In today’s cybersecurity news…
European airports restoring services after system breach
A ransomware attack on Collins Aerospace, a subsidiary of RTX, disrupted check-in systems at major European airports including Heathrow, Brussels, Berlin, and Dublin, causing long lines, delays, and hundreds of cancellations over the weekend. ENISA confirmed it was a third-party ransomware incident but withheld details on the malware. Brussels Airport canceled nearly half of Monday’s flights, while Dublin and London continued manual check-ins. Collins said fixes are in the “final stages.” (The Record)
CISA deals with GeoServer exploit
CISA reports that attackers breached an unnamed U.S. federal agency last year via an unpatched GeoServer vulnerability. By exploiting the RCE flaw, threat actors deployed web shells like China Chopper, moved laterally using brute-force password attacks, and accessed SQL and web servers, remaining undetected for three weeks. CISA urges rapid patching of critical vulnerabilities, continuous monitoring of EDR alerts, and strengthened incident response to prevent similar breaches. (Bleeping Computer)
App for outing Charlie Kirk’s critics leaks personal data
An app called Cancel the Hate, created after Charlie Kirk’s assassination to let users anonymously report people accused of criticizing him, leaked personal data including emails and phone numbers. Security researcher “BobDaHacker” found flaws that exposed user profiles and allowed account deletions. The app was taken offline after Straight Arrow News confirmed the breach with leaked data from 142 users. (SAN)
Jaguar Land Rover extends shutdown following cyberattack
Jaguar Land Rover said Tuesday its global operations will remain shut until at least next month as it recovers from a cyberattack that has halted all car and parts production since early September. The company is losing an estimated £50–70 million daily, with thousands of agency and temporary staff let go and others on reduced pay. (The Record)
Huge thanks to our sponsor, Conveyor
With AI that answers questionnaires of any format, and a trust center that handles document sharing, security reviews get done without the stress.
Feel calm in the chaos with Conveyor. Learn more at www.conveyor.com.
Feds say 100,000-card farms could have killed NYC cell towers
The U.S. Secret Service said it dismantled a covert cellular network of more than 100,000 SIM cards and 300 servers near New York City that posed an “imminent telecommunications threat” ahead of the U.N. General Assembly. Officials said the foreign-linked network could have shut down the city’s cellular system and targeted communications of government and emergency personnel. The equipment was found within 35 miles of the U.N., and is now under investigation as agents analyze data from 100,000 phones. (The Register)
Iranian Group Nimbus Manticore Expands European Targeting
Iran-linked hacking group Nimbus Manticore is targeting aerospace, telecommunications, and defense firms in Denmark, Sweden, and Portugal. Using spear-phishing campaigns disguised as job offers, the group deploys multi-stage malware that steals credentials, exfiltrates files, and executes remote commands while evading detection through DLL sideloading, code obfuscation, and valid code-signing certificates. (Infosecurity)
Police dismantle crypto fraud ring
European authorities arrested five suspects linked to a cryptocurrency investment fraud ring that stole over €100 million from more than 100 victims. The operation, coordinated by Eurojust and supported by Europol, targeted investors across 23 countries since at least 2018, using professional-looking online platforms to promise high crypto returns while funneling funds into controlled bank accounts. Law enforcement froze accounts and assets in Spain, Portugal, Italy, Romania, and Bulgaria. (Bleeping Computer)
RevengeHotels checks back in with AI-coded malware
Kaspersky says the hotel-hacking group “RevengeHotels” has resurfaced with AI-generated malware that makes scams harder to detect. The crew is apparently sending phishing emails disguised as booking requests or job applications, which drop VenomRAT to steal guest payment data. Using AI-coded variants helps evade older security tools while still relying on familiar social engineering tricks. Kaspersky warns hotel guests face rising risks of card theft even at trusted properties. (The Register)