Cyber Brief: Jaguar Land Rover Restarts After Cyber Attack, Oracle Zero-Day Exploited, and More

Every day, new cyber threats emerge across industries — from major supply chain attacks to new vulnerabilities that could impact businesses of any size. Here’s a quick look at today’s key stories and what they mean for UK organisations.

Jaguar Land Rover restarts production following cyber-attack

After almost six weeks of disruption, JLR will resume operations at its engine and battery plants this week, following a significant cyber incident that halted production.
👉 Read more on Reuters
Why it matters: This recovery phase highlights how interconnected supply chains can amplify the impact of a single incident. Smaller suppliers often feel the effects most, underlining the importance of supply-chain resilience and incident response planning.

Oracle issues emergency patch for exploited E-Business Suite zero-day (CVE-2025-61882)

Oracle has released a critical patch to address an actively exploited vulnerability in its E-Business Suite, used widely for financial and supply chain systems.
👉 Read Oracle’s advisory
Why it matters: This flaw could allow attackers to access or manipulate business-critical data. Organisations running affected versions should apply the update immediately and confirm that any connected systems are also secure.

Critical Redis flaw exposes thousands of servers

A newly disclosed 13-year-old bug in Redis has left around 60,000 servers vulnerable to remote exploitation if not patched.
👉 Read more on SecurityWeek
Why it matters: Redis sits at the core of many applications for caching and data storage. A compromised Redis instance could act as a stepping stone into wider infrastructure, especially in cloud-hosted or microservices environments.

Google DeepMind unveils AI tool to fix code vulnerabilities

DeepMind’s new “CodeMender” AI can autonomously detect and repair security flaws, already contributing dozens of patches to open-source projects.
👉 Read more on The Hacker News
Why it matters: AI-assisted code repair could help teams address vulnerabilities faster — but automated fixes still need validation. Security and development teams should prepare to integrate AI tooling alongside human review.

Asahi Group confirms cyber-attack; ransomware group claims data theft

Japan’s Asahi Group has restored operations after a cyber incident, but the Qilin ransomware gang now claims to have stolen 27 GB of data.
👉 Read more on Reuters
Why it matters: Even once systems are back online, stolen data can resurface later — whether for extortion or resale. Long-term incident management and breach monitoring are key to protecting customer and partner trust.

🔐 Secarma insight: What to take away today

1. Patch Oracle E-Business Suite (CVE-2025-61882) and review supplier patching policies.
2. Audit Redis usage — restrict network access and update to the latest secure release.
3. Test your supply-chain response readiness — would you know if one of your vendors suffered a breach tomorrow?

💬 Our take

At Secarma, we help organisations Advise, Certify, and Test — building resilience across people, processes, and technology.
If today’s headlines have raised questions about your own cyber posture, we can help you:

• Map your current risks and prioritise patching (Advise)
• Achieve compliance through frameworks like Cyber Essentials or ISO 27001 (Certify)
• Validate your defences through penetration testing and red teaming (Test)

🔗 Get in touch with our team or explore more insights at secarma.com/resources