Cybersecurity Weekly Update: 15‑22 September 2025
- SOC Team
- Sep 22
- 4 min read
A recap of the latest cybersecurity threats, vulnerabilities, and industry trends from the week.
1. Major Incident: Airport Check‑In Disruption via Ransomware
A major cyberattack disrupted electronic check‑in and boarding systems at several large European airports (Heathrow, Berlin‑Brandenburg, and Brussels). The affected software was Collins Aerospace’s MUSE (Multi‑User System Environment), a third‑party provider for passenger check‑in, baggage processing, and boarding. (AP News)
Why it matters:For sectors dependent on third‑party suppliers (transport, defence, logistics), this is a reminder that service‑provider security is a single weak link that can have cascading effects. Ransomware via vendors can disrupt critical infrastructure and operations—even where the primary organisation isn’t directly attacked.
2. Rising Costs & State‑Actors in Germany’s Cyber Economy
A survey by Bitkom in Germany indicates that cyberattacks have cost the German economy almost €300 billion over the past year. (DIESEC)
Foreign intelligence services (notably Russia and China) are increasingly implicated, blurring the lines between espionage and cybercrime. (DIESEC)
Ransomware remains a major factor; smaller organisations in particular are bearing disproportionate damage from both downtime and remediation costs. (DIESEC)
Why it matters:Financial services, healthcare, defence and education sectors in Europe (and similarly in South Africa) should expect that economic (and reputational) damages from cyberattacks will rise. Investment in prevention (patching, resilience, redundancy) is increasingly cost‑justified.
3. Data Breach: Sweden – IT Service Provider Exposes 1.5 Million Personal Records
An IT services provider in Sweden, Miljodata, suffered a breach on 23‑24 August that led to the exposure of about 1.5 million individuals’ personal data, including names, addresses etc. (DIESEC)
Why it matters:Healthcare, financial services, education all handle large volumes of personal data. Breaches at backbone service providers (like IT services firms) magnify risk. Data privacy regulation (GDPR in Europe etc.) means obligations not just of direct holders of data but also their vendors.
4. Threats & Trends: Supply Chain, Zero‑Days, and Botnet Escalations
Several emerging threats and patterns continue to develop this week:
Supply Chain Attacks: A worm‑style supply chain attack (called “Shai‑Hulud”) has compromised at least 187 npm packages. The compromise reportedly began with a well‑used package and propagated to others. (DIESEC)
USE OF AI/Automation by Attackers: Threat actors are accelerating exploitation of zero‑day vulnerabilities using automated tools. Examples include frameworks like HexStrike‑AI that help scan for and exploit n‑day or zero‑day flaws. (Cyber Security News)
Large‑Scale DDoS Attacks: A major UDP flood DDoS attack peaking at 1.5 billion packets per second was blocked in Europe, involving compromised IoT devices and routers across thousands of networks. (The Hacker News)
Why it matters:Attack techniques are becoming more automated and scalable. Organisations must assume that attackers will exploit any exposed vulnerability quickly. Defence in depth (patching, segmentation, anomaly detection), supply chain security, and improved DDoS mitigation are increasingly non‑negotiable.
5. Health‑Sector and Regional Spotlight: South America & Brazil
While many headlines are European, there are important developments in Latin America relevant to healthcare and data protection sectors globally:
The KillSec Ransomware group has targeted healthcare institutions in Brazil, threatening data leak unless demands are met. The root cause traced back to misconfigured/insecure AWS S3 buckets. (Cgs Pam)
The episode underscores that cloud misconfigurations remain a major attack vector in healthcare, which often handles sensitive records. (Cgs Pam)
Recommendations & Actions You Should Take
Based on the above, here are some actions organisations in your markets should consider now:
Action | Why It’s Critical |
Review third‑party/vendor security | Incidents like the airports attack show service providers can become the pivot point of large disruptions. Contracts, audits, SLAs should be reviewed; ensure provider resilience. |
Patching & Vulnerability Management | Automation tools and zero‑day exploitation mean delays in patching are more dangerous than ever. Patch speed and prioritisation for high‑impact assets are essential. |
Data protection & breach preparedness | With breaches affecting personal data at scale, ensure GDPR/Data protection compliance, vendor risk assessments, and incident response plans are well tested. |
DDoS and infrastructure resilience | Plan for volumetric attacks, invest in mitigation capacity, redundant systems, and crisis communications in high disruption scenarios. |
Cloud and configuration hygiene | Misconfigured buckets and exposed APIs keep causing damage. Emphasize secure defaults, periodic configuration reviews. |
What to Watch Out For Next Week
Any further fallout or investigation reports from the airport disruptions — e.g. whether more airports or airlines were affected, and what the ransom/hacker disclosure details are.
New zero‑day vulnerabilities and whether AI/automation frameworks (like HexStrike‑AI) are being used by adversaries in your region.
Regulatory responses in Europe & South Africa, especially regarding vendor risk, supply chain security, and data protection laws (e.g. fines, disclosure requirements).
Healthcare sector attacks in emerging markets — Latin America, Africa — often precede or foreshadow global trends.