Major Cyber Attacks Disrupt Airports and Target Luxury Brands

A series of significant cyber attacks have recently disrupted operations across multiple sectors, impacting several major European airports and luxury fashion brands. On September 22, 2023, it was reported that airports including Heathrow, Berlin, Brussels, Dublin, and Cork faced severe operational disruptions due to a cyber incident affecting the electronic check-in and baggage drop systems powered by Collins Aerospace’s MUSE software. These disruptions resulted in flight delays, cancellations, and diversions, prompting affected airports to advise passengers to reconfirm their travel arrangements.

In a separate incident, luxury brands Gucci, Balenciaga, and Alexander McQueen experienced a data breach that exposed the personal information of potentially millions of customers globally. The breach involved the theft of names, email addresses, phone numbers, physical addresses, and purchase totals, while financial details such as credit card information remained secure. The cybercriminal group Scattered Lapsus$ Hunters claimed responsibility for this attack.

Widespread Cyber Threats Across Industries

In another notable incident, Google confirmed a cyber attack that allowed hackers to create a fraudulent account within its Law Enforcement Request System. Although no official data requests were made and no user data was accessed, the incident raised alarms about potential unauthorized access and impersonation risks, with the same group, Scattered Lapsus$ Hunters, claiming the attack.

Hotels in Brazil and other regions have also been targeted by cyber attackers, who stole guest payment card data from front-desk systems using phishing-delivered malware. The attacks were attributed to the RevengeHotels group, employing VenomRAT for credential theft, remote access, and data exfiltration, compromising travelers’ financial information.

Adding to the list of victims, the venture capital firm Insight Partners fell prey to a ransomware attack that led to the exfiltration of data and encryption of servers. This breach affected over 12,657 individuals, compromising sensitive banking and tax information, personal data of current and former employees, and details related to limited partners and portfolio management.

Furthermore, American jewelry company Tiffany & Co. reported a data breach involving unauthorized access to its systems, resulting in the theft of customer personal data and gift card details, including names, postal and email addresses, and sales data.

Emerging Vulnerabilities and Security Measures

Security incidents were not limited to attacks, as vulnerabilities have also emerged. Fortra disclosed a maximum severity vulnerability, CVE-2025-10035, affecting its GoAnywhere Managed File Transfer software. This flaw could enable remote command injection if exploited, posing significant risks to system security.

A critical authentication bypass vulnerability in the Case Theme User WordPress plugin allowed unauthenticated attackers to access arbitrary user accounts, including administrative ones. This flaw saw over 20,900 blocked attempts in the wild, indicating widespread exploitation potential.

In response to these threats, Google released a security patch addressing four vulnerabilities in its Chrome browser, including CVE-2025-10585, a high-severity type confusion vulnerability in the V8 engine. Given that an exploit for this vulnerability already exists, it underscores the urgency for users to update their systems promptly.

Research from Check Point Research highlighted the emergence of sophisticated cyber campaigns. One such campaign, called ClickFix, utilized fake job offers to deploy malicious software, including a Rust Loader and PureHVNC RAT, across an eight-day intrusion. Additionally, the study revealed collaboration between Russian threat actors Turla and Gamaredon, who employed a range of tools to target systems in Ukraine.

As cyber threats continue to evolve, organizations are urged to enhance their cybersecurity measures and remain vigilant against potential attacks. The recent incidents underscore the necessity for robust defenses to protect sensitive data and maintain operational integrity across various sectors.