Full Report
The past 30 days have seen no shortage of new threats and incidents that brought into sharp relief the need for well-thought-out cyber-resilience plans
Analysis Summary
# Main Topic
Recent cybersecurity incidents over the past 30 days (September 2025) highlight the critical need for robust and well-thought-out cyber-resilience plans due to a variety of significant threats observed across key sectors.
## Key Points
- European airports experienced major disruptions due to a ransomware attack targeting automated passenger processing systems provided by Collins Aerospace.
- Jaguar Land Rover (JLR) extended global factory closures until at least October 1st following a cyberattack on its IT systems that began in August.
- A widespread supply-chain attack compromised hundreds of npm (Node Package Manager) packages, prompting an alert from CISA regarding impacts on the JavaScript component registry ecosystem.
- A large-scale information-stealing malware campaign is actively targeting macOS users by impersonating trusted brands like LastPass via phishing campaigns circulating through platforms like GitHub Pages.
## Threat Actors
- **Ransomware Actor(s):** Responsible for the attack against Collins Aerospace systems disrupting European airports. Attribution is not specified, but motivation is likely financial gain via extortion.
- **Supply Chain Attacker(s):** Responsible for compromising hundreds of npm packages (self-replicating "Shai Hulud" worm mentioned in associated articles, implying automated compromise).
- **Malware Distributors (Infostealers):** Engaged in a campaign leveraging brand impersonation (e.g., LastPass) to trick macOS users.
## TTPs
- **Ransomware Deployment:** Used to incapacitate critical infrastructure (automated passenger processing systems).
- **Supply Chain Compromise:** Injection of malicious code into widely used software components within the npm registry.
- **Impersonation/Phishing:** Threat actors leveraged known brand names to distribute malware.
- **Malware Delivery Vector:** Use of GitHub Pages to host malicious content targeting macOS users.
- **Malware Type:** Information-stealing malware.
## Affected Systems
- **Aviation Sector:** Automated passenger processing systems at major European airports (via third-party vendor Collins Aerospace).
- **Automotive Sector:** Global IT systems of Jaguar Land Rover (JLR).
- **Software Development Ecosystem:** Hundreds of npm packages (Node Package Manager registry).
- **End Users:** macOS users targeted by phishing campaigns.
## Mitigations
- **Cyber-Resilience Planning:** General emphasis on the need for well-thought-out cyber-resilience plans across all organizations.
- **Software Supply Chain Security:** Organizations relying on npm must urgently assess ingested dependencies following alerts regarding widespread compromise.
- **Endpoint Protection:** Users of macOS should exercise extreme caution regarding software downloads and impersonation attempts, particularly those appearing on platforms like GitHub Pages.
- **Vendor Risk Management:** Critical infrastructure operators (like airports) must review the security posture of their third-party software providers (like Collins Aerospace).
## Conclusion
The threats observed—ranging from infrastructure disruption via ransomware to widespread software supply chain compromise and targeted user malware—underscore that resilience must be built comprehensively across IT infrastructure, software development pipelines, and end-user awareness. Immediate attention should be paid to assessing risks associated with third-party dependencies and responding to alerts concerning information-stealing malware campaigns.