Jaguar Land Rover "severely disrupted" by cyberattack.

Summary

By the CyberWire staff

Jaguar Land Rover "severely disrupted" by cyberattack.

Jaguar Land Rover (JLR) sustained a cyberattack over the weekend that disrupted its retail and manufacturing operations. The automobile manufacturer said in a brief statement, "We took immediate action to mitigate its impact by proactively shutting down our systems. We are now working at pace to restart our global applications in a controlled manner. At this stage there is no evidence any customer data has been stolen but our retail and production activities have been severely disrupted."

The company hasn't disclosed the nature of the attack, but SecurityWeek notes that the company's response suggests ransomware may have been involved. The BBC reports that JLR shut down vehicle production at its two main UK plants following the incident. The BBC points out that the attack took place the day before new registration plates became available on September 1st, which may have been intentional on the part of the attackers.

Control what runs in your environment. Reduce your attack surface.

ThreatLocker helps organizations reduce risk by allowing trusted applications to run while limiting their access to only the resources they need. It’s a straightforward, default deny approach that gives you more control and visibility—without slowing down operations. Explore how ThreatLocker can help simplify your security strategy.

Cloudflare impacted by Salesloft Drift breach.

Cloudflare has disclosed that it was affected by the Salesloft Drift breach, resulting in attackers exfiltrating data from the company's Salesforce instance. The company stated, "Most of this information is customer contact information and basic support case data, but some customer support interactions may reveal information about a customer's configuration and could contain sensitive information like access tokens. Given that Salesforce support case data contains the contents of support tickets with Cloudflare, any information that a customer may have shared with Cloudflare in our support system—including logs, tokens, or passwords—should be considered compromised, and we strongly urge you to rotate any credentials that you may have shared with us through this channel."

DMV Rising, D.C.’s Premier Conference for Cyber Execs.

The Washington, D.C. Maryland, and Virginia (DMV) region has established itself as a top-tier player in the global cyber industry. Join us on September 18, 2025 to celebrate the remarkable accomplishments of the DMV's cybersecurity community, connect with the brilliant minds shaping the future of the field, and experience firsthand why the DMV region is the beating heart of cyber innovation. Register now to secure your spot.

CISA names Nicholas Andersen as Executive Assistant Director of Cybersecurity.

The US Cybersecurity and Infrastructure Security Agency (CISA) has appointed Nicholas Andersen as Executive Assistant Director of Cybersecurity, CyberScoop reports. Andersen most recently served as President and COO at Invictus International Consulting, and held posts in the Department of Energy’s Cybersecurity, Energy Security, and Emergency Response division under the first Trump administration.

CyberScoop notes that CISA's Executive Assistant Director of Cybersecurity role has "seen swift turnover in the past year," and was previously held by Chris Butera in an acting capacity.

Notes.

Today's issue includes events affecting , and the United Kingdom the United States.

Attacks, Threats, and Vulnerabilities

Cloudflare and Palo Alto Networks Victimized in Salesloft Drift Breach (Infosecurity Magazine) Cloudflare has notified customers that hackers may have accessed their data as part of the Salesloft Drift campaign

Hackers breach fintech firm in attempted $130M bank heist (BleepingComputer) Hackers tried to steal $130 million from Evertec's Brazilian subsidiary Sinqia S.A.after gaining unauthorized access to its environment on the central bank's real-time payment system (Pix).

Technologies, Techniques, and Standards

CISA, NSA, and Global Partners Release a Shared Vision for Software Bill of Materials (SBOM) Guidance (Cybersecurity and Infrastructure Security Agency CISA) This joint guidance highlights the benefits of SBOM adoption for software producers, purchasers, operators, and national security organizations.

Litigation, Investigation, and Law Enforcement

ICE obtains access to Israeli-made spyware that can hack phones and encrypted apps (The Guardian) Trump administration contract with Paragon Solutions gives immigration agency access to one of the most powerful stealth cyberweapons

Industry Events

For a complete running list of events, please visit the Event Tracker.

Events

DMV Rising '25 (Washington, DC, USA, Sep 18, 2025) Join us on September 18, 2025 to celebrate the remarkable accomplishments of the DMV's cybersecurity community, connect with the brilliant minds shaping the future of the field, and experience firsthand why the DMV region is the beating heart of cyber innovation. Register now to secure your spot.

HackAICon 2025 (Lisbon, Portugal, Sep 25, 2025) The first conference dedicated to combining AI and Ethical Hacking. We're bringing together OffSec pros, hackers, and leading researchers to find practical ways of using AI to secure the internet. Learn about the latest AI Hacking cosmic trends and connect with fellow professionals in engaging conversations. We banned sales pitches from the event - just knowledge sharing, leadership and technical insights.

Don’t miss Jen Easterly, former CISA Director, headlining HIP Conf 25 (Charleston, SC, USA, Oct 7 - 9, 2025) Jen Easterly, former CISA Director, keynotes HIP Conf 2025. A globally recognized cybersecurity leader, Easterly brings unmatched insight into hybrid identity security and resilience. Register now for this must-attend event.

Uniting Women in Cyber 2025 (Crystal City, Virginia, USA, Oct 9, 2025) UWIC is the premier event for cybersecurity leaders, professionals, and aspiring practitioners. Connect with a vibrant community focused on emerging global trends, technological advancements, and workforce development. Attend UWIC 2025 to learn, share ideas, and expand your professional network!

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.

Daily Briefing for 09.03.25

Top stories.

Jaguar Land Rover "severely disrupted" by cyberattack.

Cloudflare impacted by Salesloft Drift breach.

CISA names Nicholas Andersen as Executive Assistant Director of Cybersecurity.

Notes.

Attacks, Threats, and Vulnerabilities

Technologies, Techniques, and Standards

Litigation, Investigation, and Law Enforcement

Events