JLR Cyberattack Slowed Down UK's GDP Growth

We usually think of cyber attacks as issues that disrupt individual companies. But have you ever considered that a single cyber incident could slow down the GDP growth of a developed country?

It may seem unlikely, yet it has already happened. In September 2025, Jaguar Land Rover (JLR) suffered a major cyber attack that forced the company to halt production for an entire month.

This event didn’t only affect JLR’s operations, it also contributed to slower economic growth in the United Kingdom. It’s a strong reminder that cyber threats can have real and measurable impact on a nation’s economy.

https://bit.ly/4r7E2Mr

Headlines:

"The Bank of England (BoE) has cited the cyberattack on Jaguar Land Rover (JLR) as one of the reasons for the country's slower-than-expected GDP growth in its latest rates decision."

"Weaker exports to the US, plus JLR's cyberattack, which was so damaging that the government had to step in and offer financial support, were the two reasons given by the BoE for this slower growth.

This is thought to be the first case in which a cyberattack has caused material economic and fiscal harm to the UK.

According to the most recent report from the Office for Budget Responsibility (OBR), dated 2021, while cyberattacks are a growing threat to Britain, none had caused sufficient disruption to adversely impact the entire economy."

"Economists previously estimated the harm to JLR alone could be north of £2 billion in lost revenues"

"JLR's cyber-instigated shutdown in September (2025) followed a rough few months for UK businesses, which were battered by major cyberattacks over the summer."

PowerSchool Hack

A 19-year-old college student from Massachusetts, has been sentenced to four years in prison after pleading guilty to hacking PowerSchool, a software platform used by schools across the United States to manage student information. He gained unauthorized access to the system and stole a massive amount of sensitive data belonging to 60 millions students and 9 million teachers; including personal identifiers, medical details, and educational records.

After gaining access, he contacted the company and demanded $2.85 million in Bitcoin (30 bitcoin), threatening to release the stolen data online if his ransom demand was not met.

PowerSchool confirmed that multifactor authentication (MFA) was not enabled on some of its systems at the time of the incident. This admission became a key detail in understanding how he was able to compromise the system so effectively.

https://bit.ly/4hcfhKo

Headlines:

"...He accessed databases belonging to the company PowerSchool that had information on more than 60 million students and nine million teachers."

"Sensitive data, including students’ Social Security numbers, special education status, medical conditions and parental restraining orders, were exposed in the hack, which PowerSchool made public in January."

"Last month, Texas sued PowerSchool, saying the company broke state laws relating to deceptive trade practices and identity theft protection, including by misleading consumers into believing its shoddy security practices were 'state-of-the-art.'

PowerSchool has acknowledged the hack was enabled by the fact that it did not use multifactor authentication."

Flight Delays Across Europe Due To Cyber Attacks

 

Most of us don’t think much about cybersecurity—until it affects us directly. But the reality is: threats exist whether we’re aware of them or not.

Recently, cyberattacks caused flight delays in airport terminals across Europe. Imagine arriving at the airport, ready for your holiday, only to learn your flight is delayed or even cancelled for hours. Frustrating, right?

https://bit.ly/4pH2hjL

Headlines:

"Several of the largest airports in Europe, including London Heathrow, have been trying to restore normal operations over the past few days after an attack on Friday disrupted automatic check-in and boarding software.

The problem stemmed from Collins Aerospace, a software provider that works with several airlines across the world."

"Airports in Brussels, Dublin and Berlin have also experienced delays. While kiosks and bag-drop machines have been offline, airline staff have instead relied on manual processing."

"A spokesperson for Brussels airport said Collins Aerospace had not yet confirmed the system was secure again. On Monday, 40 of its 277 departing flights and 23 of its 277 arriving services were cancelled."

China's Salt Typhoon Cyberspies Continue Their Years-long Hacking Campaign

 

Be highly alert of the China-based APT threat actors, like Salt Typhoon (and of the others too).

If you use the following products then DO patch them immediately:

Ivanti Connect Secure and Ivanti Policy Secure: CVE-2024-21887 & CVE-2023-46805.

Palo Alto Networks PAN-OS GlobalProtect: CVE-2024-3400

Cisco Internetworking Operating System (IOS) XE: CVE-2023-20273 & CVE-2023-20198

Cisco IOS and IOS XE: CVE-2023-20198 & CVE-2018-0171

https://bit.ly/4n3jIZA

"...Brett Leatherman (FBI Assistant Director) told media outlets that Salt Typhoon targeted more than 600 organizations across 80 countries."

"The international coalition also called out three China-based entities affiliated with Salt Typhoon – Sichuan Juxinhe Network Technology, Beijing Huanyu Tianqiong Information Technology, and Sichuan Zhixin Ruijie Network Technology – that it accused of providing cyber products and services to China's Ministry of State Security and People's Liberation Army."

"In addition to the four US agencies (FBI, CISA, National Security Agency, and Department of Defense Cyber Crime Center), the UK's National Cyber Security Centre plus government agencies in Australia, Canada, New Zealand, the Czech Republic, Finland, Germany, Italy, Japan, the Netherlands, Poland, and Spain also co-issued the security alert."

"'In addition to targeting telecommunications, reported targeting of hospitality and transportation by this actor could be used to closely surveil individuals,' he said. 'Information from these sectors can be used to develop a full picture of who someone is talking to, where they are, and where they are going.'"

Cyber Criminals Target African Financial Institutions Using Open Source Tools

 

Palo Alto Networks Unit 42 has uncovered a sophisticated threat campaign, CL-CRI-1014, that’s been quietly targeting financial institutions across Africa since mid-2023. What’s striking about this campaign is not just the tooling, but the strategy.

Instead of using custom malware, the attackers rely on publicly available and open-source tools — commonly used by IT admins and red team members. They then go a step further: forging digital file signatures to make malicious payloads look like legitimate software from trusted vendors.

This allows them to:

• Bypass basic endpoint defenses

• Maintain long-term access without triggering alerts

• Blend in with legitimate traffic and processes

This is yet another sign that attackers are moving away from complex malware and toward abusing what’s already in the environment. And with trust in file signatures being exploited, traditional security signals are no longer enough.

Lessons Learned:

1. Trust can be weaponized – even signed and open-source tools can be abused.

2. Initial access isn’t always loud – attackers may dwell silently before selling access.

3. Detection must go deeper – beyond file signatures, focus on behavior and persistence.

4. Open-source ≠ risk-free – validate and monitor every tool in your environment.

5. Assume visibility gaps exist –  Prioritize collecting security data from devices and network traffic.

https://bit.ly/449hWzB