CyberNews: 23/09/2025 Edition

Published by Dunateo on 2025-09-23

Today’s roundup

  • Our plan for a more secure npm supply chain
  • BadIIS Malware Spreads via SEO Poisoning — Redirects Traffic, Plants Web Shells
  • Iran-Linked Hackers Target Europe With New Malware
  • Airport Chaos Shows Human Impact of 3rd-Party Attacks
  • Attacker Breakout Time Falls to 18 Minutes
  • $150K awarded for L1TF Reloaded exploit that bypasses cloud mitigations
  • A suspected Scattered Spider member suspect detained for casino network attacks
  • Stellantis probes data breach linked to third-party provider
  • Jaguar Land Rover extends shutdown again following cyberattack
  • Attackers Use Phony GitHub Pages to Deliver Mac Malware

    • Summary

    GitHub announced mandatory 2FA and short-lived tokens for npm to counter supply chain attacks like the Shai-Hulud worm. Palo Alto Networks revealed BadIIS malware campaigns targeting Vietnam via SEO poisoning, deploying web shells. Iranian group 'Nimbus Manticore' launched attacks in Europe with enhanced malware variants. Major EU airports faced disruptions after a third-party check-in system cyberattack caused flight cancellations. ReliaQuest reported attacker lateral movement time dropped to 18 minutes post-compromise. VU Amsterdam researchers earned $151K for exploiting L1TF Reloaded to leak Google Cloud VM memory despite mitigations. Las Vegas authorities arrested a Scattered Spider member linked to 2023 casino cyberattacks, while UK counterparts charged two others over Transport for London breaches. Stellantis investigated a third-party breach exposing customer data in North America. Jaguar Land Rover extended production shutdowns until October 1 following cyber incident impacts. Threat actors distributed Atomic macOS stealers via fake GitHub repositories in SEO poisoning schemes.