Cyberattacks

A teenage member of the notorious Scattered Spider cybercrime group has surrendered to authorities in Las Vegas, facing charges including identity theft, extortion, and computer crimes. The arrest comes as the group, along with Lapsus$ and Shiny Hunters, announced they're shutting down operations in a farewell letter posted on hacking forums.

Scattered Spider, known for targeting major companies like MGM Resorts and Caesars Entertainment in 2023, has faced a string of arrests over the past year. The FBI has charged multiple members, including alleged ringleader arrested with $27 million in bitcoin.

Security experts remain skeptical of the shutdown claims, noting continued activity and warning that other threat actors will likely fill any void left behind.

Source: Dark Reading

Cybercriminals are increasingly attacking industrial control systems (ICS) using malicious JavaScript and fake vendor websites. In Q2 2025, 6.49% of ICS computers blocked these web-based threats, making them the top danger to industrial networks.

Attackers send phishing emails with links to cloned vendor portals. When workers click these links, malicious scripts automatically download and create backdoors into critical systems. The criminals then steal credentials and can directly control programmable logic controllers and SCADA systems.

Several attacks caused real damage—one altered chemical processing temperatures, triggering emergency shutdowns. Another disabled safety systems after stealing privileged accounts through fake support portals. Africa and Southeast Asia saw the most attacks, while Northern Europe faced fewer attempts.

Source: Cybersecurity News

Tenable confirmed hackers accessed customer contact details and support case information through a sophisticated supply chain attack exploiting Salesforce-Salesloft Drift integrations. The breach exposed business emails, phone numbers, and support ticket descriptions but didn't compromise Tenable's core products.

This wasn't an isolated incident—the same campaign hit major tech companies including Palo Alto Networks, Zscaler, Google, Cloudflare, and PagerDuty. Attackers specifically targeted vulnerabilities in the integration between Salesforce and the popular sales platform Salesloft Drift.

Tenable responded by revoking compromised credentials, disabling the Drift application, and hardening their Salesforce environment. The company found no evidence the stolen data has been misused yet.

Source: Cybersecurity News

CISA issued an urgent alert Thursday about a high-severity Android zero-day vulnerability (CVE-2025-48543) being actively exploited by attackers. The use-after-free bug in Android Runtime allows hackers to escape Chrome's security sandbox and gain elevated device permissions, potentially installing malware or accessing sensitive data.

The vulnerability was added to CISA's Known Exploited Vulnerabilities catalog on September 4, 2025, confirming real-world attacks are underway. Federal agencies must patch by September 25 or stop using affected products.

Google addressed the flaw in its September 1 security bulletin. All Android users should immediately check Settings > System > System update and install available patches to protect against this serious threat.

Source: Cybersecurity News

Jaguar Land Rover has told factory workers to stay home until at least September 9 following a devastating cyber attack that hit the company Sunday. Production has stopped at major facilities in Halewood, Solihull, and Wolverhampton, affecting the UK's biggest car manufacturer during peak sales season.

The hack has severely disrupted global operations, forcing JLR to shut down systems as a precaution. While no customer data appears stolen, thousands of customers can't get new vehicles and repairs are stalled since dealerships can't order parts online.

English-speaking hackers linked to recent UK retail attacks claimed responsibility Wednesday. The same group previously cost Marks & Spencer £300m during a six-week shutdown.

Source: The Guardian

Tire giant Bridgestone confirmed a cyberattack disrupted operations at North American manufacturing facilities in South Carolina and Quebec this week. The company says it quickly contained the breach and prevented customer data theft, with operations now back to normal.

Bridgestone hasn't revealed attack details or whether ransomware was involved. No group has claimed responsibility yet, though the LockBit gang previously hit Bridgestone in March 2022. Security experts note manufacturers face rising ransomware threats—attacks jumped 57% from July to August.

The incident highlights supply chain vulnerabilities, as even contained attacks can halt production lines and create product shortages.

Source: Industrial Cyber

Palo Alto Networks researchers discovered a dangerous new attack called 'Model Namespace Reuse' that exploits AI supply chains. Attackers register names of deleted or transferred AI models on platforms like Hugging Face, then upload malicious versions that developers unknowingly download.

The team successfully demonstrated attacks against Google's Vertex AI and Microsoft's Azure AI Foundry, gaining access to underlying infrastructure by deploying weaponized models. They also found thousands of vulnerable open source repositories.

Google now performs daily scans for orphaned models, but the core problem remains widespread. Security experts recommend pinning models to specific versions and storing them in trusted locations rather than fetching by name alone.

Source: Security Week

Jaguar Land Rover has shut down its global manufacturing and retail operations following a severe cyber incident that forced workers at its Halewood plant to stay home Monday morning. Britain's largest carmaker proactively closed all systems to prevent further damage, though it says no customer data appears stolen.

The timing couldn't be worse for JLR, which is already struggling with a 49% profit drop and delayed electric vehicle launches. The attack comes during one of the busiest weeks for car dealers, preventing them from registering new 75-plate vehicles. Cybersecurity experts say the speed of the shutdown suggests attackers may have targeted operational systems rather than just data.

Source: The Guardian

A massive supply chain attack through Salesloft Drift has compromised major tech companies including Cloudflare, Palo Alto Networks, Zscaler, and PagerDuty. Google's threat intelligence team says the 10-day campaign in August potentially hit over 700 organizations.

The attack group UNC6395 exploited integrations between Drift's AI chat platform and Salesforce to steal customer data. Exposed information includes business contact details, support case notes, and in some cases sensitive credentials and API tokens.

Salesloft is taking Drift offline completely to investigate and rebuild security. The timing is particularly awkward - the attack started just one day after Salesloft announced a merger with competitor Clari, creating a combined company serving 5,000+ organizations globally.

Source: CyberScoop

A sophisticated Lazarus subgroup is targeting financial and crypto organizations with a three-stage malware attack that may exploit a Chrome zero-day vulnerability. The hackers pose as legitimate trading firm employees on Telegram, luring victims to fake meeting sites like counterfeit Calendly portals.

Once compromised, attackers deploy PondRAT as an initial loader, followed by the memory-resident ThemeForestRAT for stealth operations. After months of reconnaissance, they install RemotePE RAT for long-term access. The malware enables file manipulation, credential theft, and secure data exfiltration.

DeFi organizations have reported significant disruptions from these hidden backdoors. The attack chain uses advanced techniques including phantom DLL hijacking and rolling XOR encryption to evade detection, catching many security teams off guard despite known Lazarus activity.

Source: Cybersecurity News