This week’s roundup highlights a range of critical developments, from landmark government action on AI regulation to a series of sophisticated cyberattacks targeting major companies and widely used software.
We’ll delve into the new enforcement bodies for the EU’s AI Act, the fallout from a disruptive cyberattack on Jaguar Land Rover, and the spread of a dangerous self-replicating worm.
Additionally, we’ll cover takedowns of criminal services and the patching of multiple zero-day vulnerabilities in browsers and mobile operating systems, underscoring the constant battle between developers and attackers.
Ireland Appoints Government Agencies to Enforce EU AI Act
Ireland has officially designated several national authorities, including the Data Protection Commission (DPC), the Central Bank of Ireland, and the Health and Safety Authority (HSA), to enforce the EU Artificial Intelligence (AI) Act. This move marks a critical step as the landmark legislation moves towards full operation. These agencies will oversee compliance within their respective sectors, with the government planning to establish a National AI Office by August 2026 to act as a central coordinator.
The Act, active since August 2024, bans AI systems that pose an unacceptable risk and imposes strict rules and transparency requirements on high-risk applications. For example, systems used in critical infrastructure, employment and law enforcement will need to undergo a conformity assessment before being used.
Non-compliance can lead to severe penalties, with the most serious violations such as deploying a prohibited AI system, carrying fines of up to €35 million or 7% of a company’s global annual turnover, whichever is higher.
View SourceJaguar Land Rover Factory Shutdown After Cyberattack
Following a cyberattack discovered at the end of August, Jaguar Land Rover (JLR) has extended its production shutdown until at least September 24, 2025. The disruption has idled about 33,000 direct employees and has impacted a further 104,000 workers in the UK supply chain.
The company confirmed that “some data” was stolen, though it has yet to clarify whether customer or supplier information was compromised. JLR’s return to production will be “controlled” and gradual as forensic investigations continue.
View SourceSelf-Replicating Worm Hits 40+ npm Packages
A new supply chain attack, dubbed the Shai-Hulud campaign, has compromised over 40 npm packages and potentially hundreds more.
The attack injects a malicious module (bundle.js) that infects downstream dependencies. The worm modifies its own package.json file, republishes itself and then runs a script to scan developer machines for secrets using the tool TruffleHog. Captured credentials include GitHub tokens, npm tokens and AWS keys.
Developers are urged to audit their projects, remove affected package versions and rotate all exposed credentials.
View SourceMicrosoft & Cloudflare Shut Down Phishing as a Service
In a coordinated effort, Microsoft’s Digital Crimes Unit and Cloudflare have dismantled RaccoonO365, a subscription based phishing as a service (PhaaS) platform.
Run by the group Storm-2246, the service has stolen over 5,000 Microsoft credentials across 94 countries since July 2024. The attackers used convincing emails that mimicked official communications from Microsoft, DocuSign, and SharePoint.
The operation featured tiered pricing and offered tools for bypassing email filters, highlighting the professionalisation of cybercrime.
View SourceGoogle Patches Sixth Chrome Zero Day of 2025
Google has addressed CVE 2025 10585, a type confusion vulnerability in the Chrome V8 JavaScript and WebAssembly engine that has been confirmed to be exploited in the wild, making it the sixth such zero day in Chrome this year.
Discovered by Google’s Threat Analysis Group on September 16th, 2025, the flaw could allow attackers to corrupt memory and execute arbitrary code via crafted web content.
Google recommends users update to Chrome version 140.0.7339.185 / .186 on Windows and macOS and 140.0.7339.185 on Linux to ensure protection.
View SourceApple Backports Fix for Sophisticated Spyware Attacks
Apple has backported a fix for CVE 2025 43300, a zero day vulnerability in its ImageIO framework that has been exploited in “extremely sophisticated” spyware campaigns. The flaw, an out of bounds write, allows for memory corruption via malicious image files.
The fix, which was initially released for newer devices, has now been extended to older models through patches for iOS 15.8.5, 16.7.12 and their respective macOS versions. This vulnerability was reportedly chained with a flaw in WhatsApp to carry out the attacks.
View Source“FileFix” Phishing Attack Goes Global
A new and sophisticated phishing campaign using the FileFix technique has rapidly scaled worldwide, featuring convincing phishing emails, heavily obfuscated code and embedded payloads via steganography.
The attack lures users with fake alerts (e.g. impersonating Facebook), asks them to upload a file, then tricks them into entering commands into File Explorer which indirectly executes PowerShell code. An embedded script hidden inside a JPG image carries a second payload, StealC, that targets browser data, crypto wallets, VPNs and cloud services.
The campaign is multilingual (16+ languages) and spans numerous countries, underlining how quickly these social engineering methods are being weaponised after proof of concepts emerge.
View SourceThe headlines from this past week ranging from state level AI regulation to global cyberattacks and the rapid patching of zero day vulnerabilities, paint a clear picture that the digital landscape is more complex and volatile than ever.
Navigating this volatile environment requires a proactive and strategic approach. It is critical for leadership to implement robust security frameworks that go beyond simple patching to encompass supply chain integrity, automated threat detection, and comprehensive employee training.
By prioritising investments in these areas, your organisation can build resilience against evolving threats and ensure compliance with new regulations like the EU AI Act. This proactive stance not only mitigates risk but also protects your company’s operational continuity and long-term reputation.
Don’t get caught off guard. Contact our expert team at Secora Consulting for a free consultation to discuss your specific cybersecurity needs.