LNER warns passengers after third-party data breach exposes contact details 

London North Eastern Railway (LNER) has confirmed that a cyber attack on one of its third-party suppliers has led to unauthorised access to files containing passengers’ contact details.  

The operator, which runs services on the East Coast Main Line between London and Scotland, said no bank, card or password information was compromised, but urged customers to be vigilant about unsolicited communications requesting personal data. LNER, headquartered in York, stated it is working with cyber security experts and the supplier to establish the scale of the incident and strengthen safeguards.  

The number of passengers affected is not yet known. The disclosure comes as LNER’s revenues surpass £1 billion but the operator faces mounting competition from private firms and rising customer complaints. This breach follows last year’s attack on Transport for London systems, underlining how critical public transport data continues to be a target for cyber criminals. 

Jaguar land rover admits customer data accessed as cyber attack drags on 

Jaguar Land Rover’s cyber crisis intensified this week as the company confirmed that customer data has been accessed in a hack that has already halted production for more than a week. Initially, the carmaker said there was no evidence of stolen data, but on Wednesday it acknowledged that “some data has been affected” and notified regulators. JLR stated it is working “around the clock” with cyber security specialists to restart global systems safely and will contact individuals if their information is impacted.  

The manufacturer has not disclosed how many people are affected or the nature of the compromised data. Experts warn the attack appears to have penetrated deeper than first believed and that purging networks of intruders could take weeks. Beyond mounting financial losses from the shutdown, the reputational hit could be severe for a luxury brand whose high-end customers now face potential fraud and identity theft. 

Microsoft’s September Patch Tuesday tackles 81 flaws, including two zero-days 

Microsoft’s September 2025 Patch Tuesday has delivered security fixes for 81 vulnerabilities across Windows and related products, including two publicly disclosed zero-day flaws in Windows SMB Server and Microsoft SQL Server. The company said the update resolves nine “Critical” issues, five of which are remote code execution, as well as dozens of elevation of privilege, information disclosure, denial of service and spoofing weaknesses. CVE-2025-55234, an SMB Server elevation-of-privilege flaw exploitable via relay attacks, is the most high-profile, with Microsoft urging administrators to review and harden their SMB configurations. 

 The patch also incorporates an update to Newtonsoft.Json within SQL Server to address a mishandling bug previously disclosed in 2024. Microsoft stressed that enabling SMB Server Signing and Extended Protection can reduce risk but may affect compatibility with older systems. Security professionals are advising rapid deployment given the high severity and public disclosure of the zero-day vulnerabilities. 

European DDOS mitigation firm hit by record-breaking 1.5 billion pps attack 

A major distributed denial-of-service (DDoS) scrubbing provider in Europe has been targeted by one of the largest packet-rate floods ever publicly disclosed, peaking at 1.5 billion packets per second. The attack, which originated from thousands of compromised IoT devices and MikroTik routers spread across more than 11,000 networks worldwide, was mitigated in real time by FastNetMon, a specialist in service disruption protection. FastNetMon did not name the victim but said its measures included deploying access control lists on edge routers known for amplification, highlighting how vulnerable consumer networking equipment has become. The incident comes just days after Cloudflare reported blocking a record 5.1 billion pps DDoS attack, underscoring a growing trend in massive-scale assaults designed to overwhelm processing capacity and cause outages. FastNetMon’s founder Pavel Odintsov warned that ISP-level intervention and proactive filtering are now critical to stop the mass weaponisation of everyday devices in such attacks. 

Plex urges password resets after hacker steals customer authentication data 

Media streaming service Plex has warned its customers to reset their passwords after a hacker accessed one of its databases and stole authentication data. In a breach notification Plex said the attacker obtained email addresses, usernames and securely hashed passwords belonging to a “limited subset” of customers. Although the passwords are hashed according to best practice, the company has not specified the algorithm used, prompting security experts to caution that attackers may attempt to crack them. Plex is recommending all users change their passwords, sign out of connected devices, and enable two-factor authentication for extra protection. The company stressed that it does not store payment card information and that no financial data was compromised. This is the second time in three years that Plex has experienced a breach involving customer authentication data, raising fresh questions over the security of widely used streaming platforms. 

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.