News – September 2025

  • Attacker steals customer data from UK rail operator LNER during break-in at supplier

    September 11, 2025

    One of the UK’s largest rail operators, LNER, is the latest organization to spill user data via a third-party data breach.… It confirmed the incident on Wednesday, saying customer contact details and “some information about previous journeys” was accessed at a third-party supplier. London North Eastern Railway (LNER) did not name the third party responsible for ...

  • France: Three Regional Healthcare Agencies Targeted by Cyber-Attacks

    September 11, 2025

    French regional healthcare agencies have been targeted by cyber-attacks compromising the personal data of patients across the country. On September 8, the regional healthcare agencies (ARS) for three regions, Hauts-de-France (Upper France), Normandy and Pays de la Loire (Lower Loire), issued security alerts warning about recent cyber-attacks carried out against the servers hosting the identity ...

  • AdaptixC2: A New Open-Source Framework Leveraged in Real-World Attacks

    September 10, 2025

    In early May 2025, Unit 42 researchers observed that AdaptixC2 was used to infect several systems. AdaptixC2 is a recently identified, open-source post-exploitation and adversarial emulation framework made for penetration testers that threat actors are using in campaigns. Unlike many well-known C2 frameworks, AdaptixC2 has remained largely under the radar. There is limited public documentation available ...

  • Patch Tuesday – September 2025

    September 10, 2025

    Microsoft is addressing 176 vulnerabilities today, which seems like a lot, and it is. Curiously, Microsoft’s own Security Update Guide (SUG) for September 2025 Patch Tuesday only lists 86 vulns, and that’s because the SUG doesn’t include a large number of open source software (OSS) fixes published today as part of updates for Azure Linux ...

  • All Plex users should reset passwords in wake of data breach

    September 10, 2025

    Popular media server and streaming platform, Plex, warned its users about losing their sensitive data in a cyberattack, and urged them to update their passwords as a result. In a forum post published on September 8, Plex said it recently experienced a security incident with “limited impact”, when an unauthorized third party accessed a subset of ...

  • Notes of cyber inspector: three clusters of threat in cyberspace

    September 10, 2025

    Hacktivism and geopolitically motivated APT groups have become a significant threat to many regions of the world in recent years, damaging infrastructure and important functions of government, business, and society. In late 2022 Kaspersky predicted that the involvement of hacktivist groups in all major geopolitical conflicts from now on will only increase and this is what ...

  • Global Defense Spending on the Rise: Focus Southeast Asia & Thailand

    September 9, 2025

    Global defense spending is surging to unprecedented levels, with 2024 marking a staggering USD 2.48 trillion in military expenditures and even more ambitious commitments on the horizon. The Janes 2025 Defense Budget Annual Report projects a 3.6% rise or an additional USD 88.4 billion in 2025, fueled primarily by expanded military budgets in Europe, Russia, Northeast Asia, ...

  • Unmasking The Gentlemen Ransomware: Tactics, Techniques, and Procedures Revealed

    September 9, 2025

    In August 2025, Trend Micro investigated a new ransomware campaign orchestrated by The Gentlemen, an emerging and previously undocumented threat group. This threat actor quickly established itself within the threat landscape by demonstrating advanced capabilities through their systematic compromise of enterprise environments. By adapting their tools mid-campaign—shifting from generic anti-AV utilities to highly targeted, specific variants—the ...

  • U.S. State Department offers up to $11 Million reward for Information about ransomware administrator charged with cybercrimes for deploying “Lockergoga,” “Nefilim,” and “Megacortex”

    September 9, 2025

    BROOKLYN, NY – Earlier today, a superseding indictment was unsealed charging Volodymyr Tymoshchuk, also known as “deadforz,” “Boba,” “msfv,” and “farnetwork,” a Ukrainian national, for his role in international ransomware schemes. Tymoshchuk is not in U.S. custody. Joseph Nocella, Jr., United States Attorney for the Eastern District of New York; Matthew R. Galeotti, Acting Assistant Attorney ...

  • Nepal: Protesters defy curfew, set fire to leaders’ homes

    September 9, 2025

    Nepali Prime Minister K.P. Sharma Oli resigned Tuesday, Reuters reported, after days of mass protests over a social media ban and official corruption in the Himalayan nation culminated in the torching of top leaders’ homes as well as the Parliament building. The country’s main airport in Kathmandu, the capital, was also closed amid security concerns as ...