🚨WK 45: China Buses Remotely Halted, Deutsche Telekom Huawei Gear, Garden Finance Hack Drains Drains $10.8M & India CCTV Breach

This week, attention has sharply turned to the risks posed by foreign technology in critical infrastructure, as authorities in Norway revealed that Chinese-made buses could be remotely halted via built-in control systems. The discovery underscores how supply-chain and vendor hardware can contain hidden vulnerabilities; or intentional “backdoors”; that, if exploited, could disrupt public services and endanger lives. Governments and transit authorities are now grappling with the urgent need to audit, secure, or replace devices that may expose national infrastructure to external manipulation, highlighting the growing intersection of cybersecurity and public safety in the age of connected transportation.

In the Middle East, cyber activity has increasingly blurred the line between political warfare and information operations. The recent leak of employee data from Israeli defense contractor Maya Industries, claimed by pro-Palestinian hackers, highlights how regional tensions are spilling into the digital domain. These operations are no longer limited to defacements or propaganda but now aim to expose, humiliate, and destabilize national industries tied to defense and intelligence. As cyber conflict becomes an extension of geopolitical strategy, security analysts warn that state-aligned groups in the region are intensifying reconnaissance and targeting campaigns’ making the Middle East one of the most dynamic and volatile theaters in global cyber warfare.

💻 Malware and Vulnerabilities

Swedish supply‑chain supplier hit by large breach: A cyber‑attack on Sweden’s IT systems vendor Miljödata exposed personal data of around 1.5 million people and disrupted services in municipalities accounting for ~80% of Swedish local government; regulators are investigating under GDPR. LINK

China‑linked zero‑day exploited in Lanscope flaw: A zero‑day vulnerability in Lanscope was exploited by China-linked actors to gain early access in targeted attacks, highlighting ongoing risks from unpatched enterprise monitoring tools. LINK

Emergency patch issued for Chrome after critical update: Google Chrome received an emergency fix to address exploitable vulnerabilities, underlining the importance of immediate patching for widely used browsers. LINK

Android apps abusing NFC/HCE to steal payment data on the rise: Malicious apps are leveraging Near-Field Communication and Host Card Emulation to steal payment credentials from Android devices, signaling growing threats in mobile contactless payments. LINK

Microsoft Edge expands scareware protection: The Edge browser now deploys Scareware Blocker by default, using local AI models to detect full-screen scam pages before they reach users. LINK

📈 Breaches and Incidents

Garden Finance suffers multi-chain hack: Garden Finance lost over $10.8M in crypto, with on-chain tracking showing 25% of funds tied to illicit transfers. LINK

Hyundai AutoEver America breach exposes sensitive data: The automotive service provider disclosed access to SSNs and driver licenses, raising identity-theft concerns. LINK

India CCTV hack exposes 50,000 clips: 80 CCTV dashboards across 20 states were compromised, with streams sold online, showing gaps in IoT security. LINK

Nikkei breach impacts 17,000 people: The Japanese media company disclosed a Slack breach affecting employees and partners, reinforcing risks in corporate communication tools. LINK

ENISA Threat Landscape 2025 booklet released: The EU agency outlined major breach trends, sector impacts, and guidance for organizations across Europe reporting period for the period of July 2024 to June 2025, based on the analysis of nearly 4,900 curated incidents.. LINK

Poland hit by major cyberattack on loan platform: Hackers exfiltrated user data, highlighting persistent vulnerabilities in emerging EU fintech platforms. LINK

Sandworm hacker campaigns analyzed: A detailed review of state-linked Sandworm activities traces evolving tools and high-profile targets, reminding orgs of nation-state threat persistence. LINK:

🚨 Threat Intel & Info Sharing

Chinese-made buses in Norway can be remotely halted: Norwegian transit authorities discovered that Chinese Yutong buses allow remote access to control systems, raising concerns about embedded backdoors in public infrastructure. LINK

Hackers leak employee identities at Israeli defense contractor Maya: Pro-Palestinian hackers published personal details of Maya Industries staff, along with alleged blueprints, demonstrating the growing role of cyberattacks in regional conflicts. LINK

Datadog Q3 threat roundup: Datadog’s quarterly report outlines the most active threat actors, attack methods, and sectors targeted in Q3 2025, providing critical insights for SOC teams. LINK

Malicious Android apps downloaded 42 million times: Several apps on Google Play masquerading as legitimate tools have installed malware or stolen credentials across tens of millions of devices. LINK

US experts indicted for BlackCat ransomware: Two cybersecurity professionals in the U.S. face charges for allegedly aiding the BlackCat ransomware-as-a-service campaign, highlighting increasing domestic enforcement. LINK

Landfall spyware discovered on Samsung devices: The Unit 42 research team uncovered Landfall spyware targeting Samsung phones, revealing risks for mobile users in sensitive environments. LINK

⚖️ Laws, Policies and Regulations

Germany considers paying Deutsche Telekom to remove Huawei gear: Officials explore compensation to accelerate replacement of Huawei equipment in critical networks amid security concerns. LINK

U.S. Cyber Command unveils updated long-term master plan. Plan outlines cyber force growth, training centers, and readiness goals through FY2033. LINK:

📊 Trends, Reports, Analysis

AI tools exploited for data exfiltration in Claude attacks: Malicious actors abused network access and the Anthropic Claude API to extract sensitive information, highlighting the emerging risk of AI-driven data theft. LINK

📅 Upcoming Events

Exclusive Executive Cybersecurity Dinner: “The Future of Cyber Resilience in the Middle East”

During Black Hat Middle East & Africa 2025, we invite a select group of cybersecurity leaders and executive decision-makers for an exclusive evening of insight, dialogue, and collaboration.
If you would like to co-sponsor this event then do reach out to [email protected]

Register your interest to join here.

If you would like to sponsor any of our future in person or virtual events then please email us on [email protected] 

We hope you enjoyed our email briefing! ☕🥮If you want to sponsor our next edition or advertise on our site, drop us an email [email protected].

Thank you for being a part of our newsletter community and you can be part of the community by joining our LinkedIn Group.