The latest cybersecurity headlines reveal a critical threat convergence, as sophisticated attacks directly impacting global infrastructure while cloud environments and enterprise networks are simultaneously compromised by zero day exploits.
This week, major European travel was thrown into chaos as a cyberattack on a single vendor, Collins Aerospace, crippled check-in systems across multiple international airports. We’ll examine this potent supply chain risk alongside the sheer scale of the digital battlefield, highlighted by Cloudflare blocking a record-breaking 22.2 Tbps DDoS attack.
Furthermore, immediate action is required as hackers are actively exploiting flaws in critical software, including a Cisco zero day in IOS/IOS XE and an SSRF vulnerability in Pandoc being used to steal AWS credentials.
Finally, federal charges against members of the Scattered Spider syndicate underscore the lucrative, human factor tactics driving cybercrime, revealing over $115 million in illicit ransom payments.
Read the full breakdown below to understand these key threats and learn how to protect your assets now.
Cyberattack on Collins Aerospace Disrupts European Airport Systems
A cyberattack targeting Collins Aerospace, a major provider of check-in and boarding systems, caused significant disruptions across major European airports, including Heathrow, Brussels and Berlin.
The attack knocked electronic check-in and baggage handling systems offline, forcing airlines to revert to the inherently slower and less efficient manual procedures at major international travel hubs.
The incident highlights a severe supply chain risk, as an attack on one vendor immediately crippled core passenger services across multiple facilities. The parent company RTX confirmed a “cyber-related disruption” and mitigation efforts are ongoing.
View SourceHackers Exploit Pandoc SSRF Flaw to Steal AWS Credentials
Security firm Wiz has observed active exploitation of CVE 2025 51591, a Server Side Request Forgery (SSRF) vulnerability in the document converter Pandoc.
Attackers use crafted tags in HTML files to target the AWS Instance Metadata Service (IMDS) on EC2 hosts, allowing them to harvest temporary IAM credentials and escalate access to other AWS resources. Attack success is mitigated when IMDSv2 is enforced, as this version requires a mandatory session token for metadata access, thereby thwarting blind SSRF attempts.
To mitigate the risk posed by CVE 2025 51591 in cloud environments, it is recommended to disable iframe rendering (-f html+raw_html), or utilise the –sandbox option.
View SourceExposed Docker Daemons Fuel “ShadowV2” DDoS Botnet
A sophisticated DDoS for hire infrastructure, dubbed ShadowV2, is leveraging improperly secured Docker interfaces to launch high volume attacks. Attackers scan for exposed Docker API interfaces often found open on port 2375 to spin up generic containers.
This misconfiguration effectively grants them root level access to the host environment, which is then used to deploy attack toolsets for powerful DDoS floods (including HTTP/2 and Cloudflare UAM bypasses).
The campaign underscores the acute risk of exposing container management APIs to the public internet.
View SourceCloudflare Blocks Record Breaking 22.2 Tbps DDoS Attack
Cloudflare successfully mitigated a record DDoS attack that peaked at an unprecedented 22.2 terabits per second (Tbps) and 10.6 billion packets per second (Bpps).
The attack lasted only about 40 seconds, demonstrating the speed and colossal scale of modern DDoS threats. This is the largest volumetric assault the company has ever handled, automatically mitigated without manual intervention.
View SourceCisco Patches Actively Exploited SNMP Subsystem Zero Day
Cisco has released a critical fix for CVE 2025 20352, an actively exploited zero-day vulnerability in the SNMP subsystem of IOS and IOS XE software.
While low privileged attackers can trigger a Denial of Service (DoS) condition, those with higher credentials can escalate the flaw to root code execution.
Cisco has noted there are no viable workarounds and upgrading to the patched releases is strongly urged immediately. Limiting SNMP access to trusted hosts is only a temporary interim mitigation.
View SourceFeds Link Scattered Spider Duo to $115M in Ransom Payments
U.S. prosecutors have officially tied two alleged members of the cybercrime syndicate Scattered Spider to $115 million in ransom payments collected from victims between 2022 and 2025.
The charges allege their involvement in hacking campaigns against major U.K. retailers and U.S. healthcare entities, using deep exploitation of human factor threats like SIM-swapping, phishing and social engineering to scale their attacks.
View SourceThe convergence of infrastructure supply chain attacks signifies a critical threat where distinct security risks intersect, leading to a much broader and more damaging impact on an organisation’s core operations.
In the context of the blog, this means that a single attack is not limited to one system but rather exploits the interconnectedness of foundational systems:
-
Supply Chain Vulnerability: The breach originates by leveraging the trust placed in a third party vendor (e.g., Collins Aerospace, Pandoc or npm packages) or an external partner.
-
Infrastructure Impact: The successful initial breach immediately causes systemic failure or access to critical operational technology (OT), enterprise networks or cloud environments (e.g. airport check-in servers, AWS EC2 hosts, Cisco networking gear).
Simply put, the risk is no longer just “What if our server is hacked?” but “What if a vendor we rely on for a critical service is hacked and that breach immediately cripples our entire operation?” This concept is central to the disruptive nature of the Collins Aerospace attack and the dangerous escalation seen with the Pandoc flaw.
Don’t get caught off guard. Get in touch with our team today to learn how our dedicated Infrastructure and Cloud Penetration Testing services can help you navigate these complex threats and secure your digital future.