Snapshot Summary

CISA orders federal agencies to patch Sitecore zero-day after IR teams disrupt active attack — Federal civilian agencies have until 2025-09-25 to remediate CVE-2025-53690 after Mandiant reported stopping an intrusion leveraging a legacy sample machine key (published 2025-09-05) [AMER]. This matters because responders should hunt for ViewState code-injection activity, rotate machine keys, and validate admin account creations tied to early recon stages to accelerate containment (Source: The Record, 2025-09-05).

Chess.com: breach via third-party file transfer tool exposed data of 4,541 users — Regulatory filings detail access between 2025-06-05 and 2025-06-18, discovered 2025-06-19, with no passwords/banking leaked per company (published 2025-09-04) [AMER]. Investigators should map exposure chains around managed file-transfer stacks and tune detections for post-exfil staging across cloud storage (Source: The Record, 2025-09-04).

‘GhostRedirector’ “SEO fraud-as-a-service” hijacks Windows servers to boost gambling sites — ESET reports at least 65 compromised IIS servers across Brazil, Peru, Thailand, Vietnam and the US, deploying Rungan and Gamshen backdoors since 2024 (published 2025-09-05) [APAC/AMER]. IR teams should review IIS module inventories, search for unauthorized 301/302 chains and web.config edits, and baseline privileged account changes to evict persistence (Source: The Record, 2025-09-05).

Jaguar Land Rover operations severely disrupted; factory staff told to stay home — JLR said it proactively took systems down amid a cyber incident affecting global IT, and the UK ICO confirmed a breach report while a group claimed responsibility via Telegram (published 2025-09-05; incident ongoing 2025-09-05) [EMEA]. Manufacturers should prepare for extended OT/IT downtime, prioritize ERP/retail app recovery, and monitor for data-leak claims as extortion pressure (Source: The Record, 2025-09-05).

Texas sues PowerSchool over 2024 breach impacting 62.4M students and 9.5M teachers — The suit alleges deceptive security claims and lack of MFA prior to the intrusion, with filings citing exposure of SSNs, addresses, and sensitive education data (published 2025-09-04; event 2024-12) [AMER]. Education defenders should revisit vendor controls (MFA, segregation, data minimization) and prepare for discovery that exposes logging gaps and retention weaknesses (Source: The Record, 2025-09-04).

SAP S/4HANA critical flaw (CVE-2025-42957) exploited in the wild — SecurityBridge observed real-world exploitation despite August fixes that enable code injection and potential full system takeover (published 2025-09-05) [EMEA]. SAP admins should verify August notes are applied, hunt for suspicious RFC calls/new admin users/ABAP code edits, and lock down change-transport pipelines (Source: SecurityWeek, 2025-09-05).

Android September bulletin fixes two exploited zero-days (CVE-2025-48543, CVE-2025-38352) — Google shipped patches for 111 CVEs, including an AOSP Runtime EoP and a Linux kernel timer race under limited, targeted exploitation (published 2025-09-04) [AMER]. Enterprise MDMs should fast-track the 2025-09-05 patch level, monitor for spyware-style chains, and enforce minimum OS baselines for high-risk users (Source: SecurityWeek, 2025-09-04).

No credible updates in the last 72h.

House panel advances 10-year extension of US cyber info-sharing law (CISA 2015 reauth via WIMWIG Act) — Committee approval keeps liability-protected intel sharing on track before the 2025-09-30 sunset, with debates on speech/censorship limits expected in the Senate (published 2025-09-03) [AMER]. Renewals affect SOC sharing pipelines and ISAC/ISAO participation, while privacy guardrails could shape indicator fidelity and legal risk (Source: Nextgov/FCW, 2025-09-03).

Czech NÚKIB warns against tech that sends data to or is remotely managed from China — The advisory urges CI sectors (transport, energy, healthcare, public admin) to weigh PRC-linked supplier risks in procurement and security processes (published 2025-09-04) [EMEA]. This shapes vendor risk scoring, cloud-residency choices, and access-control expectations for managed service providers operating critical systems (Source: The Record, 2025-09-04).

EU General Court upholds EU-US Data Privacy Framework against challenge — The ruling finds US safeguards and the DPRC oversight adequate, though appeal remains possible (published 2025-09-04) [EMEA]. Cross-border data flows for thousands of firms face less near-term disruption, stabilizing SOC telemetry sharing and vendor processing under DPF (Source: The Record, 2025-09-04).

France’s CNIL fines Google (€325M) and Shein (€150M) over cookie-consent violations — CNIL says both firms failed to obtain valid consent, including Gmail ad insertions and cookie walls during account setup (published 2025-09-04) [EMEA]. Privacy programs should reassess consent UX, logging, and dark-pattern risks as regulators continue to link adtech behaviors to GDPR/ePrivacy enforcement (Source: The Record, 2025-09-04).

CISA’s new supplier-response web tool formalizes secure acquisition questionnaires — The standardized prompts on SBOM, SDLC controls, and vuln response can be embedded into procurement and annual attestations (published 2025-09-05) [AMER]. Compliance leads can bind responses to contract terms to improve audit trails and post-incident accountability (Source: CISA, 2025-09-05).