that the vulnerabilities are public.

Source: CyberScoop

CISA issued an emergency directive after discovering state-sponsored hackers are actively exploiting multiple zero-day vulnerabilities in Cisco firewalls and networking equipment. The campaign targets millions of devices, including ASA 5500-X series firewalls and IOS systems.

Three critical flaws allow remote code execution and privilege escalation: CVE-2025-20333 (CVSS 9.9), CVE-2025-20363 (CVSS 9.0), and CVE-2025-20362 (CVSS 6.5). A separate zero-day, CVE-2025-20352, affects SNMP systems in Cisco IOS software.

The attacks appear connected to the ArcaneDoor espionage campaign from spring 2024. Federal agencies must disconnect unsupported devices and upgrade others by September 26. Many affected devices are end-of-life, making immediate patching or replacement critical for organizations worldwide.

Source: Dark Reading

Cybercriminals have stolen names, pictures, and addresses of around 8,000 children from Kido nursery chain, which operates 18 sites across London plus locations in the US, India, and China. The hackers are demanding ransom and claim to possess information about parents and carers, plus safeguarding notes. They've even contacted some families by phone as part of their extortion tactics.

The Metropolitan Police confirmed receiving a ransomware attack report Thursday, with investigations ongoing through their cyber crime unit. The Information Commissioner's Office is also assessing the incident. This attack adds to a growing list of recent cyber-attacks on major companies, including Co-op's £80m profit hit and JLR's factory shutdowns.

Source: The Guardian

Federal cyber authorities issued a rare emergency directive Thursday after discovering ongoing attacks exploiting zero-day vulnerabilities in Cisco firewalls. The campaign, linked to a China-affiliated group called Storm-1849, has targeted multiple government agencies since May using three critical flaws in Cisco's Adaptive Security Appliances.

Attackers can gain full control of compromised devices, install malware, and steal data. The threat group used sophisticated evasion techniques like disabling logging and crashing devices to avoid detection.

Federal agencies have until Friday to hunt for compromises, apply patches, or disconnect vulnerable devices. CISA warns the vulnerabilities pose "unacceptable risk" due to how easily they can be exploited.

Source: CyberScoop

A teenage member of the notorious Scattered Spider cybercrime group has surrendered to authorities in Las Vegas, facing charges including identity theft, extortion, and computer crimes. The arrest comes as the group, along with Lapsus$ and Shiny Hunters, announced they're shutting down operations in a farewell letter posted on hacking forums.

Scattered Spider, known for targeting major companies like MGM Resorts and Caesars Entertainment in 2023, has faced a string of arrests over the past year. The FBI has charged multiple members, including alleged ringleader arrested with $27 million in bitcoin.

Security experts remain skeptical of the shutdown claims, noting continued activity and warning that other threat actors will likely fill any void left behind.

Source: Dark Reading

British police arrested a man in his 40s in West Sussex on Tuesday over a cyberattack that disrupted major European airports last weekend. The attack hit Berlin, Brussels, and London Heathrow airports starting Friday, forcing staff to handwrite boarding passes and use backup systems.

The cyberattack targeted Collins Aerospace software used for check-in, boarding passes, and baggage handling. Berlin Airport warned Wednesday that disruptions could continue for several more days as technicians work to restore secure systems. Heathrow reported most flights were operating normally by Tuesday.

The suspect was released on conditional bail while the National Crime Agency continues investigating.

Source: CBS News

GitHub is implementing stricter security measures for the NPM registry following a series of devastating supply chain attacks over the past three months. The most severe incident involved the Shai-Hulud self-replicating worm, which compromised 195 packages and pushed over 500 malicious versions to the registry last week.

Earlier attacks targeted maintainer Josh Junon's 18 packages (with 2.5 billion weekly downloads) through phishing, and July saw typosquatting attacks on packages with 30 million combined weekly downloads.

GitHub's response includes mandatory two-factor authentication for local publishing, granular tokens expiring after seven days, and trusted publishing that eliminates long-lived tokens. The platform will also deprecate legacy authentication methods and gradually roll out changes to minimize workflow disruption.

Source: Security Week

CISA has issued an urgent warning about a high-severity zero-day vulnerability in Google Chrome that hackers are actively exploiting in attacks. The flaw, tracked as CVE-2025-10585, affects Chrome's V8 JavaScript engine and allows attackers to execute malicious code on victims' computers.

Google's Threat Analysis Group discovered the vulnerability on September 16, 2025. This marks the sixth Chrome zero-day exploited this year, showing attackers continue targeting browser vulnerabilities.

Federal agencies must patch by October 14, 2025, but CISA urges everyone to update immediately. Users should update Chrome to version 140.0.7339.185/.186 through the browser's Help menu. Other Chromium-based browsers like Edge and Brave also need updates.

Source: Cybersecurity News

Iranian cyber-espionage group "Nimbus Manticore" has expanded beyond the Middle East to target critical infrastructure in Denmark, Portugal, and Sweden. The IRGC-linked hackers are hitting defense manufacturing, telecommunications, and aviation companies using two new malware variants: "MiniJunk" and "MiniBrowse."

Their attacks start with fake HR recruitment emails appearing to come from companies like Airbus and Boeing. Victims are directed to phony job sites that download malicious archives disguised as hiring materials.

MiniJunk is a significantly upgraded backdoor that uses advanced obfuscation techniques, code signing, and multiple command servers to avoid detection. The malware can steal files, execute processes, and maintain persistent access to compromised systems.

Check Point researchers say the group's sophisticated tactics represent "a significant increase in the actor's abilities," making detection much harder for defenders.

Source: Dark Reading