Jaguar Land Rover cyberattack drives major sales impact

Jaguar Land Rover (JLR) has confirmed that last year’s cyberattack contributed to a sharp 43% year-on-year decline in third-quarter wholesale volumes, highlighting the far-reaching business impact of cybersecurity incidents. The attack disrupted production and global distribution, with manufacturing only returning to normal by mid-November following a phased restart. As a result, JLR struggled to fulfil orders across key markets.

Wholesale volumes fell to 59,200 units for the quarter, with North America seeing a 64% drop, Europe 48%, China 46%, and the UK down 0.9%. JLR said the impact was compounded by US tariffs and the planned discontinuation of legacy Jaguar models ahead of the brand’s relaunch.

Financial disclosures revealed the cyberattack cost £196 million in the quarter, with the Bank of England citing the incident as a factor in weaker UK GDP performance. The attack, claimed by the Scattered Lapsus$ Hunters collective, also involved data theft and caused prolonged operational disruption across JLR’s supply chain.

Brightspeed investigates major data breach claims – 1 million customers could be impacted

US fibre broadband provider Brightspeed is investigating claims of a cyberattack after the Crimson Collective hacking group alleged it had breached the company’s systems and exfiltrated personal data linked to more than one million customers. Brightspeed operates across 20 US states and provides broadband services to over one million residential and business users, making the potential impact significant.

According to the threat actors, the stolen data includes names, billing addresses, email addresses, phone numbers, account status information, payment details and service records. Crimson Collective has reportedly shared proof of possession with several cybersecurity researchers who track dark web activity to substantiate its claims.

Brightspeed confirmed it is investigating a potential cybersecurity event and stated it will keep customers, employees and authorities informed as the situation develops. The group behind the claim is known for high-profile extortion attempts, including a previous breach of Red Hat infrastructure that later affected third-party organisations, underlining the growing ripple effects of large-scale data breaches.

Taiwan’s National Security Bureau reports surge in Chinese cyber activity

Taiwan has reported a sharp escalation in cyber intrusion attempts against its critical infrastructure in 2025, with activity attributed to Chinese threat actors reaching unprecedented levels. According to a new report from the National Security Bureau of the Republic of China, Taiwan recorded more than 960 million intrusion attempts over the year, averaging 2.63 million attacks per critical organisation per day. This represents a 6% increase on 2024 and more than double the activity seen in 2023.

The energy sector was the primary target, experiencing a tenfold rise in attacks year on year. Emergency rescue organisations and hospitals also faced heightened pressure, with intrusion attempts increasing by 54%. In contrast, attacks against water resources and finance declined significantly.

The report attributes much of the activity to well known Chinese advanced persistent threat groups, combining vulnerability exploitation, DDoS, social engineering and supply chain compromise, often aligned with military exercises and major political events in Taiwan.

UK Government unveils £210m public sector cybersecurity plan

The United Kingdom has announced a new cybersecurity strategy backed by more than £210 million, aimed at strengthening cyber defences across government departments and the wider public sector. Central to the Government Cyber Action Plan is the creation of a dedicated Government Cyber Unit, designed to improve risk management and coordinate incident response across public services, including healthcare, benefits and tax systems.

The plan introduces minimum security standards, improved visibility of cyber risk across departments, and stronger requirements for incident response preparedness. Digital Government Minister Ian Murray said the measures are intended to counter attacks capable of disrupting essential public services within minutes.

A new Software Security Ambassador Scheme will also promote secure development practices, with major organisations participating.

The announcement follows new legislation and policy moves to harden critical national infrastructure and curb the impact of ransomware and large-scale fraud.

Veeam patches critical Backup & Replication flaw

Veeam has released security updates addressing multiple vulnerabilities in its Backup & Replication software, including a critical remote code execution issue tracked as CVE-2025-59470. The flaw affects Veeam Backup & Replication version 13.0.1.180 and all earlier version 13 builds, and could allow attackers with Backup or Tape Operator privileges to execute code as the postgres user.

While initially rated critical, Veeam has classified the issue as high severity due to the requirement for elevated access. Nevertheless, these roles are highly privileged and commonly targeted during intrusions. Version 13.0.1.1071, released on 6 January, also patches two additional flaws that could enable remote code execution through malicious configuration files or parameters.

Backup infrastructure remains a prime target for ransomware groups seeking to disable recovery options, reinforcing the urgency for organisations to patch quickly and review access controls around backup systems.

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.