Summary4 min read

Cyber Security Headlines

Episode: European Airports Restore Services, CISA Deals with GeoServer Exploit, Jaguar Land Rover Extends Shutdown
Podcast: CISO Series
Host: Sarah Lane
Date: September 24, 2025

Episode Overview

This episode provides a fast-paced roundup of major cybersecurity incidents affecting critical infrastructure, government agencies, tech platforms, and international businesses. Host Sarah Lane covers breaking stories from ransomware outages at European airports to major data breaches, law enforcement operations, and the evolving use of AI in new cyberattacks.

Key Discussion Points and Insights

1. European Airports Disrupted by Ransomware ([00:08])

Incident: Collins Aerospace, a Raytheon (RTX) subsidiary, suffered a ransomware attack that crippled check-in systems at several major European airports, including Heathrow, Brussels, Berlin, and Dublin.
- Impact: Caused long queues, delays, and “hundreds of cancellations” over the weekend.
- Brussels Airport canceled nearly half its Monday flights.
- Other airports, like Dublin and London, had to switch to manual check-in processes.
Response: ENISA identified this as a third-party ransomware incident but withheld details on the malware strain.
Status: According to insiders, “fixes are in the final stages” at Collins Aerospace.

Notable Quote:
"Brussels airport canceled nearly half of Monday's flights. Dublin and London continued manual check." (Sarah Lane, [00:36])

2. CISA Warns of GeoServer Exploit at US Federal Agency ([01:05])

Attack Overview: Unnamed US federal agency was breached last year through an unpatched GeoServer RCE vulnerability.
- Attackers installed web shells (e.g., China Chopper) and moved laterally using brute-force attacks, reaching SQL and web servers undetected for three weeks.
CISA Recommendations: Advise “rapid patching of critical vulnerabilities, continuous monitoring of EDR alerts, and strengthened incidence response.”

Notable Quote:
"CISA is urging rapid patching of critical vulnerabilities, continuous monitoring of EDR alerts and strengthened incidence response to prevent similar breaches." (Sarah Lane, [01:36])

3. “Cancel the Hate” App Data Leak ([01:45])

App Purpose: Created to let users anonymously report people accused of criticizing conservative political figure Charlie Kirk after his murder.
Breach: Security researcher “Bob dehacker” found flaws leaking user emails and phone numbers, allowing account deletions.
- Exposure: Data from 142 users leaked.
- The app was promptly taken offline when the breach was confirmed by Straight Arrow News.

Notable Quote:
"Security researcher Bob dehacker found flaws that exposed user profiles and allowed account deletions." (Sarah Lane, [01:57])

4. Jaguar Land Rover Cyber Attack Shuts Down Global Production ([02:17])

Status: Operations globally halted since early September; the shutdown extended until at least next month.
Impact: Estimated daily losses of £50–70 million; thousands of temporary staff laid off or on reduced pay.

Notable Quote:
"Jaguar Land Rover said Tuesday its global operations will remain shut until at least next month as it recovers from a cyber attack that has halted all car and parts production since early September." (Sarah Lane, [02:22])

5. Secret Service Dismantles Massive Card Farming Network ([03:07])

Scale: Over 100,000 SIM cards and 300 servers dismantled near NYC; could have crippled city’s cellular and emergency networks during the UN General Assembly.
Suspected Motive: Foreign-linked network, under investigation.

Notable Quote:
"Officials said the foreign-linked network could have shut down the city's cellular system and targeted communications of government and emergency personnel." (Sarah Lane, [03:17])

6. Iranian Group Nimbus Manticore Expands Attacks in Europe ([03:47])

Targeted Industries: Aerospace, telecom, and defense firms in Denmark, Sweden, and Portugal.
Tactics: Sophisticated spear-phishing emails posing as job offers, multi-stage malware for credential theft and file exfiltration, and advanced evasion via DLL sideloading, obfuscation, and signed certificates.

7. European Police Break Cryptocurrency Fraud Ring ([04:19])

Scale: Five suspects arrested; ring stole over €100 million from more than 100 victims across 23 countries since 2018.
Modus Operandi: Used professional-looking websites to lure investors, then funneled funds into bank accounts in Spain, Portugal, Italy, Romania, and Bulgaria.
Action: Eurojust and Europol coordinated arrests, froze accounts and assets.

8. Revenge Hotels Hacking Group Deploys AI-Generated Malware ([04:58])

New Tactics: Hotel-targeting group “Revenge Hotels” resurfaces using AI-generated malware that evades detection.
- Phishing emails disguised as booking requests/job applications drop Venom RAT, stealing guest payment data.
- AI variants help bypass legacy security tools; social engineering remains core tactic.
Warning from Kaspersky: Risks of payment card theft rising even at reputable hotels.

Notable Quote:
"Hotel guests face rising risks of card theft even at trusted properties." (Sarah Lane, [05:23])

Notable Quotes & Memorable Moments (with Timestamps)

"Brussels airport canceled nearly half of Monday's flights. Dublin and London continued manual check.” (Sarah Lane, [00:36])
"CISA is urging rapid patching of critical vulnerabilities, continuous monitoring of EDR alerts and strengthened incidence response..." (Sarah Lane, [01:36])
"Jaguar Land Rover said Tuesday its global operations will remain shut until at least next month as it recovers from a cyber attack…” (Sarah Lane, [02:22])
"Officials said the foreign-linked network could have shut down the city's cellular system and targeted communications of government and emergency personnel." (Sarah Lane, [03:17])
"Hotel guests face rising risks of card theft even at trusted properties." (Sarah Lane, [05:23])

Segment Timestamps Quick Reference

European airports ransomware – [00:08]
US Federal agency – GeoServer exploit – [01:05]
Cancel the Hate app data leak – [01:45]
Jaguar Land Rover shutdown – [02:17]
Cellular “card farm” network bust – [03:07]
Nimbus Manticore attacks in Europe – [03:47]
Europol crypto fraud arrests – [04:19]
Revenge Hotels AI-coded malware – [04:58]

Conclusion

This episode highlights the expanding scope, scale, and sophistication of cyberattacks impacting public infrastructure, private enterprises, and individuals worldwide. Key lessons include the persistent need for rapid vulnerability patching, advanced monitoring, and international law enforcement collaboration, as adversaries increasingly deploy both AI and social engineering to exploit every possible weakness.

Loading summary

Transcript3 lines

[00:00]
A
From the CISO series, it's Cybersecurity Headlines.
[00:07]
B
These are the cybersecurity headlines for Wednesday, September 24, 2025. I'm Sarah Lane. European airports restoring services after system breach A ransomware attack on Collins Aerospace, a subsidiary of rtx, disrupted check in systems at major European airports including Heathrow, Brussels, Berlin and Dublin, causing long lines, delays and hundreds of cancellations over the weekend. ENISA confirmed it was a third party ransomware incident, but withheld details on the malware. Brussels airport canceled nearly half of Monday's flights. Dublin and London continued manual check. Inside Collins says fixes are in the final stages. CISA deals with geoserver exploits CISA reports that attackers breached an unnamed US Federal agency last year via an unpatched geo server vulnerability by exploiting the RCE flaw. Threat actors deployed web shells like China Chopper moved laterally using brute force passport attacks and accessed SQL and web servers, remaining undetected for three weeks. CISA is urging rapid patching of critical vulnerabilities, continuous monitoring of EDR alerts and strengthened incidence response to prevent similar breaches. App for outing Charlie Kirk's critics leaks personal data an app called Cancel the Hate, created after Charlie Kirk's murder to let users anonymously report people accused of criticizing him leaked personal data, including emails and phone numbers. Security researcher Bob dehacker found flaws that exposed user profiles and allowed account deletions. The app was taken offline after Straight Arrow News confirmed the breach with leaked data from 142 users. Jaguar Land Rover extends shutdown following cyber attack Jaguar Land Rover said Tuesday its global operations will remain shut until at least next month as it recovers from a cyber attack that has halted all car and parts production since early September. The company is losing an estimated 50 to 70 million pounds daily, with thousands of agency and temporary staff let go and others on reduced pay. Huge thanks to our sponsor, Conveyor. Have you been personally victimized by a questionnaire this week? The queue never ends, but Conveyor can change that story with AI that answers questionnaires of any format and a trust center that handles document sharing. Security reviews get done without the stress. Feel calm in the chaos with Conveyor. Learn more at www.conveyor.com Feds say 100,000 card farms could have killed NYC cell towers. The US Secret Service said it dismantled a covert cellular network of more than 100,000 SIM cards and 300 servers near New York City that posed an imminent telecommunications threat ahead of the UN General Assembly. Officials said the foreign linked network could have shut down the city's cellular system and targeted communications of government and emergency personnel. The equipment was found within 35 miles of the UN and is now under investigation as agents analyze data from 100,000 phones. Iranian group Nimbus Manticore expands European targeting Iran Linked hacking group Nimbus Mandicore is targeting aerospace, telecommunications and defense firms in Denmark, Sweden and Portugal using spear phishing campaigns disguised as job offers. The group deploys multistage malware that steals credentials, exfiltrates files and executes remote commands while evading detection through DLL sideloading code obfuscation and valid code signing certificates. Police Dismantle crypto fraud ring European authorities arrested five suspects linked to a cryptocurrency investment fraud ring that stole over 100 million euros from more than 100 victims. The operation, coordinated by Eurojust and supported by Europol, targeted investors across 23 countries since at least 2018, using professional looking online platforms to to promise high crypto returns while funneling funds into controlled bank accounts. Law enforcement froze accounts and assets in Spain, Portugal, Italy, Romania and Bulgaria. Revenge Hotels checks Back in with AI Coded Malware Kaspersky says the hotel hacking group Revenge Hotels has resurfaced with AI generated malware that makes scams harder to detect. The crew is apparently sending phishing emails disguised as booking requests or job applications, which then drop venom rat to steal guest payment data. Using AI coded variants helps evade older security tools while still relying on familiar social engineering tricks, Kaspersky warns. Hotel guests face rising risks of card theft even at trusted properties. If you want to help make great content for the CISO series, we've got a great way for you to participate. We need our listeners to fill out a quick five question survey. They are Family Feud style questions. It should be fun and your responses will be used for an upcoming live event. If you've got an extra minute, head on over to cisoseries.com participate to fill it out. And if you have thoughts on the news from today or about our show in general, but be sure to reach out to us@feedbackisoseries.com we would love to hear from you. I am Sarah Lane reporting for the CISO Series. Thank you for joining us and we'll talk to you next time.
[06:35]
A
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories. Behind the headlines.