Top stories.
- JLR cyberattack had a material impact on the UK's economy.
- US Congressional Budget Office breached by suspected foreign threat actor.
- Russia's Sandworm launches wiper attacks against Ukraine's grain sector.
- Cisco patches two critical flaws in its UCCX software.
- China sentences scam kingpins to death.
- Alleged Jabber Zeus developer extradited to the US.
JLR cyberattack had a material impact on the UK's economy.
The Bank of England cited a September cyberattack on Jaguar Land Rover (JLR) as a contributor to the country's slowed GDP growth in Q3 2025. The Register notes that "[t]his is thought to be the first case in which a cyberattack has caused material economic and fiscal harm to the UK." The attack shut down production at JLR's factories and affected thousands of British companies across the supply chain. The company likely won't be fully operational until early next year, and analysts estimate that the attack could end up costing more than £2 billion (US$2.6 billion).
Separately, British retailer Marks & Spencer has disclosed that its profits in the first half of the year were nearly wiped out due to a cyberattack the company sustained in April, the BBC reports. The company's profits fell 99% from £391.9m to £3.4m in the first half of 2025 compared to 2024. M&S CEO Stuart Manchin said he expects profits to recover over the Christmas season, but warns that UK economic turmoil may worsen these results regardless. The BBC cites an analyst who pointed out a reassuring sign that M&S's core business of homewares and fashion only saw sales drop by about 16%.
US Congressional Budget Office breached by suspected foreign threat actor.
The US Congressional Budget Office (CBO), Congress's nonpartisan fiscal analyst, was breached by a suspected foreign threat actor, the Washington Post reports. The hack may have exposed sensitive financial research data that Congress uses to craft legislation. The threat actor also potentially accessed internal emails, office chat logs, and communications between lawmakers and financial researchers.
A CBO spokeswoman said in a statement, "The Congressional Budget Office has identified the security incident, has taken immediate action to contain it, and has implemented additional monitoring and new security controls to further protect the agency’s systems going forward. The incident is being investigated and work for the Congress continues."
Russia's Sandworm launches wiper attacks against Ukraine's grain sector.
ESET warns that Sandworm, a threat actor linked to Russia's GRU, is deploying wipers against Ukrainian entities in the government, energy, logistics, and grain sectors, with the "likely objective being the weakening of the Ukrainian economy." The grain sector is a notable addition to Sandworm's targeting; ESET notes that grain export is one of Ukraine's primary sources of revenue.
The researchers add, "These destructive attacks by Sandworm are a reminder that wipers very much remain a frequent tool of Russia-aligned threat actors in Ukraine. Although there have been reports suggesting an apparent refocusing on espionage activities by such groups in late 2024, we have seen Sandworm conducting wiper attacks against Ukrainian entities on a regular basis since the start of 2025."
Cisco patches two critical flaws in its UCCX software.
Cisco has patched two critical flaws in its Unified Contact Center Express (UCCX) software, SecurityWeek reports. One of the vulnerabilities (CVE-2025-20354) can allow attackers to achieve remote code execution as root. According to the flaw's description, "An attacker could exploit this vulnerability by uploading a crafted file to an affected system through the Java RMI process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root." The other critical flaw (CVE-2025-20358) "could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissions pertaining to script creation and execution."
Cisco hasn't observed exploitation of the vulnerabilities, but "strongly recommends" that customers upgrade to the fixed versions of the software as soon as possible.
China sentences scam kingpins to death.
A Chinese court has given the death sentence to five individuals accused of running a Myanmar-based scam syndicate near the border of China, the Record reports. The Shenzhen Intermediate People's Court of Guangdong Province sentenced the syndicate's leader Bai Suocheng to death, along with his son Bai Yingcang and three others. More than a dozen other Bai family members and associates were handed lengthy prison sentences.
Suocheng and his son were the former leaders of a militia working for Myanmar's ruling junta, and were known for running infamous forced-labor scam compounds using thousands of trafficked workers, the BBC reports.
Alleged Jabber Zeus developer extradited to the US.
A 41-year-old Ukrainian national, Yuriy Igorevich Rybtsov, was arrested in Italy and extradited to the US on hacking charges, KrebsOnSecurity reports. Mr. Rybtsov was indicted in 2012 for allegedly working as a malware developer for the cybercrime group "Jabber Zeus," which stole tens of millions of dollars from US businesses by adding phony employees to companies' payrolls. Rybtsov is awaiting trial in Nebraska.
