Another week, another batch of creative ways cybercriminals are keeping us security folks caffeinated! ☕

From airports getting grounded by ransomware to AI agents accidentally becoming the world’s most helpful data thieves, this week’s threat landscape had more plot twists than a Netflix series. We saw record-breaking DDoS attacks that made previous “massive” attacks look like gentle nudges, supply chain compromises that spread faster than office gossip, and enough zero-days to make patch Tuesday feel like patch decade.

The highlight? A single line of code turning a trusted email tool into the ultimate corporate spy. Because apparently, even our AI assistants can’t resist a good BCC scandal.

Check out the full breakdown below for all the cyber chaos that made this week... memorable.

Major Cyberattacks & Incidents

This week delivered a series of high-impact breaches spanning transportation, healthcare, and enterprise systems that disrupted operations globally.

• ✈️ Ransomware attack caused widespread disruptions at major European airports, targeting check-in and boarding systems over the weekend. (Published on 9/22/2025, BleepingComputer). Read More

• 🏥 Stellantis confirms customer data breach through third-party vendor affecting Jeep, Chrysler, Dodge and FIAT owners’ contact information. (Published on 9/22/2025, Hackread). Read More

• 📱 U.S. Secret Service seized 300 SIM servers and 100,000 SIM cards across NY tri-state area threatening government officials. (Published on 9/23/2025, The Hacker News). Read More

• 🪱 CISA alerts on widespread NPM supply chain compromise involving “Shai-Hulud” worm affecting over 500 JavaScript packages. (Published on 9/24/2025, CISA Alerts). Read More

• 🎯 European airport attack linked to obscure HardBit ransomware with suspect arrested, revealing details about Collins Aerospace targeting. (Published on 9/24/2025, SecurityWeek). Read More

• 📧 First in-the-wild MCP attack via weaponized postmark connector silently copied thousands of emails to attacker’s server. (Published on 9/26/2025, CSO Online). Read More

• 🏥 Archer Health exposed 23GB of patient medical records including SSNs and IDs through unprotected database online. (Published on 9/26/2025, Hackread). Read More

Espionage & Data Extraction

Nation-state actors ramped up sophisticated operations targeting critical infrastructure and developer communities through social engineering campaigns.

• 🎭 Iranian cyber group Nimbus Manticore targets European defense, telecom, and aerospace companies using fake job offers and advanced malware. (Published on 9/23/2025, Hackread). Read More

• 🐉 Chinese hackers deployed stealthy BrickStorm malware, lurking in networks for nearly 400 days while analyzing stolen code for zero-days. (Published on 9/25/2025, SecurityWeek). Read More

• 🔍 North Korean threat actors pose as recruiters to steal developer identities and supply them to fraudulent IT workers. (Published on 9/26/2025, SecurityWeek). Read More

Malware & Vulnerabilities

Critical flaws and malicious packages targeted enterprise systems and developer environments with sophisticated attack techniques.

• 🔧 Supermicro BMC firmware vulnerabilities allow attackers to bypass verification steps and install malicious firmware, evading Root of Trust security. (Published on 9/23/2025, The Hacker News). Read More

• 👾 Fake versions of Malwarebytes, LastPass, and other legitimate software distributed via GitHub pages targeting Mac users with AMOS stealer. (Published on 9/23/2025, Malware Analysis). Read More

• 🔐 Microsoft patched critical Entra ID vulnerability allowing attackers to impersonate Global Admins across tenants, risking complete Microsoft 365 takeover. (Published on 9/23/2025, Hackread). Read More

• 🦀 Two malicious Rust packages on Crates.io with 8,500 downloads scanned developer systems to steal cryptocurrency private keys and secrets. (Published on 9/25/2025, BleepingComputer). Read More

DDoS, Outages & Infrastructure

Massive distributed attacks reached unprecedented scales, setting new records for network disruption capabilities.

• 📊 Record-breaking DDoS attack peaks at 22 Tbps and 10 Bpps targeting European network infrastructure company, linked to Aisuru botnet. (Published on 9/24/2025, SecurityWeek). Read More

Vulnerability Research & Industry Analysis

Security researchers uncovered critical flaws in cloud infrastructure and enterprise systems while agencies investigated long-standing threat campaigns.

• 💰 Researchers earned $150,000 for L1TF exploit combining old hardware flaws to bypass software mitigations and leak data from public cloud. (Published on 9/22/2025, SecurityWeek). Read More

• 🔍 GitHub addressing weak authentication and overly permissive tokens in NPM ecosystem following high-profile Shai-Hulud malware campaigns. (Published on 9/23/2025, Dark Reading). Read More

• 🕐 CISA observed nearly year-old activity tied to Cisco zero-day attacks, taking months to determine root cause and mitigate the threat. (Published on 9/25/2025, CyberScoop). Read More

• 🚨 Maximum severity GoAnywhere MFT flaw actively exploited as zero-day, allowing remote command injection without authentication (CVE-2025-10035). (Published on 9/26/2025, BleepingComputer). Read More

Cybersecurity Tools & Techniques

Vendors released critical updates and security enhancements to address persistent threats targeting enterprise infrastructure.

• 🛡️ SonicWall releases SMA100 firmware update to help customers remove rootkit malware deployed in attacks targeting SMA 100 series devices. (Published on 9/23/2025, BleepingComputer). Read More

AI & Policy

Artificial intelligence systems faced security challenges as researchers discovered critical flaws in popular AI agents and data collection practices.

• 🤖 ShadowLeak exploit exposed Gmail data through ChatGPT agent using indirect prompt injection to bypass defenses, but OpenAI has fixed the issue. (Published on 9/22/2025, Hackread). Read More

• 📱 Neon, the No. 2 social app on Apple App Store, pays users to record phone calls and sells data to AI firms. (Published on 9/24/2025, TechCrunch). Read More

• 🔧 ForcedLeak vulnerability in Salesforce Agentforce AI agent exposed CRM data, highlighting critical security gaps in enterprise AI implementations. (Published on 9/25/2025, Hackread). Read More

• 🤖 Security experts argue that the most resilient AI systems require minimal human interaction and proper containment strategies for autonomous operations. (Published on 9/25/2025, CyberScoop). Read More

Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!