< ciso
brief />
Tag Banner

All news with #breach tag

207 articles · page 9 of 11

Widespread SonicWall SSL VPN Compromise Hits 100+ Accounts

🔒 Huntress warns of a widespread compromise of SonicWall SSL VPN devices that allowed threat actors to rapidly authenticate into multiple accounts across customer environments. Activity began on October 4, 2025, impacting over 100 VPN accounts across 16 customers, with logins traced to IP 202.155.8[.]73. While some intrusions disconnected quickly, others involved network scanning and attempts to access local Windows accounts. Organizations are urged to reset firewall credentials, restrict WAN management, revoke exposed API keys, monitor logins, and enforce MFA.
read more →

JLR Cyber-Attack Drives 25% Decline in Q2 Volume Sales

🔒 Jaguar Land Rover has reported a 25% drop in volume sales in the three months to 30 September after a cyber incident severely disrupted production and sales. Wholesales in Q2 FY2026 were 66,165 units, down 24.2% year-on-year, while retail sales fell 17.1%. The company began a controlled, phased restart of UK manufacturing from 8 October and launched a supplier financing scheme to ease cashflow during the restart.
read more →

Met Police Arrest Two Teens Over Nursery Ransomware

🔒 Two teenage boys were arrested in Bishop's Stortford on suspicion of computer misuse and blackmail following a ransomware attack on the Kido nursery group, the Metropolitan Police said. Referred to the Met by Action Fraud on 25 September, investigators allege attackers demanded £600,000 in Bitcoin after stealing names, addresses, contact details and photos of around 8,000 children via a Famly account. The group, which called itself "Radiant," reportedly contacted parents directly and posted some images on the dark web before blurring and later claiming deletion; the app provider says its infrastructure was not breached. The Met described the arrests as a significant step while inquiries continue alongside partner agencies.
read more →

Salesforce Refuses Ransom After Massive Data Theft

🔒 Salesforce confirmed it will not engage with or pay extortion demands after a large-scale theft of customer data this year. Threat actors calling themselves Scattered Lapsus$ Hunters published a data-leak site to extort 39 companies, claiming nearly one billion records stolen. The breaches stemmed from two campaigns: late-2024 social engineering using malicious OAuth apps and an August 2025 campaign abusing stolen SalesLoft/Drift tokens to exfiltrate CRM and support-ticket data. The leak site appears to have been shut down and its domain redirected to nameservers previously associated with law enforcement seizures.
read more →

Avnet Confirms Breach; Stolen EMEA Sales Data Unreadable

🔒 Avnet confirmed unauthorized access to externally hosted cloud storage that supported an internal sales tool used in the EMEA region. The company says most stolen files are not easily readable without access to Avnet's proprietary sales tool, which it says was not impacted, while attackers claim they exfiltrated 1.3TB of compressed (7–12TB raw) data. Avnet detected the activity on September 26, rotated secrets across Azure/Databricks, notified authorities, and will contact affected customers and suppliers; the number of potentially impacted individuals remains unknown.
read more →

Asahi Confirms Ransomware Attack, Data Exfiltrated

🛡️ Asahi has confirmed a ransomware attack that resulted in an "unauthorized transfer of data" from its servers. The Tokyo-based brewer said it isolated affected systems and established an Emergency Response Headquarters to investigate, working with external cybersecurity experts. Operational impacts in Japan include suspended system-based ordering, shipments and call centers, with partial manual processing underway. The company has not disclosed whether a ransom demand was made.
read more →

WestJet Data Breach Affects 1.2 Million Customers Update

🛫 WestJet has confirmed a data breach affecting 1.2 million customers following a June 13, 2025 intrusion, and notified authorities on September 29. The airline says a "sophisticated, criminal third party" accessed names, contact details, reservation documents and other relationship data; WestJet Rewards members may have had IDs and points balances exposed, though account passwords were not accessed. WestJet states that credit card numbers, expiry dates and CVVs were not compromised, systems are secure, affected customers are being contacted, and identity protection is being offered where appropriate.
read more →

Asahi Suspends Japan Operations After Cyber Attack

🔒 Asahi has halted order, shipment and call center operations across its Japanese group companies after reporting a system failure caused by a cyber-attack in a September 29 press release. The company said the outage is confined to Japan, offered no estimated recovery timeline and apologized to customers and business partners. It also stated there has been no confirmed leakage of personal or customer data at this time, while security experts caution that positions on compromised data may change as investigations continue.
read more →

Asahi Halts Japan Operations After Cyberattack Disruption

⚠️ Asahi Group Holdings, Japan’s largest brewer, has suspended multiple domestic operations after a cyberattack disrupted ordering and shipping processes. Call center and customer service desks are currently unavailable to the public, and the company says the incident is confined to Japan-based systems. Investigations are ongoing; there is no confirmed leakage of personal or customer data, no public claim by ransomware gangs, and no recovery timeline has been announced.
read more →

UK backs Jaguar Land Rover with £1.5 billion loan guarantee

🔒 The UK Government has granted Jaguar Land Rover a £1.5 billion loan guarantee via UK Export Finance's Export Development Guarantee (EDG) to help the automaker recover after a severe cyberattack halted production and forced system shutdowns. The guarantee backs a commercial bank loan rather than direct state lending, reducing lender risk so JLR can secure larger, better-priced financing and immediate liquidity to pay suppliers. Repaid over five years, the measure is intended to stabilise the supply chain and protect thousands of jobs while JLR works with the NCSC, law enforcement and cybersecurity specialists during a phased return to manufacturing.
read more →

JLR Begins Phased Restart After Major Cyber-Attack

🔁 JLR has begun a controlled, phased restart of digital and operational systems after the cyber-attack that halted production in early September. The company has increased IT processing capacity for invoicing and restored its financial wholesale system, allowing it to clear payment backlogs and resume sales and vehicle registrations. The Global Parts Logistics Centre is also returning to full operation as recovery work continues with support from the UK National Cyber Security Centre and law enforcement.
read more →

Co-op Reports £80M Operating Loss After Cyberattack

🔒 The Co-operative Group reported an £80 million operating profit loss in H1 2025 after an April cyberattack disrupted systems and trading. Management attributed the shortfall to £20 million of one‑off remediation costs and £60 million in lost sales while systems were offline, and said revenue fell by £206 million. The breach, linked to DragonForce and affiliates of Scattered Spider, exposed personal data for all 6.5 million members; four suspects have since been arrested. Despite the impact, Co-op reported £800 million of available liquidity and no immediate funding concerns.
read more →

17-Year-Old Suspected in Vegas Casino Cyberattacks Released

🔒 A 17-year-old hacker who surrendered on charges tied to sophisticated cyber intrusions against Las Vegas casinos between August and October 2023 has been released into his parents' custody under family court supervision. Authorities link the incidents to the Scattered Spider group and the deployment of BlackCat/ALPHV ransomware that disrupted operations and exposed staff and customer data. The judge imposed strict conditions including residence at a registered parental address, prohibition on leaving Clark County, internet use limited to educational purposes, and restrictions on phones and electronics, with immediate detention for violations. Prosecutors say the suspect may still control about $1.8 million in Bitcoin and are seeking additional charges and to try him as an adult.
read more →

UK Arrests Suspect After RTX MUSE Ransomware Hits Airports

🛫 The UK's National Crime Agency arrested a man in his forties in West Sussex on suspicion of Computer Misuse Act offences linked to a ransomware attack that disrupted airports across Europe. RTX Corporation confirmed the incident affected its Collins Aerospace MUSE passenger processing software, first detected on September 19. The suspect has been released on conditional bail while the probe, supported by the South East ROCU and other agencies, remains in its early stages. Affected customers shifted to backup and manual processes while RTX and external cybersecurity experts work to contain and remediate the impact.
read more →

Boyd Gaming Reports Cyber Incident Exposing Employee Data

🔒 Boyd Gaming Corporation disclosed a cybersecurity incident in an SEC 8-K filing, saying an unauthorized third party accessed its internal IT systems and removed certain data. The company said the breach involved employee information and a limited number of other individuals, though it did not specify the data types or number affected. Boyd said operations were not impacted and it is working with cybersecurity experts and federal law enforcement while notifying regulators.
read more →

Boyd Gaming Reports Data Breach After Cyberattack, SEC Filing

🔒 Boyd Gaming Corporation disclosed it suffered a cyberattack that resulted in unauthorized access to its IT systems and the removal of certain data, including employee information and data for a limited number of other individuals. The company said it engaged external cybersecurity experts and notified law enforcement, and that it is notifying impacted individuals and regulators as required. Boyd Gaming reported operations were not affected, does not expect a material adverse financial impact, and expects its cybersecurity insurance to cover related costs.
read more →

CISA: GeoServer RCE Exploit Led to Federal Agency Breach

🔒 CISA says attackers breached a U.S. federal agency after exploiting an unpatched GeoServer instance using the critical RCE flaw CVE-2024-36401. Threat actors uploaded web shells and access scripts, then moved laterally to compromise a web server and an SQL server. The intrusion remained undetected for three weeks until an EDR alert flagged suspected malware on July 31, 2024. CISA urges rapid patching of critical flaws and continuous EDR monitoring.
read more →

European airports disrupted after Collins MUSE cyberattack

✈️ Collins Aerospace's MUSE check-in platform suffered a cyber-related outage late Friday, forcing airlines and major European airports to revert to manual processes including handwritten tickets, paper boarding passes, laptops and iPads. Brussels was hardest hit with dozens of cancellations; Heathrow and Brandenburg reported delays while operators isolated affected systems. Collins says the disruption is limited to electronic check-in and baggage drop and that manual operations are in place while it works to restore a secure version. Passengers were urged to check flight status and arrive earlier than usual.
read more →

Cyberattack Disrupts Passenger Processing at Major Airports

🛫 According to Tagesschau, IT service provider Collins Aerospace was hit by a cyberattack on the evening of 19 September, disrupting passenger processing at Berlin (BER), Brussels, Dublin and London Heathrow. Security experts said the incident targeted the multi-tenant environment of the ARINC system that supports check-in, boarding and baggage handling. Affected airports reported partial delays and cancellations while Collins worked to restore services.
read more →

Third-day airport chaos after supplier cyber-attack

✈️ A suspected cyber-attack on a third-party supplier's check-in platform caused widespread flight cancellations and delays at several European airports, including Heathrow, Brussels, Berlin and Dublin. RTX's Muse software, used for check-in, boarding-pass validation and baggage tagging, was reported as the target, forcing some airlines to revert to pen-and-paper processes. Airports posted notices saying recovery work is ongoing and urging passengers to confirm flight status and use online check-in where possible.
read more →