2025-09-20 - Three cybersecurity stories you should not have missed this week
- Alan Wallace
- Sep 20, 2025
- 1 min read
1) Aviation check-ins disrupted across Europe (shared platforms = shared outages)
A cyber incident impacting Collins Aerospace’s MUSE check-in platform triggered delays and cancellations at Heathrow, Brussels, Berlin and more—forcing manual workarounds and exposing aviation’s dependency on third-party SaaS. Confirmed reports and live updates below.
Sources:
AP: https://apnews.com/article/europe-airports-cyberattack-29b6d890baf7ac3a22f0f2b2f169b890 AP News
Reuters (live): https://www.reuters.com/en/cyberattack-causes-flight-delays-cancellations-brussels-airport-2025-09-20/ Reuters
The Independent (live blog): https://www.independent.co.uk/travel/news-and-advice/heathrow-airport-cyber-attack-flights-london-brussels-berlin-live-b2830382.html The Independent
Do now: Inventory mission-critical third-party platforms, run a 24-hour “SaaS-down” tabletop, and validate manual throughput assumptions.
2) Jaguar Land Rover: prolonged factory shutdown (the long tail of a breach)
Production disruptions at JLR continued this week, with deepening supply-chain impact and mounting costs—an object lesson in how quickly “IT incidents” become business outages. Roundups below.
Sources:
Industrial Cyber: https://industrialcyber.co/manufacturing/jaguar-land-rover-cyberattack-deepens-with-prolonged-production-outage-supply-chain-fallout/ Industrial Cyber
Entrepreneur (cost focus): https://www.entrepreneur.com/business-news/jaguar-land-rover-production-shut-down-after-cyberattack/497248 Entrepreneur
Do now: Re-verify RTO/RPO with MSPs and key suppliers; pre-stage financial/ops contingencies for multi-week outages; ensure comms cadence to distributors.
3) Chrome ships another in-the-wild zero-day fix (patch velocity is strategy)
Google patched CVE-2025-10585, the sixth actively exploited Chrome zero-day this year—again targeting the V8 engine. If you’re letting browsers lag, you’re volunteering to be the low-hanging fruit.
Sources:
The Hacker News: https://thehackernews.com/2025/09/google-patches-chrome-zero-day-cve-2025.html The Hacker News
BleepingComputer: https://www.bleepingcomputer.com/news/security/google-patches-sixth-chrome-zero-day-exploited-in-attacks-this-year/ BleepingComputer
Context: CISA KEV recent adds (trendline): https://www.cisa.gov/news-events/alerts/2025/09/11/cisa-adds-one-known-exploited-vulnerability-catalog CISA
Do now: Enforce auto-update; set “current minus 1” compliance; block outdated Chromium builds from SSO; verify version drift in device compliance.
Comments