Bridgestone discloses disruptive cyberattack.

Summary

By the CyberWire staff

Bridgestone discloses disruptive cyberattack.

Tire manufacturing giant Bridgestone has disclosed that its North American arm was hit by a cyberattack that impacted operations, BleepingComputer reports. Disruptions were reported at two manufacturing plants in Aiken County, South Carolina, and one facility in Joliette, Quebec. The company hasn't disclosed the nature of the attack, but the impact and response suggest ransomware was involved.

A Bridgestone spokesperson told BleepingComputer, "Bridgestone Americas continues to investigate a limited cyber incident impacting some of our manufacturing facilities. Our team responded quickly to contain the issue in keeping with our established protocols. While our forensic analysis is ongoing, we remain confident that we were able to contain this limited cyber incident early. We do not believe any customer data or interfaces were compromised."

Control what runs in your environment. Reduce your attack surface.

ThreatLocker helps organizations reduce risk by allowing trusted applications to run while limiting their access to only the resources they need. It’s a straightforward, default deny approach that gives you more control and visibility—without slowing down operations. Explore how ThreatLocker can help simplify your security strategy.

APT28 malware uses Outlook for command-and-control.

Kroll has published a report on a strain of malware dubbed "GONEPOSTAL" that's being used in an espionage campaign by KTA007 (widely known as "Fancy Bear" or "APT28," a threat actor attributed to Russia's Main Intelligence Directorate (GRU) Unit 26165). The malware "consists of a dropper DLL and an obfuscated, password-protected VbaProject .OTM file, which houses macros written for Microsoft Outlook." These macros allow the malware to backdoor Outlook in order to use email communication for command-and-control.

Kroll notes, "While Outlook-based persistence is not new, and has been observed before from KTA488 (aka APT32), GONEPOSTAL is not a commonly seen tactic; and many may not have alerts tuned regarding behavior of the VbaProject .OTM files nor the registry edits which enable the macros to be loaded from the OTM file at Outlook launch."

DMV Rising, D.C.’s Premier Conference for Cyber Execs.

The Washington, D.C. Maryland, and Virginia (DMV) region has established itself as a top-tier player in the global cyber industry. Join us on September 18, 2025 to celebrate the remarkable accomplishments of the DMV's cybersecurity community, connect with the brilliant minds shaping the future of the field, and experience firsthand why the DMV region is the beating heart of cyber innovation. Register now to secure your spot.

Texas sues PowerSchool over December 2024 breach.

The state of Texas has filed a lawsuit against education software provider PowerSchool over a December 2024 data breach that exposed information belonging to 62 million students, including more than 880,000 Texans, the Record reports.

Texas Attorney General Ken Paxton said in a press release, "[T]he company failed to implement even the most basic security features, including multi-factor authentication, adequate access controls, and proper data encryption." Paxton added, "PowerSchool’s failures violate both the Texas Deceptive Trade Practices Act and the Identity Theft Enforcement and Protection Act by misleading customers about its security practices and failing to take reasonable measures to protect sensitive information entrusted by Texas families and school districts."

Notes.

Today's issue includes events affecting , and Russia the United States.

Attacks, Threats, and Vulnerabilities

CISA orders federal agencies to patch Sitecore zero-day following hacking reports (The Record) After the notices from Sitecore and Mandiant on Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its exploited bugs catalog, giving all federal civilian agencies three weeks to patch it.

Unknown miscreants snooping around Sitecore via sample keys (The Register) You cut and pasted the machine key from the official documentation? Ouch

Bypassing Claude Code: How Easy Is It to Trick an AI Security Reviewer? (Checkmarx) Anthropic recently announced an LLM-based security review capability for their Claude Code AI code assistant.

Products, Services, and Solutions

The ROI of AI 2025 (Google Cloud) How agents are unlocking the next wave of AI-driven business value.

Technologies, Techniques, and Standards

US and 14 Allies Release Joint Guidance on Software Bill of Materials (Infosecurity Magazine) The joint guidance is a welcome first step towards a common, global adoption of SBOMs, experts argued

Litigation, Investigation, and Law Enforcement

Google hit with $425 million verdict in privacy class action suit (The Record) A federal jury awarded plaintiffs suing Google $425 million in damages, holding that by collecting the data of users who had switched off an app activity-tracking feature, the tech giant invaded the privacy of millions.

Texas sues PowerSchool over breach exposing 62M students, 880k Texans (BleepingComputer) Texas Attorney General Ken Paxton has filed a lawsuit against education software company PowerSchool, which suffered a massive data breach in December that exposed the personal information of 62 million students, including over 880,000 Texans.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Events

DMV Rising '25 (Washington, DC, USA, Sep 18, 2025) Join us on September 18, 2025 to celebrate the remarkable accomplishments of the DMV's cybersecurity community, connect with the brilliant minds shaping the future of the field, and experience firsthand why the DMV region is the beating heart of cyber innovation. Register now to secure your spot.

HackAICon 2025 (Lisbon, Portugal, Sep 25, 2025) The first conference dedicated to combining AI and Ethical Hacking. We're bringing together OffSec pros, hackers, and leading researchers to find practical ways of using AI to secure the internet. Learn about the latest AI Hacking cosmic trends and connect with fellow professionals in engaging conversations. We banned sales pitches from the event - just knowledge sharing, leadership and technical insights.

Don’t miss Jen Easterly, former CISA Director, headlining HIP Conf 25 (Charleston, SC, USA, Oct 7 - 9, 2025) Jen Easterly, former CISA Director, keynotes HIP Conf 2025. A globally recognized cybersecurity leader, Easterly brings unmatched insight into hybrid identity security and resilience. Register now for this must-attend event.

Uniting Women in Cyber 2025 (Crystal City, Virginia, USA, Oct 9, 2025) UWIC is the premier event for cybersecurity leaders, professionals, and aspiring practitioners. Connect with a vibrant community focused on emerging global trends, technological advancements, and workforce development. Attend UWIC 2025 to learn, share ideas, and expand your professional network!

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.

Daily Briefing for 09.05.25

Top stories.

Bridgestone discloses disruptive cyberattack.

APT28 malware uses Outlook for command-and-control.

Texas sues PowerSchool over December 2024 breach.

Notes.

Attacks, Threats, and Vulnerabilities

Products, Services, and Solutions

Technologies, Techniques, and Standards

Litigation, Investigation, and Law Enforcement

Events