TLDR: Major cybersecurity incidents have emerged, including Microsoft’s successful blocking of an AI-generated phishing campaign, WestJet’s notification of a data breach impacting U.S. customers’ personal information, and luxury retailer Harrods’ disclosure of a new data incident affecting 430,000 customer records due to a compromised third-party supplier.
In a significant cybersecurity development on September 30, 2025, Microsoft successfully intercepted a sophisticated, US-targeted phishing campaign that leveraged AI-generated code. The malicious code was cleverly embedded within an SVG file, disguised as a PDF document, aiming to trick unsuspecting users. Microsoft’s security systems, specifically Defender for Office 365, identified the AI traits in the code, noting verbose, business-like comments, overengineered functions, and formulaic obfuscation. The detection was triggered by anomalies in email structure, file format, and network behavior. Microsoft has since reiterated its recommendations for robust protection, including the use of safe links, zero-hour auto purge, phishing-resistant authentication, and cloud-delivered antivirus protection to mitigate similar advanced threats.
Meanwhile, Canadian airline WestJet has informed its American consumers about a cybersecurity incident that occurred on June 13th. The airline confirmed that a criminal third party gained unauthorized access to its systems, resulting in the compromise of certain personal information. The data obtained by the attackers includes names, contact details, and reservation-related documents. Crucially, WestJet stated that no payment card data or passwords were compromised during the breach. The airline has engaged cybersecurity experts to investigate the incident thoroughly and is in the process of notifying affected individuals, advising them to remain vigilant against potential phishing or social engineering attempts. WestJet also emphasized that the operational safety of its flights was never at risk.
Also Read:
- Escalating Cyber Threats: AI Platforms and Software Supply Chains Amplify Risk
- Permiso Enhances Identity Security Platform with Comprehensive AI Protection for Users, Builders, and Autonomous Agents
Adding to the week’s cybersecurity concerns, luxury department store Harrods has disclosed a new data breach impacting approximately 430,000 customer records. The incident stemmed from the compromise of a third-party supplier’s systems. The exposed customer data includes names, contact details, and some marketing or loyalty-related tags. This latest breach follows a suspected cyber attack that targeted Harrods in May, indicating ongoing challenges for the retail giant in safeguarding customer information.
