CyberNews: 22/09/2025 Edition

Published by Dunateo on 2025-09-22

Today’s roundup

  • ComicForm and SectorJ149 Hackers Deploy Formbook Malware in Eurasian Cyberattacks
  • Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants
  • EU agency ENISA says ransomware attack behind airport disruptions
  • ESET uncovers Gamaredon–Turla collaboration in Ukraine cyberattacks
  • Researchers expose MalTerminal, an LLM-enabled malware pioneer
  • Nimbus Manticore Deploys New Malware Targeting Europe
  • A Cyberattack on Jaguar Land Rover Is Causing a Supply Chain Disaster
  • Major Cyber Threat Detection Vendors Pull Out of MITRE Evaluations Test

    • Summary

    A ransomware attack on Collins Aerospace's check-in systems caused major disruptions at Heathrow, Brussels, and Berlin airports, forcing manual operations and flight cancellations. Microsoft urgently patched CVE-2025-55241, a critical Entra ID vulnerability (CVSS 10.0) enabling global admin impersonation. ESET uncovered collaboration between Russian APTs Gamaredon and Turla in targeted Ukrainian cyberattacks, leveraging shared infrastructure and Kazuar malware. SentinelOne identified MalTerminal, the first LLM-powered malware generating runtime code for evasive attacks. Iranian APT Nimbus Manticore deployed MiniJunk backdoors via multi-stage DLL sideloading, targeting European defense and aerospace sectors. Jaguar Land Rover halted production globally after a cyberattack disrupted supply chains, costing tens of millions. ComicForm hackers conducted phishing campaigns with Formbook malware against Eurasian industrial and financial entities. Microsoft, SentinelOne, and Palo Alto Networks withdrew from MITRE’s 2025 ATT&CK Evaluations, citing methodology concerns.

    Want to dig deeper?

    Vulnerabilities

    CVE-2025-55241 Critical