Summary4 min read

Risky Bulletin: UK to Bail Out Jaguar Land Rover

Podcast: Risky Bulletin
Host: Risky.biz, read by Claire Airdrop
Date: September 29, 2025

Episode Overview

This episode delivers a rapid-fire roundup of major cybersecurity events from late September 2025. Headlining the news: the UK government steps in to rescue Jaguar Land Rover after a crippling ransomware attack halts its production lines. The episode also touches on government initiatives in digital identification, ransomware targeting nurseries, hacking incidents involving US law enforcement software, cyber-espionage arrests in the Netherlands, vulnerabilities in popular file transfer software, misuse of humanoid robots, and more.

Key Discussion Points and Insights

1. UK Government Bailout of Jaguar Land Rover

[00:04] The UK government will underwrite a £1.5 billion loan guarantee for Jaguar Land Rover, aimed at supporting the company’s recovery after a significant ransomware attack.
- The attack brought production to a halt in August 2025, with disruptions expected to last into October.
- Notably, Jaguar Land Rover did not have cyber insurance at the time of attack.
"The company's production lines halted in August when it was hit by ransomware. The shutdown is expected to continue into October. According to recent reports, the company did not have cyber insurance."
— Claire Airdrop [00:19]

2. UK Introducing Digital ID System

[00:36] The UK is launching a digital ID stored on mobile phones for all citizens and legal residents.
- The system will be mandatory for employment to verify eligibility to work.

3. Ransomware Attack on London Nursery Chains

[00:46] Hackers, going by "Radiant," stole data of over 8,000 children from a London nursery operator, Keto International.
- Attackers released photos and contact details of 10 children on the dark web, demanding ransom or threatening to publish more.
- Keto operates nurseries in the UK, US, India, and China.

4. Breach of US Law Enforcement Monitoring Software

[01:10] Remotecom, a US Texas-based company providing monitoring software to law enforcement, was breached.
- Data about police officers, parolees, and software details was leaked by a hacker named "Wicked."
- Software is used in 49 US states to track internet, PC, and smartphone usage of paroled individuals.

5. Court-Approved Hack of Telegram Account

[01:36] US authorities were granted court permission to hack Telegram servers targeting an account linked to child exploitation.
- This is notable as Telegram typically ignores law enforcement requests for user data.
"A U.S. attorney's office was given permission from the court to hack Telegram servers... officials obtained permission through the court due to Telegram's general refusal to respond to law enforcement requests."
— Claire Airdrop [01:40]

6. Moscow IT Firm Leaks on Russian Payment Laundering

[02:00] Leaked internal documents reveal the Kremlin used the A7 A5 crypto token to launder money via Russian payment company A7.
- Used for bypassing sanctions, paying bribes, interfering in elections.
- Linked to oligarch Ilan Shaw, accused of major corruption and financing pro-Kremlin parties.

7. Dutch Teens Arrested for Spying with WiFi Sniffers

[02:38] Two Dutch 17-year-olds arrested for allegedly spying for Russia.
- Recruited via Telegram and paid to walk past sensitive sites (e.g., Canadian Embassy, Europol) with WiFi sniffers.

8. Router/Server Compromise: Renting Out to Botnets

[03:10] Cloudsec reports an operation compromising routers and servers, renting them out to botnet operators.
- Payloads for DDoS and cryptomining botnets (e.g., Rondodocs, Mirai, Morte) deployed.

9. Fortra GoAnywhere MFT Vulnerability Exploited

[03:24] Hackers exploiting a just-patched bug in Fortra GoAnywhere file transfer servers.
- Attacks began a week before patches were released.
- The deserialization vulnerability (severity rating: 10) allows remote command execution.
- Customers urged to take consoles offline until patched.
"The deserialization vulnerability allows threat actors to run commands on remote systems. The vulnerability has a severity rating of 10."
— Claire Airdrop [03:28]

10. Unconsented Telemetry from Unitree G1 Humanoid Robots

[03:49] Researchers found Unitree G1 humanoid robots are sending sensor and telemetry data to servers in China every five minutes.
- Bluetooth vulnerabilities also discovered—could be exploited to access internal networks.

Notable Quotes and Memorable Moments

On the lack of insurance at JLR:
"According to recent reports, the company did not have cyber insurance."
— Claire Airdrop [00:22]
On ransomware tactics:
"They're threatening to publish more unless the parent company, Keto International, pays a ransom."
— Claire Airdrop [01:00]
On Telegram and law enforcement:
"...officials obtained permission through the court due to Telegram's general refusal to respond to law enforcement requests."
— Claire Airdrop [01:40]
On severe software vulnerabilities:
"The deserialization vulnerability allows threat actors to run commands on remote systems. The vulnerability has a severity rating of 10."
— Claire Airdrop [03:28]

Important Timestamps

00:04 — UK bails out Jaguar Land Rover after ransomware
00:36 — UK digital ID system rollout
00:46 — Ransom attack at London nursery chain
01:10 — US law enforcement monitoring software hacked
01:36 — US court hacks Telegram for child exploitation case
02:00 — Kremlin crypto laundering revealed
02:38 — Dutch teens arrested for espionage via WiFi sniffers
03:10 — Compromised routers and servers hired for botnet attacks
03:24 — GoAnywhere MFT critical bug exploited
03:49 — Unitree G1 robots' unconsented data transmissions

Summary

This packed bulletin exposes the ongoing scale of high-impact cyberattacks—from nation-state espionage and business-crippling ransomware to child data extortion and the shadowy world of data-leaking robots. The episode blends urgent breach reports with noteworthy policy changes (like the UK’s digital ID rollout), while highlighting risky trends such as state-sponsored recruitment of youth, and warnings about unpatched software leading to catastrophic attacks.

The language is concise, direct, and informed, mirroring the host's brisk news delivery, ensuring listeners receive actionable information about emerging threats in cybersecurity.

Loading summary

Transcript1 lines

[00:04]
A
The UK will bail out Jaguar Land Rover following its cyber attack. Hackers try to extort a ransom using children's photos, Dutch police arrest two teens over sniffing wi fi for Russian spies and a recent Go Anywhere MFT bug is being exploited. This is the risky bulletin prepared by Catalyn Kimpanu and read by me, Claire airdrop. Today is the 29th of September and this podcast episode is brought to you by Authentic in today's top story, the UK government will underwrite a 1.5 billion pounds loan guarantee to help Jaguar Land Rover recover from its recent cyber attack. The company's production lines halted in August when it was hit by ransomware. The shutdown is expected to continue into October. According to recent reports, the company did not have cyber insurance. In other news, the UK government is introducing a digital ID system. The IDs will be stored on people's phones. The scheme will be available to all UK citizens and legal residents. It will be mandatory for anyone seeking employment, as it will be used to confirm a person's eligibility to work in the country. Hackers have stolen the personal data of more than 8,000 children from a London nursery. A group Calling itself Radiant has has released photos and contact details of 10 children on the Dark Web. They're threatening to publish more unless the parent company, Keto International, pays a ransom. Keto operates nurseries and preschools in the US the uk, India and China. A hacker has breached a company that provides monitoring software for US Law enforcement. The software, from Texas company Remotecom, is used to track Internet, PC and smartphone activity of paroled individuals in 49 US states. A hacker using the name Wicked leaked data about police officers, parolees and the software itself. According to Straight arrow News, a U.S. attorney's office was given permission from the court to hack Telegram servers. The hack targeted an account linked to a child exploitation case. Courtwatch News did not provide further specific details, but said officials obtained permission through the court due to Telegram's general refusal to respond to law enforcement requests. A Moscow IT company has leaked sensitive documents about Russian payment company A7. According to the leaked files, the Kremlin used the A7 A5 crypto token to launder money from Russia into the West. This helped the Kremlin bypass sanctions, pay bribes and interfere in elections. The company has been tied to sanction Moldovan and Russian oligarch Ilan Shaw. Shaw fled Moldova after stealing $1 billion from the country's banking system and being sentenced to 15 years in prison. He's since been financing pro Kremlin parties in an attempt to overturn the country's pro EU leadership. Dutch authorities have arrested two teenagers accused of spying for Russia. The 17 year olds were allegedly recruited via Telegram and tasked with hacking related assignments. They were paid to walk past sensitive locations with a wifi sniffer. The locations included the Canadian Embassy as well as the headquarters of Europol and Eurojust. Cloudsec has discovered an underground operation that compromises routers and servers and rents them to other botnet operators. It's been spotted deploying payloads for DDoS and crypto mining botnets like Rondodocs, Mirai and Morte. Hackers are exploiting a recently patched vulnerability in fortragoanywhere file transfer servers. According to Watchtower Labs. The attacks began a week before patches were released. The deserialization vulnerability allows threat actors to run commands on remote systems. The vulnerability has a severity rating of 10. Fortra recently urged customers to take their admin consoles offline until they apply the patch. And finally, Unitree G1 humanoid robots are sending sensor and other telemetry data to servers in China without user consent. The data is collected every five minutes, according to a team of researchers who reverse engineered the robot's firmware earlier this month. A separate report also revealed Bluetooth vulnerabilities in the G1. Those flaws could be exploited to access customers internal networks. And that is all for this podcast edition. Today's show was brought to you by Authentic. Find them@goauthentic IO thanks to your company.