Welcome to this week's edition of the Weekly Cyber Incident Review. This week, we have seen a range of significant incidents, from major disruptions at European airports to a deeply concerning breach at a nursery chain. These events highlight the ever-present threats of ransomware, supply chain vulnerabilities, and novel malware delivery techniques.
Incident Summaries
1. Cyber Attack Disrupts Major European Airports
Date: 2025-09-20
This week saw a major cyber-attack on the check-in systems of several European airports, causing significant travel disruption. The attack targeted the "MUSE" software from Collins Aerospace, with sources suggesting the involvement of a state-sponsored actor. Read the full incident report
2. "Radiant" Ransomware Group Hits Kido Nursery Chain
Date: 2025-09-25
A new ransomware group calling itself "Radiant" has claimed responsibility for a breach at the Kido Nursery Chain. The group has stolen highly sensitive data, including photos and personal details of children, and has reportedly been contacting parents directly for extortion. This attack is a disturbing example of the increasingly ruthless tactics being employed by financially motivated cybercriminals.
3. ClaimPix Leaks 10TB of Data Due to Misconfiguration
Date: 2025-09-24
A security researcher discovered a massive data leak at ClaimPix, an auto insurance claims platform. An unprotected and unencrypted database exposed 5.1 million files, including a vast amount of personally identifiable information (PII). This incident underscores the critical importance of proper database security and configuration.
4. Weaponized Microsoft Teams Installer Delivers Oyster Malware
Date: 2025-09-27
A new malware campaign is using a trojanized Microsoft Teams installer to deliver the "Oyster" malware. This technique relies on social engineering to trick users into running the malicious installer, which then infects their systems. This highlights the need for employee awareness and caution when downloading and installing software.
Conclusion
This week's incidents demonstrate the diverse range of threats facing organisations today. From nation-state level attacks on critical infrastructure to the exploitation of basic security misconfigurations, the need for a multi-layered security approach has never been more apparent. As always, we recommend that you review the detailed incident reports to better understand the TTPs used in these attacks and to inform your own defensive strategies.
Stay safe, and we will see you next week.