Person arrested in connection with airport attack
A man was arrested in West Sussex over a cyber-attack that disrupted several European airports, including Heathrow, after Collins Aerospace’s baggage and check-in systems were hit. The attack was discovered Friday and involved ransomware, forcing some airports to use manual check-ins and causing hundreds of flight delays. The suspect has been released on bail, and the investigation is ongoing. Collins Aerospace is rebuilding its systems, warning airlines and ground handlers to expect at least another week of manual operations. (BBC)
Record-breaking DDoS attack hits new highs
Cloudflare blocked a record-breaking DDoS attack targeting a European network infrastructure company, peaking at 22.2 Tbps and 10.6 billion packets per second over 40 seconds. The attack, possibly powered by the Aisuru botnet, involved over 404,000 unique IPs across 14 ASNs and used a UDP “carpet bomb” targeting tens of thousands of ports on a single IP. Aisuru, active for over a year, leverages compromised IoT devices and zero-day vulnerabilities. (SecurityWeek)
China-linked attackers use ‘BRICKSTORM’ backdoor to steal IP
Mandiant says suspected Chinese hackers are deploying a new Linux-focused backdoor called BRICKSTORM to steal intellectual property and sensitive data from law firms, SaaS providers, and tech companies. The campaign, linked to UNC5221, has been active since March and targets high-value email accounts, including senior executives and national security-related law firms. Attackers often persist in networks for over a year, exploiting Ivanti zero-days, VMware appliances, and compromised routers to maintain access. (The Record)
How One Bad Password Ended a 158-Year-Old Business
UK transport firm KNP Logistics, founded in 1867, collapsed in June after the Akira ransomware group breached its systems using a weak employee password with no MFA. Attackers encrypted data, destroyed backups, and demanded £5 million, forcing the company to layoff 700 workers. The case underscores how poor credential hygiene can override compliance and insurance protections. (The Hacker News)
Huge thanks to our sponsor, Conveyor
AI fills in the questionnaires, your trust center is always ready, and sales cycles move without stalls.
Breathe easier—check out Conveyor at www.conveyor.com.
Cisco warns of IOS zero-day vulnerability exploited in attacks
Cisco patched a zero-day in IOS and IOS XE, exploited in active attacks through the SNMP subsystem. The stack-based buffer overflow lets low-privileged attackers cause denial-of-service or, with higher privileges, gain root access on IOS XE devices. Exploitation was seen after admin credentials were compromised. Cisco advises upgrading immediately, since no full workarounds exist beyond restricting SNMP access. (Bleeping Computer)
npm Package Uses QR Code Steganography to Steal Credentials
Socket researchers discovered a malicious npm package called Fezbox that hid its payload inside a QR code to steal usernames and passwords from browser cookies. Posing as a JavaScript/TypeScript utility, the package fetched a QR code from a remote server, waited 120 seconds, then decoded and executed the embedded malware. It used multiple obfuscation layers, including string reversal and encryption, before sending stolen credentials to a Railway-hosted server. Fezbox had 327 downloads before npm removed it at Socket’s request. (Infosecurity Magazine)
Chinese hackers RedNovember target global governments
Recorded Future says a Chinese state-backed hacking group it now calls RedNovember has been breaching governments and private sector firms worldwide since mid-2024. The group exploits flaws in VPNs, firewalls, and email servers from vendors including Check Point, Ivanti, and Palo Alto Networks, then deploys tools like the Go-based backdoor Pantegana, Spark RAT, and Cobalt Strike. Victims reportedly include U.S. defense contractors, a European engine maker, and ministries across Asia, Africa, and South America. (The Hacker News)
Unpatched flaw in OnePlus phones lets rogue apps text messages
A flaw in OxygenOS lets any app on OnePlus devices access SMS data without permission, exploiting improperly secured Telephony content providers. Rapid7 confirmed the vulnerability on multiple models, including OnePlus 8T and 10 Pro, and published a PoC after OnePlus ignored repeated disclosure attempts. The issue affects OxygenOS versions 12–15 and could allow blind SQL injection to reconstruct SMS content. Users are advised to limit apps, use reputable sources, switch from SMS-based 2FA, and rely on end-to-end encrypted messaging until a patch is released. (Bleeping Computer)