This week's Cybersecurity Incidents: 7 September – 14 September 2025
Share
Microsoft Patch Tuesday – Major Fixes Including SMB Privilege-Escalation Vulnerability
Microsoft released its September 2025 Patch Tuesday updates, addressing over 80 vulnerabilities across Windows, Office, Azure, Edge and more. Included, a publicly disclosed SMB elevation-of-privilege flaw (CVE-2025-55234) with CVSS score 8.8, NTLM elevation-of-privilege, remote code execution vulnerabilities, and many others. The update also introduces more auditing support for SMB signing, and tools to help organisations detect compatibility issues before enforcing stricter hardening. The implication for using Windows Servers or network shares should urgently check whether this vulnerability affects them, even if patching is done, configuration (e.g. enforcing SMB signing, using Extended Protection for Authentication) matters. Legacy systems or devices that can’t support newer hardening may pose compatibility issues, plan for testing and upgrades.
Source: (CrowdStrike)
U.S. Malware Email Targeting Trade Talks with China (APT41 Alleged)
U.S. authorities are investigating a fake email campaign from July, supposedly sent in the name of Representative John Moolenaar, aimed at U.S. trade groups, law firms, and government agencies involved in trade talks with China. The email contained malware designed to allow insight into trade-negotiation documents. The attack has been traced, by some analysts, to APT41, a group with alleged ties to Chinese intelligence. The implication in Law firms, consultancies, and small trade-advisory firms should be alert, these are sectors that small and medium businesses often occupy. Verify email senders, especially unsolicited or unexpected ones; educate staff about spear-phishing. Maintain up-to-date anti-malware tools and endpoint protection, limit admin privileges.
Source: (Reuters)
Jaguar Land Rover (JLR) Attack Deepens – Data Affected & Extended Disruption
Jaguar Land Rover has confirmed that the recent cyber-attack not only disrupted production globally but also involved some data loss. Factories in the UK, Slovakia, Brazil, India have been shut, and supplier operations have also been suspended. It's believed the disruption may last through September or beyond. The hack is tied to English-speaking hackers, possibly tied to the “Scattered Spider” group. The implication for suppliers to large manufacturers, means that business may suffer even if their own systems aren’t compromised (supply chain risk). Could lead to possible data breaches (customer/supplier data) require notification obligations in many jurisdictions. Review your own incident response plans, backup strategies, and supplier contracts.
Source: (The Guardian)
LNER Data Breach via Third-Party Supplier
UK railroad operator LNER disclosed that a third-party supplier’s breach exposed some passenger data contact details and journey records. No financial data or passwords compromised. LNER says ticketing, schedules are unaffected; but warns customers to watch for phishing and fraud attempts. The implications for any business working with third-party vendors must check vendor security practices. A breach in a vendor can compromise your reputation or obligations. SMBs often use vendors for data processing; ensure contracts require notification, and that data is protected in transit and at rest. Customers affected by a breach (even minimal data) may require outreach and strong messaging to retain trust.
Source : (The Guardian)
AI-Driven Threat Trends / Emerging Risks
Several reports and newsletters (e.g. Axios’s “Future of Cybersecurity”) highlight growing threats: autonomous AI agents that could exploit zero-day vulnerabilities, malware campaigns targeting open-source maintainers (npm packages), surging ransomware insurance claims, and artistic extortion (ransom groups using “art” or creative works to extort). The possible implications, for business that create or uses open-source code or relies on software libraries (npm, etc.), needs to verify software supply chain security. Insurance costs for cyber risk are rising, SMB’s need to ensure they understand what their policies cover, and be cautious of AI tools they can help attackers scale attacks, so human oversight and threat detection matter.
Source: (Axios)
Quick Guide Table
|
Incident |
What SMBs Need to Know / Do |
|
Microsoft Patch Tuesday (SMB vulnerability) |
Patch quickly; enforce SMB signing; check legacy compatibility; audit SMB usage. |
|
Malware Email related to U.S.–China trade talks |
Train staff; use email-validation tools; limit administrative privileges; scan attachments. |
|
JLR Attack & Data Loss |
Assess supplier risk; check your own data protection; ensure response plans in place. |
|
LNER Third-Party Supplier Breach |
Audit vendor contracts and security; prepare breach-response; communicate clearly with affected users. |
|
AI-Driven Threat Trends |
Review open-source dependencies; monitor emerging zero-day news; ensure cyber insurance covers evolving threats. |
Conclusion
This week shows one thing loud and clear that cyber threats are not slowing down and many of them don’t need fancy, high-end tools. A poorly configured SMB service, a weakly protected vendor, or a single unpatched machine is enough to let attackers in. What matters is taking practical steps now:
- Keep up with patches (especially Microsoft’s big fix day) and don’t assume that installing a patch is enough configuration counts.
- Be careful with third-party tools and vendors. If they get breached, it can affect you too.
- Train people to spot dodgy emails; limit who has admin access; backup critical data.
- If you work with customers, suppliers or sectors where data matters (legal, manufacturing, travel), assume somebody’s always trying to get in and plan accordingly.
- Watch out for new risks: AI-powered tools, zero-days, software supply chains are the front lines now.
If you like, I can pull together this week’s update into a PDF or an email brief for your team. Or I can generate a “SMB action plan” based on your tech stack (Windows, cloud apps, etc.). Which would be more useful?