Ticker feed

Flight delays continue plaguing major European airports including London Heathrow, Brussels, Dublin, and Berlin following Friday's ransomware attack on Collins Aerospace. The cyber-attack targeted the company's Muse software used for check-in and boarding systems across multiple airlines worldwide.

Collins Aerospace, a subsidiary of RTX, says it's in final stages of restoring full functionality while working with four affected airports. Airport staff have resorted to manual processing as kiosks and bag-drop machines remain offline. Brussels canceled 63 flights on Monday alone.

The EU's cybersecurity agency confirmed it was ransomware, where hackers lock systems demanding payment. Officials suggest state-sponsored actors could be responsible, though private entities remain possible culprits. Airline stocks dropped Monday, with IAG falling 1.2% and easyJet down 1.4%.

Source: The Guardian

A cyber attack on RTX's Muse software has crippled check-in systems at major European airports including London Heathrow, Brussels, Berlin, and Dublin for three straight days. The software handles passenger check-ins, boarding passes, and baggage tagging across multiple airlines.

Airlines were forced to resort to pen-and-paper check-ins as the digital systems remained offline. Heathrow reported that most flights continued operating despite delays, while Brussels Airport directly called it a "cyber attack."

Security experts warn these supply chain attacks are becoming more frequent in aviation, exploiting shared systems that serve multiple airlines simultaneously. The incident highlights the industry's vulnerability when critical third-party platforms fail.

Source: Infosecurity Magazine

Cybercriminals are increasingly attacking industrial control systems (ICS) using malicious JavaScript and fake vendor websites. In Q2 2025, 6.49% of ICS computers blocked these web-based threats, making them the top danger to industrial networks.

Attackers send phishing emails with links to cloned vendor portals. When workers click these links, malicious scripts automatically download and create backdoors into critical systems. The criminals then steal credentials and can directly control programmable logic controllers and SCADA systems.

Several attacks caused real damage—one altered chemical processing temperatures, triggering emergency shutdowns. Another disabled safety systems after stealing privileged accounts through fake support portals. Africa and Southeast Asia saw the most attacks, while Northern Europe faced fewer attempts.

Source: Cybersecurity News

A cyberattack on Friday night disrupted check-in and boarding systems at major European airports including Brussels, Berlin's Brandenburg, and London's Heathrow on Saturday. The attack targeted Collins Aerospace's MUSE software, forcing airports to resort to manual check-in processes.

Brussels Airport saw nine flight cancellations and 15 delays of over an hour, though the overall impact remained limited. Passengers faced longer waits as staff had to write baggage tags by hand at understaffed counters.

Experts called the attack "very clever" since it hit multiple airports simultaneously through a single system provider. The aviation industry's reliance on shared digital platforms makes it an attractive target for cybercriminals, with the attack's motive still unclear.

Source: Security Week

Security researcher "Ynwarcs" has published proof-of-concept exploit code for CVE-2024-38063, a critical zero-click vulnerability affecting all Windows systems with IPv6 enabled. Originally discovered by XiaoWei of Kunlun Lab, this remote code execution flaw targets Windows 10, Windows 11, and Windows Server without requiring any user interaction.

The exploit code is now available on GitHub for researchers to study, but this also increases the risk of malicious actors exploiting the vulnerability. Microsoft is urging users to install the latest security updates immediately to protect against potential attacks. Organizations should prioritize patching and monitor for unusual IPv6 packet activity.

Source: Dark Reading

A devastating cyberattack has crippled Jaguar Land Rover for three weeks, forcing the closure of all factories in the UK, Slovakia, Brazil, and India. The hack, discovered in late August, has left Britain's largest automotive employer unable to produce vehicles, potentially costing hundreds of millions of pounds.

The attack exposed vulnerabilities in JLR's interconnected "smart factory" systems, managed by outsourcing giant Tata Consultancy Services under an £800m contract. When hackers breached the network, JLR couldn't isolate affected systems and was forced to shut down everything.

The crisis threatens JLR's entire supply chain of 700+ companies across the West Midlands. Workers remain furloughed with no clear restart date, while suppliers face potential bankruptcy. The government is providing daily support and considering financial aid for struggling suppliers as the automotive industry braces for a prolonged shutdown.

Source: The Guardian

Researchers at Radware discovered a clever attack called "ShadowLeak" that allowed hackers to steal emails from ChatGPT users completely undetected. The attack worked by embedding hidden malicious code in normal-looking emails using tiny or white text. When victims asked ChatGPT to summarize their emails, the AI would read the hidden code and secretly send email contents to attacker-controlled servers.

The attack left zero traces on company networks since everything happened through OpenAI's infrastructure. Researchers found ChatGPT followed malicious instructions about half the time, with success rates improving when attackers added urgency like "HR compliance checks." OpenAI quietly fixed the vulnerability in August after Radware reported it in June, though the exact solution remains unclear.

Source: Dark Reading

A high court judge has overturned the Home Office's decision to prioritize US extradition over Portugal's request for Diogo Santos Coelho, a 25-year-old Portuguese man with autism facing cybercrime charges.

Coelho, who ran the hacking forum RaidForums, was allegedly groomed online from age 14 and exploited by adults. He faces up to 52 years in US prison but has been assessed as high suicide risk and wants to face justice in Portugal, his home country, where he has family support.

Justice Linden ruled that former Home Secretary James Cleverly failed to properly consider Coelho's mental health, autism diagnosis, victim status under modern slavery laws, and family connections. The current Home Secretary must now reconsider the decision, allowing Coelho to argue why Portugal should take priority.

Source: The Guardian

UK authorities arrested two alleged Scattered Spider hackers: Thalha Jubair, 19, from East London, and Owen Flowers, 18, from West Midlands. Both face UK charges for attacking Transport for London's systems.

Jubair also faces US charges for allegedly orchestrating over 120 cyberattacks worldwide, including 47 against American organizations. Prosecutors say his group used social engineering to steal data and demand ransoms, collecting more than $115 million between May 2022 and September 2025. Jubair controlled wallets containing $36 million in cryptocurrency and faces up to 95 years in prison.

The arrests come as Scattered Spider announced its retirement, though cybersecurity experts remain skeptical and report continued activity targeting financial institutions.

Source: Security Week

SonicWall disclosed a data breach on September 17 where attackers accessed cloud backup files for customer firewalls through brute force attacks targeting their API service. The breach affected fewer than 5% of SonicWall's firewall install base, exposing encrypted credentials and configuration files that could help attackers exploit the related firewalls.

The security vendor immediately disabled the backup feature and launched an investigation with third-party experts. Impacted customers using MySonicWall.com cloud backups are advised to check their accounts, verify if their serial numbers are listed, and rotate all passwords and multi-factor authentication credentials stored in their firewalls.

This marks another security challenge for SonicWall, which has become a frequent target for cybercriminals attacking network edge devices.

Source: Dark Reading