Check our highlights from the cybersecurity world!
1. A Significant Ransomware Attack Led to Flight Delays at Major European Airports
A significant cyberattack on Collins Aerospace’s Muse check-in and boarding systems disrupted major European airports, including Heathrow, Brussels, and Berlin, on September 20, causing numerous flight delays and cancellations.
The ransomware attack disabled electronic check-in and baggage drop systems, forcing a manual processing return. It was initiated via a spear-phishing email and exploited a zero-day vulnerability in Citrix ADC. The ransomware used AES-256 encryption, renaming files with a “.locked” extension and demanding payment in Monero as ransom. RTX, the parent company, is verifying system integrity and has recommended that customers update to the latest Muse software version (7.4.2).
2. New World Record DDoS Attack Successfully Blocked
Cloudflare reported successfully mitigating the largest DDoS attack ever recorded, which peaked at 22.2 Tbps and 10.6 Bpps. This attack was more than double the size of the previous record and lasted only about 40 seconds, showcasing a trend of “hit-and-run” tactics by attackers to cause maximum damage before defences manage to respond.
Cloudflare’s systems successfully blocked the attack without human intervention, underscoring the importance of automated, real-time detection and mitigation in cybersecurity.
3. Three Leading Vendors Withdraw from Next Year’s MITRE ATT&CK Evaluations
Three major cybersecurity vendors - Microsoft, SentinelOne, and Palo Alto Networks - have announced their withdrawal from the 2026 MITRE ATT&CK Evaluations, a key industry benchmark for unbiased assessment of security product capabilities. They cited a strategic shift in focusing resources on internal innovation and customer initiatives. This decision has ignited discussions within the cybersecurity community regarding the future of standardised testing and the potential for other vendors to follow their lead.
4. LastPass Successfully Took Down a Massive Attack Delivering Stealer Malware to macOS Users
A sophisticated cyber-attack campaign is using GitHub Pages to distribute the Atomic stealer malware to macOS users. Threat actors are employing SEO techniques to position malicious repositories at the top of search results, targeting users looking for legitimate software. These fraudulent repositories masquerade as official distributors, leading victims to download malicious software.
The LastPass TIME team identified two fraudulent repositories created by a user named “modhopmduck476” on September 16, 2025, which specifically targeted LastPass customers. The malware can harvest sensitive data such as passwords and cryptocurrency wallet information.
Similar attacks have been noted against various tech companies and financial institutions. LastPass has successfully coordinated the takedown of the malicious repositories and is actively monitoring for further threats.
5. Intricate Phishing Campaign Targets Facebook Users to Steal Login Information
An elaborate phishing campaign is targeting Facebook users through carefully crafted emails that aim to steal login credentials. The attackers use legitimate-looking URLs, disguising malicious links that redirect victims to fake Facebook login pages. The emails often present urgent security notifications about unauthorised access or account verification, closely mimicking Facebook's design to appear authentic. The campaign operates in multiple languages, increasing its reach. Victims who enter their credentials on the counterfeit login interface have their information immediately transmitted to a command-and-control server.
6. Sensitive Data Allegedly Stolen from BMW
The Everest ransomware group has targeted BMW, claiming to have stolen 600,000 lines of sensitive internal documents. They are using the threat of public exposure as leverage in ransom negotiations. BMW has yet to confirm the incident. It is unclear whether they are negotiating or have notified authorities.
The automotive industry has experienced a rise in ransomware attacks in 2025. Security experts advise companies to steer clear of paying ransoms, work closely with law enforcement, and prioritise proactive vulnerability management.
7. Windows 11 23H2 Support Ends in November
Microsoft has reminded that support for Windows 11 version 23H2 Home and Pro editions will end on November 11, 2025. After this date, these versions will no longer receive critical security updates, making devices vulnerable. Users are strongly encouraged to update to the latest version of Windows 11 to ensure security and stability. To check the current version, go to Settings > System > About. To update, navigate to Settings > Windows Update and click “Check for updates.” It’s important to manage this upgrade before the deadline to maintain a secure computing environment.
8. Google Drive Security Vulnerability Allows Full Access to Other Users’ Drives
A security vulnerability in the Google Drive Desktop application for Windows allows a logged-in user on a shared machine to access another user's Drive files without their credentials. The issue stems from the app's local caching system, DriveFS, which fails to isolate cached files between user profiles. This poses a significant insider threat in environments like offices or universities, as users can covertly access sensitive files. The risks include data exfiltration, compliance failures, and reputational damage.
Users are advised to avoid using the app on shared computers, enforce strict permissions on Windows profiles, and use it only on dedicated endpoints. Until Google fixes the issue, its Drive Desktop app won’t meet the essential security requirements, such as per-user encryption and re-authentication for cached sessions.
9. Microsoft September 2025 Patch Tuesday
Microsoft's September 2025 Patch Tuesday addresses 81 vulnerabilities (8 rated as critical and the rest as important), of which 22 are Remote Code Execution (RCE). Other common flaw categories addressed in the patch are Elevation of Privilege (EoP) and Information Disclosure. The security update covers a wide range of products like Windows, Microsoft Office, Azure, and SQL Server. Users are urged to update their software immediately.
10. Cyber Attack Shut Down Jaguar Land Rover Factories
Jaguar Land Rover (JLR) has halted production at its Halewood plant and shut down its global IT infrastructure to mitigate the effects of a significant cybersecurity incident reported on September 1. The attack has disrupted operations at key facilities in the UK and international sites, with production stoppages extending through ten days. A group of young hackers has claimed responsibility, seeking to extort money from JLR. The company is aware of the claims and is currently investigating the breach, which has compromised sensitive information.
11. One of the Largest SaaS Supply-Chain Attacks Hit Major Companies
A significant supply-chain attack recently impacted over 700 organisations, including prominent cybersecurity firms. This incident traced back to a compromise of Salesloft’s GitHub account that occurred between March and June 2025. Cybersecurity firm Mandiant uncovered that attackers had stolen OAuth tokens from Salesloft’s Drift chat platform, leading to considerable data theft. Notable companies affected by this breach include Cloudflare, Zscaler, Palo Alto Networks, and Google.
In response, Salesloft acted quickly to contain the threat by taking the Drift platform offline and rotating compromised credentials. Mandiant confirmed that the incident was successfully contained. Salesloft also recommended that partners revoke API keys for any third-party applications linked to Drift and provided a list of Indicators of Compromise (IOCs) to help customers spot suspicious activity.
This incident stands out as one of the largest SaaS supply-chain attacks, underscoring the inherent risks tied to third-party application integrations.
12. Google Down in Southeastern Europe: Explore Alternative Options for Disruption-free Work
On September 4, 2025, a major Google services outage impacted users throughout Southeastern Europe, including Bulgaria, Turkey, Greece, Romania, and surrounding countries. Essential services such as YouTube, Google Maps, Google Search, and Google Drive were largely unavailable, with Gmail experiencing disruptions to a lesser degree.
In today's digital-first world, interruptions like this can bring productivity to a standstill. For businesses, this incident highlights the risks of relying too heavily on a single tech provider. So, what are the alternative software solutions out there? Check out our blog to find out!
Stay tuned and keep your system safe! If you need help, contact us for expert advice!