👋 Intro
Welcome back to The CyberSignal — your go-to for clear cybersecurity news and insights. Normally, we hit your inbox every Tuesday morning, but due to technical issues on our platform this week’s edition is landing on Thursday afternoon. The silver lining? We can now cover everything from last Tuesday right up to today.
Each week we cut through the noise to bring you what really matters: the incidents, vulnerabilities, and policy changes that are shaping the security landscape.
We don’t just recap the news — from major breaches and actively exploited zero-days to ransomware tactics and regulatory moves — we focus on what comes next. Our aim is to arm you — whether you’re a CISO, IT pro, or security leader — with the knowledge and context to respond quickly, reduce risk, and make smarter decisions.
In a world where attackers move fast and regulators expect faster responses, The CyberSignal helps you stay one step ahead.
🔎 Overview: What Shifted in Cyber Since Last Tuesday
Google Chrome zero-day patched — CVE-2025-10585 actively exploited in the wild.
Scattered Spider arrests — two suspects charged in the UK and U.S., tied to 120+ attacks and $115M in ransom.
AI startup Mycroft raises $3.5M — building autonomous security and compliance agents.
Cisco ASA firewall zero-days disclosed — actively exploited flaws in Cisco perimeter gear.
Airline disruption spreads — Collins Aerospace MUSE system cyberattack causes widespread flight delays across Europe.
Jaguar Land Rover recovery — partial production resumes after weeks of disruption.
Co-op reports £80M hit — UK retailer blames a malicious cyberattack for slashed profits.
🔥 Key Incidents & Analysis
Chrome’s Zero-Day: Urgent Browser Risk
Google patched CVE-2025-10585, a critical type confusion vulnerability in Chrome’s V8 engine. Additional flaws in WebRTC, Dawn, and ANGLE were also addressed.
Why it matters: Chrome and other Chromium browsers (Edge, Brave, Opera) are everywhere. Unpatched endpoints = open doors.
Action: Force updates, enforce auto-update, and confirm compliance metrics.
Scattered Spider: Arrests, But Threat Remains
Two teenagers — Thalha Jubair and Owen Flowers — were charged for roles in Scattered Spider. Jubair alone is tied to 120+ attacks and $115M in ransom extorted.
Key takeaway: Even with arrests, their playbook — social engineering helpdesks, SIM swaps, phishing — persists.
Action: Audit helpdesk workflows, tighten identity checks, monitor privilege escalations.
AI & Security-Compliance Innovations: Mycroft Launch
Canadian startup Mycroft secured $3.5M in funding to build AI-driven security/compliance automation.
Why it matters: Automation accelerates response but introduces oversight risks. Human review is still essential.
Cisco Firewalls: Zero-Days in the Crosshairs
Cisco warned of two zero-days in ASA firewalls under active exploitation.
Why it matters: Firewalls are foundational. Past studies show misconfigurations already account for many breaches — add zero-days and exposure skyrockets.
Action: Patch immediately, monitor logs for anomalous traffic, and validate firewall configurations.
Airline Check-In Chaos: Vendor Breach Ripple Effect
A cyberattack on Collins Aerospace’s MUSE system disrupted check-in and boarding across European airports. Thousands of passengers faced delays.
Why it matters: Vendor risk equals infrastructure risk. Supply chain cyber incidents show cascading failures across industries.
Action: Catalog vendor dependencies, require incident response commitments in SLAs, and test fallback plans.
Jaguar Land Rover: Recovery Begins
Jaguar Land Rover restored partial systems after a cyber incident forced production shutdowns.
Key takeaway: Cyber risk extends into OT and manufacturing. ENISA’s OT security guidance stresses segmentation and redundancy.
Co-op Retail Hit: £80M Profit Loss
The UK’s Co-op disclosed a malicious cyberattack forced system shutdowns, cut profits by £80M, and exposed member data.
Implication: Retailers remain prime ransomware targets — confirmed by IBM’s 2025 Cost of a Data Breach Report.
⚠️ Threat & Vulnerability Highlights
Threat / CVE | Summary | Risk to You |
|---|---|---|
Type confusion in V8 engine, already exploited. | All Chrome/Chromium browsers at risk until patched. | |
WebRTC, Dawn, ANGLE memory flaws. | Chromium components inside apps may still be vulnerable. | |
Active exploitation of perimeter gear. | Patch ASA firewalls; monitor closely. | |
Social engineering & support desk compromise. | Train staff, harden workflows, monitor escalations. | |
Airline disruption after SaaS attack. | Vendor risk = business risk. Ensure resilience. |
🛡️ Actionable Tips for CISOs & IT Leaders
🖥️ Patch browsers and firewalls — prioritize Chrome and Cisco ASA updates. See CISA’s Known Exploited Vulnerabilities Catalog.
🧑💻 Audit helpdesk processes — implement stricter ID verification. NIST SP 800-63B offers guidance on digital identity.
📊 Boost telemetry — log anomalies in browsers/firewalls. Consider MITRE’s ATT&CK Detection Framework.
🤖 Plan AI guardrails — require oversight for AI tools. See OECD AI Risk Framework.
🔗 Revisit vendor resilience — test contingency plans, per ENISA Supply Chain Security Report.
🏛️ Legislative & Regulatory Changes
🌍 Cross-border enforcement rising — Scattered Spider arrests show stronger international cybercrime collaboration.
📜 Regulatory prep — while no new laws dropped this week, compliance pressure around breach disclosures and vendor accountability continues to tighten.
⚡ Why it matters: Compliance is increasingly about speed of response — make sure reporting playbooks are ready.
⚡ Quick Hits
1. Novakon HMI flaws — unpatched RCE & info disclosure issues.
Industrial automation vendor Novakon is under scrutiny after researchers disclosed multiple unpatched vulnerabilities in its Human-Machine Interface (HMI) products.
These flaws include remote code execution (RCE) and sensitive information disclosure bugs. Because HMIs often serve as the bridge between operators and critical industrial equipment, exploitation could allow attackers to manipulate industrial processes, steal data, or move laterally into OT/IT environments.
⚡ Why it matters: Organizations in manufacturing, energy, and critical infrastructure sectors should check if Novakon HMIs are deployed in their environments and apply compensating controls until patches are issued.
2. Airline check-in disruption — European flights delayed after a vendor cyberattack.
Air travel across parts of Western and Central Europe faced hours of disruption after a U.S.-based IT vendor providing check-in and boarding systems to multiple airlines was hit by a cyberattack. Airports in Germany, France, and Spain reported delays, with thousands of passengers impacted.
While full attribution is still under investigation, initial reports suggest the incident may have been a ransomware attack targeting SaaS platforms critical to aviation operations.
⚡ Why it matters: This underscores the supply-chain risk of aviation and travel industries, where a single vendor can become a single point of failure for dozens of airlines and airports. Resilience planning must include vendor incident response and redundant providers.
🔭 Looking Ahead
More zero-days expected in browser and firewall software.
Scattered Spider copycats will likely emerge.
AI-driven SecOps adoption is accelerating, but governance lags.
Retail & manufacturing remain top targets due to OT/IT overlap.
💡 Pro Tip of the Week
Set alerts for browser crashes, firewall configuration changes, and abnormal outbound traffic. See MITRE D3FEND for detection patterns relevant to exploitation.
🔒 Conclusion
This week showed risk across three layers: zero-day exploitation, people-centric social engineering, and automation without oversight.
⚡ For CISOs and IT leaders: Patch fast, strengthen the human element, and plan governance for AI-driven tools.
Thanks for reading this edition of The CyberSignal. Check out last week’s edition if you haven’t already.
Till next week,
The CyberSignal Team
📩 Found this roundup useful? Share The CyberSignal with a colleague who needs to stay ahead of cyber threats.
Stay Ahead with Daily CyberSignal Reports
Upgrade to The CyberSignal Daily for morning reports with the latest breaches, CVEs, and actionable insights before your day begins.