Ransomware Automation Slashes Attack Times to Minutes; Supply Chain Overconfidence Creates Massive Risk

Publication Date: October 23, 2025

Summary

In cybersecurity news for October 23, 2025, the threat landscape is defined by escalating speed and systemic risk. A new report reveals ransomware groups are using automation to compress attack timelines to just 18 minutes from initial access to lateral movement. Simultaneously, another study highlights a dangerous overconfidence in supply chain security, with 94% of firms feeling prepared despite a third failing to conduct basic supplier risk assessments. This is underscored by the staggering £1.9 billion economic cost of the Jaguar Land Rover hack, which cascaded through 5,000 supply chain organizations. Regulators are responding, with New York's DFS issuing new guidance on third-party risk. Meanwhile, CISA has added another actively exploited vulnerability to its KEV catalog, demanding immediate action from federal agencies.

Today New Articles

NY Regulator Puts Financial Firms on Notice: You Are Accountable for Your Vendors' Security

The New York State Department of Financial Services (DFS) has issued new guidance for financial institutions, emphasizing their ultimate accountability for managing cybersecurity risks originating from third-party service providers (TPSPs). The regulator warne...

Unit 42 Exposes 'Smishing Deluge' from China and 'Jingle Thief' Gift Card Fraud

Researchers at Palo Alto Networks' Unit 42 have detailed two distinct and significant cybercrime operations. The first, a massive smishing campaign dubbed 'The Smishing Deluge,' is attributed to a China-based threat actor and is flooding mobile users globally...

Healthcare Breaches Seem to Drop, But Government Shutdown Hides True Numbers

Official data for September 2025 shows only 26 major healthcare data breaches, the lowest monthly total since 2018. However, The HIPAA Journal cautions that this apparent decline is misleading. A US government shutdown has largely halted the HHS's Office for C...

Palomar Health Breach Exposes Highly Sensitive Patient Data, Including Biometrics

Palomar Health Medical Group (PHMG), a California-based healthcare provider, has announced it was the victim of a cybersecurity incident that exposed sensitive patient data. The compromised information includes not only names and personal identifiers but also...

CISA Orders Federal Agencies to Patch New Actively Exploited Vulnerability

On October 22, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a new, unspecified vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. This action confirms that the flaw is being actively exploited in the wild by mal...

Article Updates

UK's NCSC Warns of Doubling 'Nationally Significant' Cyberattacks, Cites Supply Chain Risk

Update:A new NCC Group report, 'The State of Supply Chain Security,' highlights a dangerous paradox: 94% of cybersecurity decision-makers are confident in their ability to respond to supply chain attacks, but 34% fail to conduct regular supplier risk assessments. Thi...

CrowdStrike: 76% of Organizations Can't Keep Pace with AI-Powered Ransomware

Update:A new ReliaQuest report reveals ransomware 'breakout time' (initial access to lateral movement) has plummeted to just 18 minutes, down from 48 minutes in 2024. This dramatic acceleration is driven by 80% of Ransomware-as-a-Service groups leveraging automation...