Accelerated by:
Certifications:
Light Eyes is part of Apolo Cybersecurity
ENG
ENG
%402x.svg){kind=icon}
The third week of September 2025 marked a milestone in the global cybersecurity landscape, with high impact incidents which have affected everything from luxury giants to critical telecommunications infrastructures.
In a period of just five days, we have witnessed the Confirmation of the biggest data theft in the luxury sector with Kering, the dismantling one of the most sophisticated phishing networks on the part of Microsoft, and the fourth commercial spyware alert aimed at French iPhone users. At the same time, the Jaguar Land Rover crisis drags on while Colt Technology Services faces a recovery that lasts until November.
These events highlight a Worrying trend: Cybercriminals are intensifying their operations with increasingly sophisticated techniques, targeting both premium sectors and essential infrastructures. With 33 new victims of ransomware recorded this week alone and Spain leading the European increase in attacks with a 116% more than in 2024, the need to strengthen cyber defenses has never been more urgent.
The French luxury giant Kering, owner of Gucci, Balenciaga and Alexander McQueen, confirmed the theft of personal data of 7.4 million customers following an intrusion by Shiny Hunters. The attack, which began in April and was detected much later, exposed emails, phone numbers and purchase addresses. Kering has intensified communication with affected customers and reinforced their security.
British car maker Jaguar Land Rover continues its global production halted after the cyberattack it suffered on September 2. The forensic investigation is ongoing and the company officially announced that some customer data may have been affected. The restart of operations is delayed until September 24 and the attack was claimed by the group “Scattered Lapsus$ Hunters”.
For the fourth time this year, Apple notified users in France and other European countries about active sophisticated spyware attacks such as Pegasus and Predator. Journalists, lawyers and politicians are among the targets. It is recommended not to modify the devices to preserve evidence of the attack, in addition to activating two-factor authentication and updating the operating system.
Microsoft, in collaboration with the authorities, seized more than 330 websites of the popular phishing service Raccoono365, which sold subscription attack kits and stole more than 5,000 Microsoft account credentials in 94 countries since July 2024. Campaigns aimed especially at healthcare and sectors critical to the threat of data theft and ransomware stand out.
British telecom operator Colt is still struggling to restore its systems after a massive cyberattack suffered in August by the Warlock group. A full recovery is not expected until the end of November and investigations are still ongoing. The attack exemplifies the duration and critical impact of ransomware incidents on vital infrastructure.
During this week they registered 33 new victims of ransomware published on data breach sites, with sectors such as finance, health and manufacturing being the most impacted. The most active groups include Qilin, INC Ransom, Everest and Lynx.
Spain remains among the most attacked countries with an increase in 116% in ransomware attacks during 2025, recording 134 incidents compared to 62 in 2024.
.webp)