The first story in this month’s list covered the breadth of attacks. However at the top list, Critical Infrastructure continues to be the top target worldwide with Healthcare getting most attention. Here are a list of other areas that have made the headlines in just a few days in mid-September:

1. Jaguar Land Rover Hack Disrupts Global Manufacturing. A major cyberattack has crippled Jaguar Land Rover (JLR), shutting down production at its global manufacturing sites (except China). The attack was detected in late August 2025 and caused massive supply chain disruptions. The UK government is in talks with JLR.
2. Cyberattack on European Airports via Collins Aerospace’s MUSE Software. Major airports in Europe (Heathrow, Berlin Brandenburg, Brussels) had their check-in and boarding systems disrupted because of a cyberattack targeting MUSE software by Collins Aerospace, leading to delays and cancellations.
3. Sweden Breach: 1.5 Million People Affected. The Swedish IT provider Miljodata was hacked, leaking data for ~1.5 million people (~15% of Sweden’s population). Authorities are investigating the severity and sensitivity of the leak.
4. Unpatched Novakon HMI Vulnerabilities. Novakon industrial HMI devices have unpatched RCE and info exposure vulnerabilities. These affect OT systems and pose significant risk to critical infrastructure.
5. Scattered Spider / Shiny Hunters Arrests & Continued Activity. UK authorities arrested teens tied to Scattered Spider. Despite arrests, the groups remain partially active, continuing to target enterprises and infrastructure.
6. Last but not least, A Chinese-backed botnet targeted U.S. & Taiwanese Critical Infrastructure via 200,000 infected devices. Read the full story. on Sentinel One.
7. Except there’s always one more story!. This time, attacks on Collins Aerospace software that provides checkin and bagage handling for multiple European airports . At London’s Heathrow, 90% of flights were delayed. Similar problems happened in Dublin, Brussels and Berlin. Apparentl, the problem is going to take many days to sort out. There was one arrest in the UK relating to this ransomware attack but the person concerned was released on bail! (good grief)

Let’s start with the numbers. If two billion downloads PER WEEK of software infected with malware has your attention the next questions after “What? Say that again!” might be: 1. What software? 2. What damage does it cause? 3. Am I infected? 4. Has it been fixed? 5. How could this possibly be true?”
The answers are:
1. What software? Surprisingly, nobody knows for sure but it could be in the hundreds or thousands. However, during the period between the infection and discovery there were fifty million downloads of the infected code PER DAY.
2. What damage does it cause? The malware was designed to steal cryptocurrency from your wallet without you knowing how or why your wallet is empty.
3. Am I infected? Maybe you were, maybe not. There is definitely no one answer, nobody knows.
4. Is it fixed? Yes, the open-source code has been fixed but software that contains the malware and you have on your systems, may be not or not updated yet, particularly as such software may not even be supervised!
5. How could this have possibly happened? The answer below shows how we have all trusted open-source software..

Here’s the story. For the last 20+ years, small open-source public code “Packages” have been downloaded typically from GitHub and included in thousands of software apps. Nobody thinks twice about them – or likely even the developers don’t know about them, since there are nested dependencies with one package being used by a thousand+ other packages usually blindly without continually verifying – as Zero Trust teaches us.
When the systems that include them detect an updated version of these packages, the software automatically updates itself, with no-one realizing it. Maybe the code is just is a part of Visual Studio developer release, a web site plug-in auto-update, network system software, user application update or even an OS update. That infected software is then distributed automatically. This is how pervasive the problem is and how it got to two billion downloads! The term “Package” is used to mean useful pieces of code that can be downloaded and are usually free and speed up dogtware development.

How did the infections occur? A new phishing attack caught out a number of developers and maintainers of such open-source code. Oh, and this was not just one package or one victim. This happened to eighteen packages before it was detected! It’s difficult to say how long the impact will be felt.

The lessons to be learned. 1. Never trust, always verify. 2. Supply chains are a perilous and recursive part of our lives. Big thanks to Steve Gibson of Security Now whose podcast brought this to our attention.

OpenAI has written a blog and published a paper admitting that LLM “hallucinations” —providing false answers as the truth — are not random bugs but the result of misaligned incentives (which is double-speak for poor coding).

Models have been rewarded for sounding correct, not for admitting uncertainty (more double-speak for questionable marketing). This has had AI agents to guess even when unsure (double-speak for not having sufficient context and taking a trial-and-error approach).

Larger models only make it worse, presenting errors more persuasively, which has wasted millions of human hours and eroded trust. OpenAI has now acknowledged what many suspected: it has not delivered on its promise.

Here’s the shift: OpenAI and others are trying to reward truthfulness and uncertainty — letting models abstain, use retrieval tools for fact-checking, and add confidence scores.

They claim this will sharply cut hallucinations. But they miss the bigger point: when there’s uncertainty, AI should ask users for more context. My experience is that dialogue, not guessing, is what eliminates false assumptions. It’s the human’s responsibility to make this happen by asking better, more complete questions.

OpenAI takeaway: “Realigning incentives could turn AI from persuasive guessers into trustworthy reasoning tools.” Personally, I can’t wait.

It had to happen; we all knew it. A week ago, Slovakian-based IT security software and services company ESET, claims to have “uncovered a new type of ransomware” leveraging GenAI, named PromptLock that generates malicious scripts.  Acting autonomously, PromptLock decides which files to search, copy, or encrypt using APIs to access a locally installed AI agent. Click here for the full story.
Of course, this may be bringing smiles to the faces of other threat actors who have no doubt been conducting similar attacks for some time.But wait … there’s a twist! It turns out that ESET didn’t discover anything! The whole “PromptLock” malware was an experiment by NYU’s Tandon School of Engineering who confirmed that they created the code as part of a project meant “to illustrate the potential harms of AI-powered malware.” The good news is that this academic exercise was just that – a funded exercise. Cornell University actually published a paper on the reseach project on Rutgers University repository – on the same day that the ESET article was publishe! Phew! Cyberscoop brought all of this to light.

But wait, there’s another twist. Hasn’t this published research created a free blueprint for hackers to copy or develop something similar – or add to what they were already developing? If that is so then it all sounds like a serious mistake that the US taxpayer just funded. (Good grief!). Oh, and I am sending some paper towels to ESET so that they can wipe the egg off their face.

The alarming trend seen across the latest stories on cybersecurity is attacks on the fabric of society. No longer are selected high profile targets such as large enterprises, healthcare insurance companies, and software companies being targeted. The latest collection of alarms and warnings describe wholesale attacks on state and municipal government disruptions large and small, on all of the sixteen areas of critical infrastructure with financial and healthcare institutions being leading targets.

A year ago, the message was for all organizations was that “we are at war.” Now it seems that the enemy has landed in your community at a time when government security agencies are being disrupted and politicized.
The lesson to be learned is that every organizaition and indeed everybody needs get defense against these attacks at the top of the list, now.