Cybersecurity News Roundup – Early October 2025

Radiant gang apologizes after attacking Kido nursery chain – The Radiant cybercrime group targeted London nursery chain Kido, publishing profiles of more than 8,000 children and their parents while demanding a ransom. After public backlash the group deleted the data and issued an apology.

Volvo staff data exposed via third‑party software – A ransomware attack on a third‑party HR software provider exposed names, Social Security numbers, contact details and birth dates of around 1.5 million Volvo North America employees. The investigation is ongoing.

Harrods and WestJet disclose breaches – Luxury retailer Harrods lost more than 430,000 customer records in a third‑party service breach. Canadian airline WestJet confirmed that personal information for 1.2 million passengers was stolen earlier this year.

Medusa claims massive Comcast breach – The Medusa ransomware gang claims to have stolen 834 GB of sensitive data from Comcast, including financial documents and personnel files. Comcast has yet to confirm the breach.

Milesight routers abused to send phishing SMS – Researchers warn that exposed APIs in Milesight industrial routers are being abused to send phishing SMS messages across Europe; about 572 of 18,000 internet‑accessible routers may be vulnerable.

Red Hat confirms GitLab compromise – Red Hat’s consulting division said a self‑hosted GitLab instance was breached, with attackers claiming to have stolen 570 GB of data from more than 28,000 private repositories. Product engineering systems were not affected.

Extortion emails target executives – Google reports a large‑scale email extortion campaign targeting executives across multiple industries. Messages claim affiliation with the Cl0p ransomware gang, but investigators have found no evidence the data theft claims are real.

CISA warns of critical sudo vulnerability – CISA has added CVE‑2025‑32463 to its Known Exploited Vulnerabilities list. The bug in sudo versions prior to 1.9.17p1 allows local users to gain root privileges; administrators should update immediately.