#supply-chain-risk

#supply-chain-risk

Luxury car-maker Jaguar Land Rover will not resume production at its factories for yet another week as it continues to grapple with fallout from a cyberattack. In early September, the Jaguar Land Rover stopped production at its factories in the U.K. after it was impacted by a cyberattack in which hackers stole company data. Jaguar Land Rover has not said what data was stolen.

Villager, a new penetration-testing tool linked to a suspicious China-based company and described by researchers as "Cobalt Strike's AI successor," has been downloaded about 10,000 times since its release in July. The package, published on Python Package Index, operates as a Model Context Protocol (MCP) client and integrates multiple security tools. It includes Kali Linux, which legitimate defenders use to automate penetration testing, and it contains hundreds of tools that can also be used to launch cyber attacks at scale.

In the recent M&S breach, only £100 million of cyber insurance was in place, far short of the £300 million in damages incurred, leaving the retail giant significantly underinsured. With more retailers relying heavily on online operations and third-party platforms, the financial impact of operational downtime from data breaches can be severe and widespread. Yet many businesses still lack adequate-or any-cyber insurance.

Ten vulnerabilities in Copeland controllers, which are found in thousands of devices used by the world's largest supermarket chains and cold storage companies, could have allowed miscreants to manipulate temperatures and spoil food and medicine, leading to massive supply-chain disruptions. The flaws, collectively called Frostbyte10, affect Copeland E2 and E3 controllers, used to manage critical building and refrigeration systems, such as compressor groups, condensers, walk-in units, HVAC, and lighting systems. Three received critical-severity ratings.