September 2025 Cybersecurity Roundup with Tony Anscombe

Tony Anscombe, ESET's Chief Security Evangelist, wraps up September 2025 with a crisp roundup of the month's standout cybersecurity stories and what they mean for your defenses.

Highlights from September 2025:

• Major European airports hit by ransomware: Automated passenger processing systems from Collins Aerospace were knocked offline, causing widespread disruptions and highlighting aviation supply-chain risk.
• Jaguar Land Rover shutdown: The UK's largest carmaker kept global operations closed until at least October 1 following an August cyberattack on its IT systems, underscoring how recovery can extend well beyond the initial incident.
• npm supply-chain compromise: Hundreds of Node Package Manager packages were tampered with, prompting a CISA alert and reinforcing the need to lock dependencies, verify maintainers, and scan packages before use.
• macOS malware via brand impersonation: Threat actors spoofed trusted names, including LastPass, to push info-stealing malware to Mac users. Stick to official download sources and verify app signatures.

Quick takeaways for your cyber-defense:

• Strengthen vendor and supply-chain risk management.
• Test and refine incident response and backup strategies.
• Enforce least privilege, segment critical systems, and keep software up to date.
• Train users to spot phishing, brand spoofing, and fake installers.

Explore more insights in Tony's August 2025 edition and follow ESET on Facebook, X, LinkedIn, and Instagram for ongoing updates.

Source: WeLiveSecurity