A concise, CEO-level roll-up of material cyber events disclosed in the last forty-eight hours or still unfolding with fresh publications today. Canadian English, neutral tone, links to primary sources.
Malicious npm MCP server in postmark-mcp silently forwards enterprise email
Date of Incident (ET): Since Sept. 17, 2025
Date of Disclosure/Publication (ET): Sept. 29, 2025
Summary: Researchers found a backdoored Model Context Protocol server embedded in the npm package postmark-mcp that auto-forwards emails to an attacker, creating AI-workflow supply chain exposure across organisations.
Source: https://thehackernews.com/2025/09/first-malicious-mcp-server-found.html
Microsoft details LLM-crafted SVG phishing that bypasses email defences
Date of Incident (ET): Aug. 28, 2025 Date of Disclosure/Publication (ET): Sept. 29, 2025 Summary: Microsoft reported a credential-harvesting campaign using AI-generated, obfuscated SVG files and BCC evasion tactics to slip past filters, underscoring generative AI in attack chains. Source: https://thehackernews.com/2025/09/microsoft-flags-ai-driven-phishing-llm.html
Union County, Ohio, discloses ransomware breach affecting 45,487 people
Date of Incident (ET): May 6–18, 2025 Date of Disclosure/Publication (ET): Sept. 29, 2025 Summary: Officials confirmed theft of Social Security and financial data impacting 45,487 residents and staff, with notification letters issued and public reporting today. Source: https://www.teiss.co.uk/news/ransomware-attack-exposes-data-of-nearly-46000-in-union-county-ohio-16473
Harrods confirms third-party breach exposing customer contact details
Date of Incident (ET): Unknown Date of Disclosure/Publication (ET): Sept. 28–29, 2025 Summary: Harrods said attackers accessed a supplier system and stole customer contact details; payment data and passwords were not affected. Source: https://www.bleepingcomputer.com/news/security/harrods-suffers-new-data-breach-exposing-430-000-customer-records/
UK guarantees £1.5 billion loan to stabilise Jaguar Land Rover after cyberattack
Date of Incident (ET): Late Aug. 2025 Date of Disclosure/Publication (ET): Sept. 29, 2025 Summary: Following a disruptive cyberattack that halted manufacturing, the UK announced a £1.5 billion loan guarantee to support JLR’s supply chain while phased system recovery proceeds. Source: https://www.securityweek.com/cyberattack-on-jlr-prompts-1-5-billion-uk-government-intervention/
Moldova election websites hit by cyberattacks amid national vote
Date of Incident (ET): Sept. 28–29, 2025 Date of Disclosure/Publication (ET): Sept. 29, 2025 Summary: Recorded Future News reported cyberattacks, including DDoS and influence operations, disrupting online services during Moldova’s elections, underscoring national cyber defence risks. Source: https://therecord.media/moldova-election-pro-eu-party-wins-ddos-incidents-influence-ops
