Three Cybersecurity Stories You Should Not Have Missed This Week

1) Aviation check-ins disrupted across Europe (shared platforms = shared outages)

A cyber incident impacting Collins Aerospace's MUSE check-in platform triggered delays and cancellations at Heathrow, Brussels, Berlin and more—forcing manual workarounds and exposing aviation's dependency on third-party SaaS. Confirmed reports and live updates below.

Sources:

• AP: https://apnews.com/article/europe-airports-cyberattack-29b6d890baf7ac3a22f0f2b2f169b890
• Reuters (live): https://www.reuters.com/en/cyberattack-causes-flight-delays-cancellations-brussels-airport-2025-09-20/
• The Independent (live blog): https://www.independent.co.uk/travel/news-and-advice/heathrow-airport-cyber-attack-flights-london-brussels-berlin-live-b2830382.html

Do now: Inventory mission-critical third-party platforms, run a 24-hour "SaaS-down" tabletop, and validate manual throughput assumptions.

2) Jaguar Land Rover: prolonged factory shutdown (the long tail of a breach)

Production disruptions at JLR continued this week, with deepening supply-chain impact and mounting costs—an object lesson in how quickly "IT incidents" become business outages. Roundups below.

Sources:

• Industrial Cyber: https://industrialcyber.co/manufacturing/jaguar-land-rover-cyberattack-deepens-with-prolonged-production-outage-supply-chain-fallout/
• Entrepreneur (cost focus): https://www.entrepreneur.com/business-news/jaguar-land-rover-production-shut-down-after-cyberattack/497248

Do now: Re-verify RTO/RPO with MSPs and key suppliers; pre-stage financial/ops contingencies for multi-week outages; ensure comms cadence to distributors.

3) Chrome ships another in-the-wild zero-day fix (patch velocity is strategy)

Google patched CVE-2025-10585, the sixth actively exploited Chrome zero-day this year—again targeting the V8 engine. If you're letting browsers lag, you're volunteering to be the low-hanging fruit.

Sources:

• The Hacker News: https://thehackernews.com/2025/09/google-patches-chrome-zero-day-cve-2025.html
• BleepingComputer: https://www.bleepingcomputer.com/news/security/google-patches-sixth-chrome-zero-day-exploited-in-attacks-this-year/
• Context: CISA KEV recent adds (trendline): https://www.cisa.gov/news-events/alerts/2025/09/11/cisa-adds-one-known-exploited-vulnerability-catalog

Do now: Enforce auto-update; set "current minus 1" compliance; block outdated Chromium builds from SSO; verify version drift in device compliance.

Tags: Cybersecurity News, Top 3 Stories, Commentary