Cyber Security Headlines

Episode: European Airports Restore Services, CISA Deals with GeoServer Exploit, Jaguar Land Rover Extends Shutdown
Podcast: CISO Series
Host: Sarah Lane
Date: September 24, 2025

Episode Overview

This episode provides a fast-paced roundup of major cybersecurity incidents affecting critical infrastructure, government agencies, tech platforms, and international businesses. Host Sarah Lane covers breaking stories from ransomware outages at European airports to major data breaches, law enforcement operations, and the evolving use of AI in new cyberattacks.

Key Discussion Points and Insights

1. European Airports Disrupted by Ransomware ([00:08])

Incident: Collins Aerospace, a Raytheon (RTX) subsidiary, suffered a ransomware attack that crippled check-in systems at several major European airports, including Heathrow, Brussels, Berlin, and Dublin.
- Impact: Caused long queues, delays, and “hundreds of cancellations” over the weekend.
- Brussels Airport canceled nearly half its Monday flights.
- Other airports, like Dublin and London, had to switch to manual check-in processes.
Response: ENISA identified this as a third-party ransomware incident but withheld details on the malware strain.
Status: According to insiders, “fixes are in the final stages” at Collins Aerospace.

Notable Quote:
"Brussels airport canceled nearly half of Monday's flights. Dublin and London continued manual check." (Sarah Lane, [00:36])

2. CISA Warns of GeoServer Exploit at US Federal Agency ([01:05])

Attack Overview: Unnamed US federal agency was breached last year through an unpatched GeoServer RCE vulnerability.
- Attackers installed web shells (e.g., China Chopper) and moved laterally using brute-force attacks, reaching SQL and web servers undetected for three weeks.
CISA Recommendations: Advise “rapid patching of critical vulnerabilities, continuous monitoring of EDR alerts, and strengthened incidence response.”

Notable Quote:
"CISA is urging rapid patching of critical vulnerabilities, continuous monitoring of EDR alerts and strengthened incidence response to prevent similar breaches." (Sarah Lane, [01:36])

3. “Cancel the Hate” App Data Leak ([01:45])

App Purpose: Created to let users anonymously report people accused of criticizing conservative political figure Charlie Kirk after his murder.
Breach: Security researcher “Bob dehacker” found flaws leaking user emails and phone numbers, allowing account deletions.
- Exposure: Data from 142 users leaked.
- The app was promptly taken offline when the breach was confirmed by Straight Arrow News.

Notable Quote:
"Security researcher Bob dehacker found flaws that exposed user profiles and allowed account deletions." (Sarah Lane, [01:57])

4. Jaguar Land Rover Cyber Attack Shuts Down Global Production ([02:17])

Status: Operations globally halted since early September; the shutdown extended until at least next month.
Impact: Estimated daily losses of £50–70 million; thousands of temporary staff laid off or on reduced pay.

Notable Quote:
"Jaguar Land Rover said Tuesday its global operations will remain shut until at least next month as it recovers from a cyber attack that has halted all car and parts production since early September." (Sarah Lane, [02:22])

5. Secret Service Dismantles Massive Card Farming Network ([03:07])

Scale: Over 100,000 SIM cards and 300 servers dismantled near NYC; could have crippled city’s cellular and emergency networks during the UN General Assembly.
Suspected Motive: Foreign-linked network, under investigation.

Notable Quote:
"Officials said the foreign-linked network could have shut down the city's cellular system and targeted communications of government and emergency personnel." (Sarah Lane, [03:17])

6. Iranian Group Nimbus Manticore Expands Attacks in Europe ([03:47])

Targeted Industries: Aerospace, telecom, and defense firms in Denmark, Sweden, and Portugal.
Tactics: Sophisticated spear-phishing emails posing as job offers, multi-stage malware for credential theft and file exfiltration, and advanced evasion via DLL sideloading, obfuscation, and signed certificates.

7. European Police Break Cryptocurrency Fraud Ring ([04:19])

Scale: Five suspects arrested; ring stole over €100 million from more than 100 victims across 23 countries since 2018.
Modus Operandi: Used professional-looking websites to lure investors, then funneled funds into bank accounts in Spain, Portugal, Italy, Romania, and Bulgaria.
Action: Eurojust and Europol coordinated arrests, froze accounts and assets.

8. Revenge Hotels Hacking Group Deploys AI-Generated Malware ([04:58])

New Tactics: Hotel-targeting group “Revenge Hotels” resurfaces using AI-generated malware that evades detection.
- Phishing emails disguised as booking requests/job applications drop Venom RAT, stealing guest payment data.
- AI variants help bypass legacy security tools; social engineering remains core tactic.
Warning from Kaspersky: Risks of payment card theft rising even at reputable hotels.

Notable Quote:
"Hotel guests face rising risks of card theft even at trusted properties." (Sarah Lane, [05:23])

Notable Quotes & Memorable Moments (with Timestamps)

"Brussels airport canceled nearly half of Monday's flights. Dublin and London continued manual check.” (Sarah Lane, [00:36])
"CISA is urging rapid patching of critical vulnerabilities, continuous monitoring of EDR alerts and strengthened incidence response..." (Sarah Lane, [01:36])
"Jaguar Land Rover said Tuesday its global operations will remain shut until at least next month as it recovers from a cyber attack…” (Sarah Lane, [02:22])
"Officials said the foreign-linked network could have shut down the city's cellular system and targeted communications of government and emergency personnel." (Sarah Lane, [03:17])
"Hotel guests face rising risks of card theft even at trusted properties." (Sarah Lane, [05:23])

Segment Timestamps Quick Reference

European airports ransomware – [00:08]
US Federal agency – GeoServer exploit – [01:05]
Cancel the Hate app data leak – [01:45]
Jaguar Land Rover shutdown – [02:17]
Cellular “card farm” network bust – [03:07]
Nimbus Manticore attacks in Europe – [03:47]
Europol crypto fraud arrests – [04:19]
Revenge Hotels AI-coded malware – [04:58]

Conclusion

This episode highlights the expanding scope, scale, and sophistication of cyberattacks impacting public infrastructure, private enterprises, and individuals worldwide. Key lessons include the persistent need for rapid vulnerability patching, advanced monitoring, and international law enforcement collaboration, as adversaries increasingly deploy both AI and social engineering to exploit every possible weakness.

Cyber Security Headlines

Episode: European Airports Restore Services, CISA Deals with GeoServer Exploit, Jaguar Land Rover Extends Shutdown
Podcast: CISO Series
Host: Sarah Lane
Date: September 24, 2025

Episode Overview

Key Discussion Points and Insights

1. European Airports Disrupted by Ransomware ([00:08])

Incident: Collins Aerospace, a Raytheon (RTX) subsidiary, suffered a ransomware attack that crippled check-in systems at several major European airports, including Heathrow, Brussels, Berlin, and Dublin.
- Impact: Caused long queues, delays, and “hundreds of cancellations” over the weekend.
- Brussels Airport canceled nearly half its Monday flights.
- Other airports, like Dublin and London, had to switch to manual check-in processes.
Response: ENISA identified this as a third-party ransomware incident but withheld details on the malware strain.
Status: According to insiders, “fixes are in the final stages” at Collins Aerospace.

Notable Quote:
"Brussels airport canceled nearly half of Monday's flights. Dublin and London continued manual check." (Sarah Lane, [00:36])

2. CISA Warns of GeoServer Exploit at US Federal Agency ([01:05])

Attack Overview: Unnamed US federal agency was breached last year through an unpatched GeoServer RCE vulnerability.
- Attackers installed web shells (e.g., China Chopper) and moved laterally using brute-force attacks, reaching SQL and web servers undetected for three weeks.
CISA Recommendations: Advise “rapid patching of critical vulnerabilities, continuous monitoring of EDR alerts, and strengthened incidence response.”

3. “Cancel the Hate” App Data Leak ([01:45])

App Purpose: Created to let users anonymously report people accused of criticizing conservative political figure Charlie Kirk after his murder.
Breach: Security researcher “Bob dehacker” found flaws leaking user emails and phone numbers, allowing account deletions.
- Exposure: Data from 142 users leaked.
- The app was promptly taken offline when the breach was confirmed by Straight Arrow News.

Notable Quote:
"Security researcher Bob dehacker found flaws that exposed user profiles and allowed account deletions." (Sarah Lane, [01:57])

4. Jaguar Land Rover Cyber Attack Shuts Down Global Production ([02:17])

Status: Operations globally halted since early September; the shutdown extended until at least next month.
Impact: Estimated daily losses of £50–70 million; thousands of temporary staff laid off or on reduced pay.

5. Secret Service Dismantles Massive Card Farming Network ([03:07])

Scale: Over 100,000 SIM cards and 300 servers dismantled near NYC; could have crippled city’s cellular and emergency networks during the UN General Assembly.
Suspected Motive: Foreign-linked network, under investigation.

6. Iranian Group Nimbus Manticore Expands Attacks in Europe ([03:47])

Targeted Industries: Aerospace, telecom, and defense firms in Denmark, Sweden, and Portugal.
Tactics: Sophisticated spear-phishing emails posing as job offers, multi-stage malware for credential theft and file exfiltration, and advanced evasion via DLL sideloading, obfuscation, and signed certificates.

7. European Police Break Cryptocurrency Fraud Ring ([04:19])

Scale: Five suspects arrested; ring stole over €100 million from more than 100 victims across 23 countries since 2018.
Modus Operandi: Used professional-looking websites to lure investors, then funneled funds into bank accounts in Spain, Portugal, Italy, Romania, and Bulgaria.
Action: Eurojust and Europol coordinated arrests, froze accounts and assets.

8. Revenge Hotels Hacking Group Deploys AI-Generated Malware ([04:58])

New Tactics: Hotel-targeting group “Revenge Hotels” resurfaces using AI-generated malware that evades detection.
- Phishing emails disguised as booking requests/job applications drop Venom RAT, stealing guest payment data.
- AI variants help bypass legacy security tools; social engineering remains core tactic.
Warning from Kaspersky: Risks of payment card theft rising even at reputable hotels.

Notable Quote:
"Hotel guests face rising risks of card theft even at trusted properties." (Sarah Lane, [05:23])

Notable Quotes & Memorable Moments (with Timestamps)

"Brussels airport canceled nearly half of Monday's flights. Dublin and London continued manual check.” (Sarah Lane, [00:36])
"CISA is urging rapid patching of critical vulnerabilities, continuous monitoring of EDR alerts and strengthened incidence response..." (Sarah Lane, [01:36])
"Jaguar Land Rover said Tuesday its global operations will remain shut until at least next month as it recovers from a cyber attack…” (Sarah Lane, [02:22])
"Officials said the foreign-linked network could have shut down the city's cellular system and targeted communications of government and emergency personnel." (Sarah Lane, [03:17])
"Hotel guests face rising risks of card theft even at trusted properties." (Sarah Lane, [05:23])

Segment Timestamps Quick Reference

European airports ransomware – [00:08]
US Federal agency – GeoServer exploit – [01:05]
Cancel the Hate app data leak – [01:45]
Jaguar Land Rover shutdown – [02:17]
Cellular “card farm” network bust – [03:07]
Nimbus Manticore attacks in Europe – [03:47]
Europol crypto fraud arrests – [04:19]
Revenge Hotels AI-coded malware – [04:58]

wavePod

European airports restore services, CISA deals with GeoServer exploit, Jaguar Land Rover extends shutdown

Powered by Wave AI

Summary

Cyber Security Headlines

Episode Overview

Key Discussion Points and Insights

1. European Airports Disrupted by Ransomware ([00:08])

2. CISA Warns of GeoServer Exploit at US Federal Agency ([01:05])

3. “Cancel the Hate” App Data Leak ([01:45])

4. Jaguar Land Rover Cyber Attack Shuts Down Global Production ([02:17])

5. Secret Service Dismantles Massive Card Farming Network ([03:07])

6. Iranian Group Nimbus Manticore Expands Attacks in Europe ([03:47])

7. European Police Break Cryptocurrency Fraud Ring ([04:19])

8. Revenge Hotels Hacking Group Deploys AI-Generated Malware ([04:58])

Notable Quotes & Memorable Moments (with Timestamps)

Segment Timestamps Quick Reference

Conclusion

Summary

Cyber Security Headlines

Episode Overview

Key Discussion Points and Insights

1. European Airports Disrupted by Ransomware ([00:08])

2. CISA Warns of GeoServer Exploit at US Federal Agency ([01:05])

3. “Cancel the Hate” App Data Leak ([01:45])

4. Jaguar Land Rover Cyber Attack Shuts Down Global Production ([02:17])

5. Secret Service Dismantles Massive Card Farming Network ([03:07])

6. Iranian Group Nimbus Manticore Expands Attacks in Europe ([03:47])

7. European Police Break Cryptocurrency Fraud Ring ([04:19])

8. Revenge Hotels Hacking Group Deploys AI-Generated Malware ([04:58])

Notable Quotes & Memorable Moments (with Timestamps)

Segment Timestamps Quick Reference

Conclusion