Major Incidents or Breaches

• The Co-operative Group (UK) reported a loss of £80 million ($107 million) in operating profit due to a cyberattack attributed to the Scattered Spider threat group.
• RTX (Raytheon Technologies) confirmed a ransomware attack affecting its airport services division.
• Volvo Group disclosed that employee data was stolen in a ransomware attack linked to the Miljödata breach, impacting multiple Swedish organizations and municipalities.
• An unofficial npm package mimicking ‘postmark-mcp’ was found to exfiltrate users’ email communications.
• Over 500 npm packages were infected by the Shai-Hulud worm in a supply-chain attack, impacting packages with millions of downloads.
• Two malicious Rust crates (fast_tlog and fast_log) on crates.io were found stealing Solana and Ethereum wallet keys from developers, with 8,424 downloads confirmed.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Boyd Gaming reported a data breach affecting employees and other individuals, as disclosed to the SEC.
• A US Federal Civilian Executive Branch (FCEB) agency was breached via exploitation of a critical GeoServer vulnerability (CVE-2024-36401); attackers deployed China Chopper and remote access scripts and remained undetected for three weeks.
• European airports experienced widespread disruptions due to a ransomware attack linked to the RTX group; the UK National Crime Agency arrested a suspect in connection with the incident. The attack on Collins Aerospace is believed to have involved HardBit ransomware.
• Interpol-led law enforcement seized over $439 million in cash and cryptocurrency from cybercrime rings worldwide during a five-month joint operation.
• A record-breaking DDoS attack peaked at 22 Tbps and 10 billion packets per second (Bpps), targeting a European network infrastructure company and linked to the Aisuru botnet.
• The Python Package Index (PyPI) urged users to reset credentials following a new wave of phishing attacks using a fake PyPI website.
• GitHub users were targeted in a large-scale phishing campaign impersonating Y Combinator via GitHub notifications, delivering cryptocurrency drainers.
• KNP Logistics Group, a 158-year-old business, collapsed following a cyber incident attributed to poor password security.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Boyd Gaming Corporation disclosed a data breach following a cyberattack, resulting in the theft of employee and customer data.
• Jaguar Land Rover extended its production shutdown due to a cyberattack, with operations paused until at least October 1 as investigations continue.
• The American Archive of Public Broadcasting exposed restricted and copyrighted media for years due to inadequate access controls, allowing unauthorised downloads.
• CISA reported that attackers breached a US federal agency’s network by exploiting an unpatched GeoServer instance.
• The US Secret Service dismantled a major telecom threat in New York, seizing over 300 servers and 100,000 SIM cards used to threaten US officials and potentially disrupt critical infrastructure near the UN.
• Eurojust coordinated the arrest of five suspects in a cryptocurrency investment fraud scheme, responsible for over €100 million in losses across 23 countries.
• Fake versions of Malwarebytes, LastPass, and other software are being distributed via GitHub pages in a campaign targeting Mac users.
• Scammers are impersonating the FBI using fake IC3 websites to steal personal data.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• A ransomware attack against a third-party provider disrupted check-in and boarding systems at multiple major European airports, including Heathrow, causing widespread delays and flight cancellations. Collins Aerospace is reportedly facing recovery challenges following the incident.
• Stellantis, a major automotive manufacturer, confirmed a data breach involving the compromise of North American customer data after attackers accessed a third-party service provider’s Salesforce environment.
• A vulnerability in the American Archive of Public Broadcasting’s website allowed unauthorized downloading of protected and private media for several years before being patched this month.
• The FBI issued a warning about a spoofed IC3 (Internet Crime Complaint Center) website being used by threat actors for personal information theft and fraudulent activities.
• A verified Steam game, BlockBlasters, was used to steal $32,000 in cryptocurrency donations intended for a streamer’s cancer treatment.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Jaguar Land Rover (JLR) has suffered a significant cyberattack, resulting in halted vehicle production. The disruption has caused substantial financial losses and forced parts suppliers to lay off workers.
• A cyberattack targeting Collins Aerospace software has disrupted airport operations across Europe, impacting passenger check-in, boarding pass printing, baggage tagging, and luggage dispatch.

Newly Discovered Vulnerabilities

• Microsoft patched a critical vulnerability in Entra ID (formerly Azure Active Directory) involving a token validation failure. The flaw could have allowed attackers to impersonate any user, including Global Administrators, and hijack any organisation’s tenant globally through exploitation of legacy components.

Notable Threat Actor Activity

Major Incidents or Breaches

• UNC1549, an Iran-nexus cyber espionage group, compromised 34 devices across 11 European telecommunications firms using LinkedIn job lures and the MINIBIKE malware.
• Over 600,000 individuals were impacted by healthcare data breaches in the past day, with additional major intrusions attributed to the ShinyHunters group.
• The Royal Canadian Mounted Police dismantled the TradeOgre cryptocurrency exchange, seizing over $40 million linked to criminal activity.
• FBI issued an alert regarding cybercriminals impersonating the FBI’s Internet Crime Complaint Center (IC3) via fake reporting portals for malicious purposes.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• UNC1549, an Iran-linked cyber espionage group, successfully infiltrated 34 devices across 11 European telecommunications organisations using LinkedIn job lures and the MINIBIKE malware.
• Russian threat groups Gamaredon and Turla collaborated in a campaign targeting Ukrainian entities, with Turla malware deployed on systems previously compromised by Gamaredon.
• Over 600,000 individuals were impacted by recent healthcare sector breaches; ShinyHunters was identified as responsible for major attacks.
• The FBI issued a warning about cybercriminals creating fake FBI Internet Crime Complaint Center (IC3) portals for malicious activity.
• The REM Proxy botnet, powered by SystemBC malware, currently controls approximately 1,500 VPS victims daily via 80 C2 servers.
• A surge in phishing-as-a-service (PhaaS) operations, notably Lighthouse and Lucid, has resulted in over 17,500 phishing domains targeting 316 brands in 74 countries.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• SonicWall suffered a breach of its MySonicWall cloud backup service, exposing firewall configuration backup files for fewer than 5% of customers. Impacted customers have been instructed to reset their passwords and import new configuration files.
• Tiffany & Co. disclosed a data breach affecting thousands of customers in the US and Canada, with attackers accessing information related to gift cards.
• Medical Associates of Brevard reported a data breach impacting nearly 250,000 individuals, attributed to the BianLian ransomware group.
• ChatGPT was targeted in a server-side data theft attack using a zero-click method called ShadowLeak, which has since been fixed by OpenAI.
• The Python Package Index (PyPI) invalidated all tokens stolen in the GhostAction supply chain attack and confirmed that threat actors did not use the stolen tokens to publish malicious packages.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• ShinyHunters claims to have stolen over 1.5 billion Salesforce records from 760 companies via compromised Salesloft Drift OAuth tokens.
• Insight Partners, a venture capital and private equity firm, has confirmed a ransomware breach impacting over 12,000 individuals, with personal information stolen.
• SonicWall has warned customers to reset credentials following a breach that exposed firewall configuration backup files related to MySonicWall accounts.
• A supply chain attack dubbed “Shai-Hulud” compromised over 180 NPM packages, injecting malicious code to harvest secrets, exfiltrate them to public repositories, and make private repositories public.
• 224 malicious apps were removed from the Google Play Store after researchers uncovered a large-scale ad fraud campaign.
• Airline data broker is selling at least five billion passenger records to US government agencies through a searchable database.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Jaguar Land Rover has extended its production shutdown for another week following a significant cyberattack that impacted systems at the end of August.
• The US Department of Homeland Security exposed sensitive national security intelligence, including surveillance data on Americans, to thousands of unauthorized users due to a misconfigured data hub.
• The RaccoonO365 phishing network, responsible for large-scale phishing campaigns, was dismantled following a joint operation by Microsoft and Cloudflare, resulting in the takedown of 338 malicious domains.
• Google has removed 224 Android applications involved in the “SlopAds” ad fraud operation, which generated 2.3 billion ad requests daily and affected 38 million downloads globally.
• At least 187 npm packages were compromised in a self-propagating supply chain attack, dubbed ‘Shai-Hulud’, which stole developer credentials and spread malware through infected packages.
• The BreachForums hacking forum administrator, Conor Brian Fitzpatrick, was resentenced to three years in prison for cybercrime charges, including the operation of the forum and possession of CSAM.

Newly Discovered Vulnerabilities