Ticker feed

Federal cyber authorities issued a rare emergency directive Thursday after discovering ongoing attacks exploiting zero-day vulnerabilities in Cisco firewalls. The campaign, linked to a China-affiliated group called Storm-1849, has targeted multiple government agencies since May using three critical flaws in Cisco's Adaptive Security Appliances.

Attackers can gain full control of compromised devices, install malware, and steal data. The threat group used sophisticated evasion techniques like disabling logging and crashing devices to avoid detection.

Federal agencies have until Friday to hunt for compromises, apply patches, or disconnect vulnerable devices. CISA warns the vulnerabilities pose "unacceptable risk" due to how easily they can be exploited.

Source: CyberScoop

A teenage member of the notorious Scattered Spider cybercrime group has surrendered to authorities in Las Vegas, facing charges including identity theft, extortion, and computer crimes. The arrest comes as the group, along with Lapsus$ and Shiny Hunters, announced they're shutting down operations in a farewell letter posted on hacking forums.

Scattered Spider, known for targeting major companies like MGM Resorts and Caesars Entertainment in 2023, has faced a string of arrests over the past year. The FBI has charged multiple members, including alleged ringleader arrested with $27 million in bitcoin.

Security experts remain skeptical of the shutdown claims, noting continued activity and warning that other threat actors will likely fill any void left behind.

Source: Dark Reading

British police arrested a man in his 40s in West Sussex on Tuesday over a cyberattack that disrupted major European airports last weekend. The attack hit Berlin, Brussels, and London Heathrow airports starting Friday, forcing staff to handwrite boarding passes and use backup systems.

The cyberattack targeted Collins Aerospace software used for check-in, boarding passes, and baggage handling. Berlin Airport warned Wednesday that disruptions could continue for several more days as technicians work to restore secure systems. Heathrow reported most flights were operating normally by Tuesday.

The suspect was released on conditional bail while the National Crime Agency continues investigating.

Source: CBS News

GitHub is implementing stricter security measures for the NPM registry following a series of devastating supply chain attacks over the past three months. The most severe incident involved the Shai-Hulud self-replicating worm, which compromised 195 packages and pushed over 500 malicious versions to the registry last week.

Earlier attacks targeted maintainer Josh Junon's 18 packages (with 2.5 billion weekly downloads) through phishing, and July saw typosquatting attacks on packages with 30 million combined weekly downloads.

GitHub's response includes mandatory two-factor authentication for local publishing, granular tokens expiring after seven days, and trusted publishing that eliminates long-lived tokens. The platform will also deprecate legacy authentication methods and gradually roll out changes to minimize workflow disruption.

Source: Security Week

CISA has issued an urgent warning about a high-severity zero-day vulnerability in Google Chrome that hackers are actively exploiting in attacks. The flaw, tracked as CVE-2025-10585, affects Chrome's V8 JavaScript engine and allows attackers to execute malicious code on victims' computers.

Google's Threat Analysis Group discovered the vulnerability on September 16, 2025. This marks the sixth Chrome zero-day exploited this year, showing attackers continue targeting browser vulnerabilities.

Federal agencies must patch by October 14, 2025, but CISA urges everyone to update immediately. Users should update Chrome to version 140.0.7339.185/.186 through the browser's Help menu. Other Chromium-based browsers like Edge and Brave also need updates.

Source: Cybersecurity News

Iranian cyber-espionage group "Nimbus Manticore" has expanded beyond the Middle East to target critical infrastructure in Denmark, Portugal, and Sweden. The IRGC-linked hackers are hitting defense manufacturing, telecommunications, and aviation companies using two new malware variants: "MiniJunk" and "MiniBrowse."

Their attacks start with fake HR recruitment emails appearing to come from companies like Airbus and Boeing. Victims are directed to phony job sites that download malicious archives disguised as hiring materials.

MiniJunk is a significantly upgraded backdoor that uses advanced obfuscation techniques, code signing, and multiple command servers to avoid detection. The malware can steal files, execute processes, and maintain persistent access to compromised systems.

Check Point researchers say the group's sophisticated tactics represent "a significant increase in the actor's abilities," making detection much harder for defenders.

Source: Dark Reading

Flight delays continue plaguing major European airports including London Heathrow, Brussels, Dublin, and Berlin following Friday's ransomware attack on Collins Aerospace. The cyber-attack targeted the company's Muse software used for check-in and boarding systems across multiple airlines worldwide.

Collins Aerospace, a subsidiary of RTX, says it's in final stages of restoring full functionality while working with four affected airports. Airport staff have resorted to manual processing as kiosks and bag-drop machines remain offline. Brussels canceled 63 flights on Monday alone.

The EU's cybersecurity agency confirmed it was ransomware, where hackers lock systems demanding payment. Officials suggest state-sponsored actors could be responsible, though private entities remain possible culprits. Airline stocks dropped Monday, with IAG falling 1.2% and easyJet down 1.4%.

Source: The Guardian

A cyber attack on RTX's Muse software has crippled check-in systems at major European airports including London Heathrow, Brussels, Berlin, and Dublin for three straight days. The software handles passenger check-ins, boarding passes, and baggage tagging across multiple airlines.

Airlines were forced to resort to pen-and-paper check-ins as the digital systems remained offline. Heathrow reported that most flights continued operating despite delays, while Brussels Airport directly called it a "cyber attack."

Security experts warn these supply chain attacks are becoming more frequent in aviation, exploiting shared systems that serve multiple airlines simultaneously. The incident highlights the industry's vulnerability when critical third-party platforms fail.

Source: Infosecurity Magazine

Cybercriminals are increasingly attacking industrial control systems (ICS) using malicious JavaScript and fake vendor websites. In Q2 2025, 6.49% of ICS computers blocked these web-based threats, making them the top danger to industrial networks.

Attackers send phishing emails with links to cloned vendor portals. When workers click these links, malicious scripts automatically download and create backdoors into critical systems. The criminals then steal credentials and can directly control programmable logic controllers and SCADA systems.

Several attacks caused real damage—one altered chemical processing temperatures, triggering emergency shutdowns. Another disabled safety systems after stealing privileged accounts through fake support portals. Africa and Southeast Asia saw the most attacks, while Northern Europe faced fewer attempts.

Source: Cybersecurity News

A cyberattack on Friday night disrupted check-in and boarding systems at major European airports including Brussels, Berlin's Brandenburg, and London's Heathrow on Saturday. The attack targeted Collins Aerospace's MUSE software, forcing airports to resort to manual check-in processes.

Brussels Airport saw nine flight cancellations and 15 delays of over an hour, though the overall impact remained limited. Passengers faced longer waits as staff had to write baggage tags by hand at understaffed counters.

Experts called the attack "very clever" since it hit multiple airports simultaneously through a single system provider. The aviation industry's reliance on shared digital platforms makes it an attractive target for cybercriminals, with the attack's motive still unclear.

Source: Security Week