Weekly Cybersecurity Recap - 29 September 2025

Introduction

The cybersecurity landscape continues to evolve at a rapid pace, with major incidents, critical vulnerabilities, and disruptive campaigns shaping the threat environment. Over the past week, attackers targeted high-profile industries including aviation and automotive, where ransomware disrupted European airports and Jaguar Land Rover was forced to halt factory operations. Meanwhile, researchers uncovered new flaws in widely used technologies such as Cisco firewalls, and Salesforce AI tools, underscoring the persistent challenge of patch management. At the same time, phishing and malware campaigns - from large-scale CountLoader attacks to the vast ad fraud network run by Vane Viper - highlighted the creativity and scale of adversaries. This week’s recap brings together the most significant developments that security leaders and defenders need to know.

Major Cyber Incidents

European Airport Cyberattack Linked to Obscure Ransomware, Suspect Arrested

The recent cyberattack targeting Collins Aerospace, which disrupted operations at major European airports, has been attributed to the HardBit ransomware. HardBit first surfaced in 2022 and gained notoriety for negotiating ransom amounts based on victims’ cyber insurance policies. A suspect connected to the attack has since been arrested, though the incident highlights ongoing risks in the aviation sector.

Inside the Jaguar Land Rover hack: stalled smart factories, outsourced cybersecurity and supply chain woes

Jaguar Land Rover, the UK’s largest automotive employer, was forced to shut down most of its systems following a cyberattack. The highly connected nature of JLR’s smart factories made isolation impossible, stalling production across multiple plants. The disruption underscores the risks of supply chain complexity and heavy reliance on outsourced cybersecurity functions.

Vulnerabilities and Exploits

Cisco Firewall Zero-Days Exploited in China-Linked ArcaneDoor Attacks

Two critical flaws in Cisco’s firewall products - CVE-2025-20333 and CVE-2025-20362 - were exploited by suspected China-linked actors in ArcaneDoor attacks. These vulnerabilities affect Cisco ASA and FTD software, enabling remote code execution and privilege escalation on vulnerable devices.

State-Sponsored Hackers Exploiting Libraesva Email Security Gateway Vulnerability

Libraesva patched a vulnerability (CVE-2025-59689) in its Email Security Gateway following reports that it had been exploited by state-sponsored hackers. While rated medium severity (CVSS 6.1), the flaw’s exploitation shows attackers’ continued interest in email security systems.

Salesforce Patches CRM Data Exfiltration Vulnerability

Salesforce patched a vulnerability in its Agentforce and Einstein AI tools that could have enabled data exfiltration from customer CRM environments. Researchers at Noma Labs discovered a chain of indirect prompt injection vulnerabilities dubbed “ForcedLeak,” with an estimated CVSS score of 9.4.

Threat Actors and Campaigns

Researchers Expose Phishing Threats Distributing CountLoader and PureRAT

Phishing emails impersonating Ukrainian government agencies have been used to deliver CountLoader, a malware loader that then deploys Amatera Stealer and PureMiner. Attackers leveraged SVG files to drop password-protected ZIP archives containing malicious CHM files.

Vane Viper Generates 1 Trillion DNS Queries to Power Global Malware and Ad Fraud Network

Researchers exposed Vane Viper (aka Omnatuor), a threat group running one of the largest malicious ad networks ever seen. By exploiting vulnerable WordPress sites, the group generated over 1 trillion DNS queries, distributing spyware, riskware, and adware at global scale.

Trends and Reports

Tech Overtakes Gaming as Top DDoS Attack Target, New Gcore Radar Report Finds

The latest Gcore Radar report revealed a 41% year-over-year rise in DDoS activity during the first half of 2025. Attack volumes peaked at 2.2 Tbps and have become increasingly sophisticated with multi-layered strategies and longer durations. For the first time, the technology sector overtook gaming as the most targeted industry, with financial services also seeing elevated risk.