Top stories.
- Jaguar Land Rover reports a 43% drop in wholesale volumes following September cyberattack.
- Taiwan says China's attacks on its energy infrastructure increased tenfold last year.
- Attackers are exploiting a critical flaw affecting discontinued D-Link devices.
Jaguar Land Rover reports a 43% drop in wholesale volumes following September cyberattack.
Jaguar Land Rover (JLR) has released sales results for its fiscal third quarter that ended December 31st, revealing the impact of a disruptive cyberattack the company sustained at the beginning of September 2025. The company's wholesale volumes fell by 43% year-on-year, and were down 10.6% compared to the previous quarter. The company stated, "Production returned to normal levels only by mid‑November post the cyber incident. Due to this and also the time required to distribute vehicles globally once produced, wholesale and retail volumes reduced on a quarter‑on‑quarter and year‑on‑year basis."
Tata Motors, which owns JLR, estimated that the attack cost at least £1.8 billion ($2.35 billion). The Register notes that the Bank of England cited the attack as a factor in slowing the UK's economic growth in calendar Q3.
Taiwan says China's attacks on its energy infrastructure increased tenfold last year.
A report from Taiwan's National Security Bureau claims that Chinese attacks on Taiwan's energy sector increased by 900% in 2025 compared to the previous year, BleepingComputer reports. Many of the attacks were carried out when energy companies deployed software updates, allowing the attackers to inject malware. The report states, "[W]hen Taiwan's energy companies carry out software upgrades, Chinese hackers would take the opportunity to implant malware into their systems, so as to keep track of the operational planning of Taiwan's energy sector concerning operational mechanisms, material procurement, and establishment of backup systems."
Attackers are exploiting a critical flaw affecting discontinued D-Link devices.
Threat actors are exploiting a critical flaw in discontinued D-Link gateway devices that can allow unauthenticated attackers to achieve remote code execution, SecurityWeek reports. The flaw (CVE-2026-0625) is "a command injection vulnerability in the dnscfg.cgi endpoint due to improper sanitization of user-supplied DNS configuration parameter."
The vulnerability affects devices that reached end-of-support more than five years ago, and no patches are forthcoming. D-Link advises customers to retire these devices and replace them with newer models that receive regular updates.
