ENISA confirms ransomware behind European airport disruptions — EU’s cybersecurity agency said a third-party ransomware incident at a service provider forced manual check-in at Heathrow, Brussels and Berlin, with cascading delays from 20–23 September and phased recovery underway (22-09-2025) [EU]. For DFIR teams, the case underscores third-party risk, operational technology dependencies at airports, and the need for tested manual fallback procedures (Source: Industrial Cyber, 22-09-2025).

SolarWinds issues third fix after second patch bypass for exploited RCE — SolarWinds released another update for Web Help Desk after researchers found a second bypass of earlier patches for a critical RCE that has seen in-the-wild exploitation (24-09-2025) [Global]. IR leads should verify versioning, hunt for post-exploitation activity, and confirm compensating controls where patch windows remain constrained (Source: SC Media, 24-09-2025).

South Korea opens probe into Lotte Card breach impacting ~3M people — The Personal Information Protection Commission launched an investigation into Lotte Card after disclosure that 2.97 million customers’ data was exposed, with 280,000 at heightened fraud risk (23-09-2025) [APAC]. Investigators are assessing security controls and breach notification adequacy, with potential fines and remediation orders to follow (Source: The Record, 23-09-2025).

Secret Service disrupts SIM-farm telecom network near U.N. General Assembly — Agents dismantled a large cluster of SIM servers and >100,000 SIM cards capable of blasting massive volumes of messages and stressing cellular networks during the New York UN gathering (23-09-2025) [US]. The investigation continues without arrests; the takedown highlights telecom abuse vectors relevant to fraud, DDoS-like signaling storms and crisis comms (Source: CBS News, 23-09-2025).

European airports race to restore check-in systems after ransomware hit — ENISA confirmed a third-party ransomware incident at Collins Aerospace disrupted automated check-in across multiple hubs, forcing manual processes and flight cancellations from 20–23 September (22-09-2025) [EU]. The event underscores aviation supply-chain fragility and the operational impact of outages during peak travel (Source: Reuters, 22-09-2025).

Jaguar Land Rover halts production following cyberattack — Britain’s largest automaker extended plant shutdowns into early October, with ministers visiting affected suppliers to assess financial strain and mitigation plans (23-09-2025) [UK]. The ripple effects across automotive supply chains illustrate the broader business impact of cyber incidents beyond the initial target (Source: Reuters, 23-09-2025).

Boyd Gaming discloses cyberattack; employee data stolen — The Las Vegas casino operator reported to the SEC that attackers accessed internal IT systems and exfiltrated employee information, though operations at properties were unaffected (24-09-2025) [US]. Post-incident actions include notifications and monitoring while investigators work to determine scope and initial access (Source: The Record, 24-09-2025).

CISA adds Google Chromium V8 type confusion (CVE-2025-10585) to KEV — CISA confirmed active exploitation and required U.S. federal agencies to remediate per KEV timelines; enterprises should prioritize Chrome/Chromium updates and review browser hardening (23-09-2025) [US/Global]. KEV listings reflect real-world exploitation and are useful triage drivers for patch queues (Source: CISA, 23-09-2025).

Active Chrome 0-day exploitation prompts urgent patch guidance — Following KEV inclusion, security agencies and researchers warned of active attacks leveraging the Chromium V8 flaw, urging rapid browser updates and enterprise-wide restart enforcement (24-09-2025) [Global]. SOC teams should monitor for unusual renderer crashes and enforce version baselines via MDM (Source: Cybersecurity News, 24-09-2025).

UK police arrest suspect tied to airport ransomware disruption — The National Crime Agency detained a man in West Sussex under the Computer Misuse Act after the Collins Aerospace incident that disrupted check-in at Heathrow, Brussels and Berlin; he was released on conditional bail (24-09-2025) [UK/EU]. Attribution remains unconfirmed and no group has claimed responsibility (Source: Reuters, 24-09-2025).

Eurojust-led action dismantles €100M crypto investment scam; five arrested — A coordinated cross-border operation shut down a long-running scheme active since 2018, recovering assets and arresting suspects across multiple EU states (24-09-2025) [EU]. The case highlights money-laundering pipelines and crypto exchange touchpoints now central to financial crime investigations (Source: Help Net Security, 24-09-2025).

EDPB issues letter on calculation of GDPR fines — The European Data Protection Board responded to CCIA Europe regarding its fines calculation guidelines, signaling continued refinement of enforcement approaches post-DSA (23-09-2025) [EU]. DPAs and controllers should watch for further harmonisation affecting cross-border cases and penalty predictability (Source: EDPB, 23-09-2025).

ICO updates encryption guidance under UK GDPR — The UK regulator’s refreshed advice elevates expectations for proactive encryption controls and accountability, foreshadowing further updates under the Data (Use and Access) Act regime (23-09-2025) [UK]. CISOs should re-validate encryption choices and documentation against risk-based justifications (Source: RPC Legal, 23-09-2025).

NCCoE maps post-quantum crypto migration to NIST CSF & SP 800-53 — A new white paper outlines how to align PQC transition activities with widely used frameworks and control catalogs, offering practical mappings for risk and compliance teams (23-09-2025) [Global]. Organisations should inventory crypto dependencies and plan phased replacement against these references (Source: Industrial Cyber, 23-09-2025).

ISO/IEC 27001:2013 certifications expire on 31 October 2025 — With the transition deadline nearing, organisations still certified to 27001:2013 must complete migration to ISO/IEC 27001:2022 or face withdrawal (31-10-2025) [Global]. Compliance teams should confirm audit scheduling, SoA updates and risk treatment alignment to Annex A:2022 (Source: SGS, 09-05-2024).