In partnership with

⏱️ Read Time: 10 minutes

📜 Table of Contents

🚨 Major Breaches & Incidents — JLR shutdown recovery, Bridgestone update, St. Paul cyber emergency, K Club ransomware
🛡️ Emerging Threats & Vulns — TP-Link Quad7 botnet, Luno Linux botnet
🎯 Geopolitical Threats — Salt Typhoon intensifies, coalition attribution efforts
🏛️ Policy & Regulation — DHS ISAC funding cuts, Cybersecurity Act push, Qantas exec accountability
⚖️ Cybercrime Accountability — Scattered Spider sentencing, botnet-for-hire crackdown
🧭 Mitigation & Best Practices — How to stay off next week’s recap

🚨 Major Breaches & Incidents

• Jaguar Land Rover Shutdown Recovery Still Painful
  Weeks after ransomware forced Jaguar Land Rover to halt production globally, the company has only partially resumed operations. Controlled recovery is in motion, but industry insiders warn it could take until October to fully stabilize.
  👉 Takeaway: In manufacturing, downtime is as costly as data loss—resilience needs to span OT and IT equally.

• Bridgestone Nears Full Recovery After Cyberattack
  Bridgestone says its U.S. tire plants are almost fully restored after September’s disruption. The company has yet to confirm attribution, but analysts suspect ransomware groups eyeing critical supply chains.
  👉 Takeaway: Quick containment helps, but lack of transparency leaves customers and regulators guessing.

• St. Paul Still Struggling After City Cyber Emergency
  New updates: St. Paul may have “recovered” over a month after ransomware crippled the city, it deployed the National Guard, and had 40+ gigs of data leaked, but now it’s trying to get budget to shore up defenses.
  👉 Takeaway: Local governments need proactive funding—National Guard call-ins shouldn’t be Plan A.

• K Club Resort in Ireland Hit Before Irish Open
  Ransomware gang SafePay breached the luxury K Club resort ahead of hosting the Irish Open, exfiltrating financial and admin records. Perfect timing: nothing like cybercriminals teeing off before the pros.
  👉 Takeaway: High-profile events draw opportunistic attackers—sporting orgs need more than firewalls, they need foresight.
  

🎯 APTs & Critical Infrastructure

• Salt Typhoon Campaign Expands Again
  Salt Typhoon (China-linked APT) has now been tied to 45 previously undiscovered domains dating back to 2020. The FBI warns the campaign has infiltrated telecom and energy sectors across more than 80 nations.
  👉 Takeaway: Salt Typhoon is persistence personified—hunt across historical logs for faint signals of compromise.

• Coalition Names Chinese Companies Behind Cyber Ops
  An unprecedented coalition of allies publicly identified three Chinese firms as enablers of state cyber campaigns. Expect diplomatic blowback—and supply chain ripples for companies tied to these vendors.
  👉 Takeaway: Attribution at this scale isn’t just PR—it’s a signal that supply chain trust is becoming geopolitics.

🛡️ Emerging Threats and Vulns

• TP-Link Routers Drafted into Quad7 Botnet
  Legacy TP-Link Archer and TL-WR routers are being exploited via CVE-2025-9377 to join the Quad7 botnet. Once recruited, they launch password-spraying campaigns against Microsoft 365 accounts worldwide.
  👉 Takeaway: Retire unsupported gear—if your router belongs in a museum, so does its security.

• Linux Botnet “Luno” Combines Crypto Mining & DDoS
  Researchers uncovered “Luno,” a modular Linux botnet that mines crypto, executes DDoS, and dodges analysis with watchdog services. It’s basically a Swiss Army knife for crooks.
  👉 Takeaway: Harden Linux servers, patch fast, and monitor outbound traffic—you may be funding someone else’s Ethereum wallet.

You Don’t Need to Be Technical. Just Informed

AI isn’t optional anymore—but coding isn’t required.

The AI Report gives business leaders the edge with daily insights, use cases, and implementation guides across ops, sales, and strategy.

Trusted by professionals at Google, OpenAI, and Microsoft.

👉 Get the newsletter and make smarter AI decisions.

Lead with AI—no coding needed

🏛️ Policy & Regulation

• DHS Cuts Multi-State ISAC Funding
  DHS will stop funding the Multi-State ISAC after Sept. 30, jeopardizing cyber support for nearly 19,000 state and local governments. For some small towns, this was their only cyber early warning system.
  👉 Takeaway: Public sector cyber resilience is about to weaken—states must fill the void fast.

• Industry Calls to Renew Cybersecurity Information Sharing Act
  13 trade associations are pressing Congress to renew CISA before it expires this month. Without it, liability fears could silence threat intel sharing just as attacks peak.
  👉 Takeaway: Collaboration is a defense multiplier—Congress needs to stop playing chicken with cybersecurity law.

• Qantas Docking Exec Pay After Breach
  Qantas is cutting executive bonuses following a breach that hit more than a million customers. It’s a warning to boardrooms: when you drop customer data, you drop your paycheck too.
  👉 Takeaway: Accountability is contagious—expect more boards to tie cyber failures to financial pain.

⚖️ Cybercrime Spotlight

• Scattered Spider Hacker Gets 10 Years
  Noah “King Bob” Urban was sentenced to a decade in prison for SIM-swap scams draining crypto wallets. In addition to prison, he owes $18M in restitution—good luck mining Bitcoin in federal custody.
  👉 Takeaway: SIM swaps may be cheap attacks, but the legal bill is steep.

• Botnet-for-Hire Operator Indicted
  DOJ charged an Oregon man accused of running a global botnet-for-hire service. Investigators found hundreds of paying “customers” using his infrastructure for DDoS campaigns.
  👉 Takeaway: Botnets are now a subscription model—treat weird traffic spikes like someone’s cyber Netflix binge.

What Smart Investors Read Before the Bell Rings

Clickbait headlines won’t grow your portfolio. That’s why over 1M investors — including Wall Street insiders — start their day with The Daily Upside. Founded by investment bankers and journalists, it cuts through the noise with clear insights on business, markets, and the economy. Stop guessing and get smarter every morning.

Subscribe free today.

🧭 Mitigation & Best Practices

Thanks for reading this week’s edition. Like what you see? Forward it!

Hate everything you see or have other feedback? Reply back to this email!