Featured Story

Airport Chaos Shows Human Impact of 3rd-Party Attacks

Summary

Major EU airports such as Heathrow were disrupted over the weekend after a cyberattack hit the provider of check-in kiosk software. The disruption began on 19 September 2025 and quickly spread across the weekend of 20–21 September.

Airports were forced to fall back on manual operations. Airline staff were handwriting boarding passes and manually checking in passengers.

The root cause lies in a third-party vulnerability within Collins Aerospace’s (RTX subsidiary) cloud-based Muse software for check-ins. The attack disrupted backend operations, forcing systems offline.

It appears to be ransomware-style in nature. Heathrow, Berlin, and Brussels airports have all been affected, resulting in flight cancellations and delays.

Other News

Cisco warns of ASA firewall zero-days exploited in attacks

Summary

The first one (CVE-2025-20333) allows authenticated, remote attackers to execute arbitrary code on devices running vulnerable Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) software, while the second (CVE-2025-20362) enables remote attackers to access restricted URL endpoints.

Cisco patched two zero-days in ASA and FTD, CVE-2025-20333 and CVE-2025-20362, that were exploited by the same threat actor behind the ArcaneDoor campaign, UAT4356.

Apple goes public and pressures EU to repeal landmark Digital Markets Act

Summary

US tech giant Apple has formally asked the European Union (EU) to repeal the Digital Markets Act (DMA), its landmark digital competition law, saying that the legislation poses security risks and hurts consumers.

Mostly, though, it hurts Apple’s business model. The iPhone maker said that EU users are experiencing delays in new features and facing increased privacy and security risks due to the DMA.