CyberWatch Weekly: Top 3 Cybersecurity News from September 3rd Week

This week, major developments have put cybersecurity in sharp focus across both the UK and the U.S. Authorities are cracking down on members of the hacking group Scattered Spider, accused of multimillion-pound intrusions that disrupted transport systems and healthcare providers. At the same time, Microsoft faces criticism over its Windows 10 phase-out, which could leave millions of PCs exposed to attacks. These stories highlight how digital vulnerabilities, whether through targeted cybercrime or corporate policy, continue to endanger institutions and individuals alike. Here’s a closer look at this week’s top headlines.

Teen Hackers Charged Over Scattered Spider Cyberattacks That Cost Millions

Two British teenagers have been charged in connection with cyberattacks linked to the hacking group Scattered Spider, whose activities have caused millions in losses to UK and US organisations. Thalha Jubair, 19, from East London, and Owen Flowers, 18, from Walsall, were arrested by the National Crime Agency (NCA) and appeared before Westminster Magistrates’ Court. The pair are accused of conspiring to infiltrate Transport for London’s (TfL) systems during a network intrusion in August 2024. Flowers faces additional charges for targeting US healthcare companies SSM Health Care and Sutter Health, while Jubair is accused of withholding device passwords from investigators. The attack occurred after hackers exploited weaknesses in TfL’s digital infrastructure, forcing shutdowns of traffic cameras and “dial-a-ride” bookings. Such tactics are typical of Scattered Spider, which has also disrupted major UK retailers including M&S, Co-op, and Harrods this year.

Authorities stress that improved access controls, faster reporting, and international cooperation are vital solutions to prevent criminal groups from exploiting critical systems and damaging public trust.

Source: Sunday World

UK Teen Charged in $115M U.S. Cyber Extortion Scheme

U.S. prosecutors have charged 19-year-old Thalha Jubair of London with conspiracy to commit computer fraud, wire fraud, and money laundering in connection with a global hacking spree carried out by the group known as Scattered Spider. The complaint, unsealed in New Jersey, alleges Jubair took part in at least 120 intrusions against 47 U.S. organizations, securing more than $115 million in ransom payments. Investigators say the group relied on social engineering, tricking employees into granting access to corporate systems. Once inside, attackers stole and encrypted data, then demanded payments to restore access or prevent leaks. Jubair is also accused of laundering millions in cryptocurrency linked to the attacks, including funds seized during law enforcement operations. Authorities argue the case shows how ransomware thrives when companies lack robust identity checks and incident response planning. Experts emphasize that stronger access controls, rapid breach reporting, and coordinated international enforcement are critical to reducing the impact of such schemes. Jubair faces up to 95 years in prison if convicted.

Source: U.S. Department of Justice

Millions at Risk as Microsoft Urges Windows 10 Users to Pay, Upgrade, or Recycle

With Windows 10 set to retire on October 14, Microsoft faces criticism for leaving hundreds of millions of PCs exposed to cyber threats. Consumer Reports warns that between 200 and 400 million devices cannot upgrade to Windows 11 due to hardware restrictions, making them vulnerable to malware and ransomware once security updates end. The problem stems from Microsoft’s strict Windows 11 requirements, which exclude many older but still functional PCs. While Microsoft promotes Windows 11 as essential for cybersecurity, it has also told users running it on unsupported machines to roll back to Windows 10. To maintain protection, users must either purchase an Extended Security Update (ESU) plan, costing $30 per year, or replace their PCs altogether.

The “Enroll Now” button for ESU is appearing in Windows Update, alongside links pushing users to trade in or recycle old devices. Experts argue this approach risks creating both a global security crisis and an e-waste surge. Broader ESU access, longer support, and clearer upgrade pathways could reduce the looming threat.

Source: Forbes

Conclusion

From high-profile arrests to looming software security risks, the week underscores a critical truth: cyber threats are evolving faster than defenses. Whether caused by sophisticated hacking groups or systemic gaps in technology lifecycles, the need for stronger safeguards, transparency, and global cooperation has never been more urgent.

Stay vigilant and informed, tune in next week for more updates in InfosecTrain’s CyberWatch Weekly!