Hacktivist attack grounds Russian flights
A politically motivated cyberattack forced Russia’s Aeroflot airline to cancel dozens of flights on Monday. The airline reported IT system failures that led to at least 50 flight cancellations and multiple delays at Moscow’s Sheremetyevo Airport. Aeroflot said ticket offices are temporarily not processing refunds or rebookings but will resume once services are restored. Hacktivist groups Silent Crow and Belarusian Cyberpartisans BY claimed responsibility for the attack and said the disruption followed a year-long compromise of Aeroflot’s systems.
Naval group denies breach, hackers beg to differ
France’s state-backed defense contractor, Naval Group is denying claims it was hacked after a cybercriminal alleged they stole 1TB of sensitive submarine i data, including source code and classified technical documents. The threat group called “Neferpitou,” posted alleged proof samples and gave the company 72 hours to respond before promising a full leak. Naval Group says there are no signs of an IT systems breach but they have launched an investigation.
(InfoSecurity Magazine), (Naval Group X Account)
Dating app breach exposes thousands of women’s pictures
A dating app marketed as a safer space for women was hacked, exposing images of tens of thousands of users (I’ll pause for the irony). Tea confirmed a breach that compromised 13,000 user-submitted selfies and 59,000 public images from posts and messages. The attack targeted a legacy storage system holding data from before February 2024, despite the app’s promise to delete verification photos immediately.
Scattered Spider escalates attacks on VMware ESXi
Scattered Spider is back in action, targeting VMware ESXi hypervisors at U.S. companies in the retail, airline, transportation, and insurance sectors. According to Google’s Threat Intelligence Group, the group continues to rely on highly convincing social engineering—not software exploits—to manipulate help desk staff and gain access to high-value systems. In some cases, the attackers impersonate IT administrators to hijack privileged accounts and move quickly from access to data theft and ransomware within hours.
(Bleeping Computer), (The Hacker News)
Huge thanks to our episode sponsor, Dropzone AI
BlackSuit down. Chaos emerges.
From Royal to BlackSuit, an even newer rebrand has emerged for the ransomware group dubbed Chaos. The update came just as law enforcement seized BlackSuit’s Tor-based leak site in a global takedown operation called “Checkmate,” replacing the site with the logos of 17 agencies and BitDefender. Cisco Talos now links Chaos to the same operators, citing near-identical ransom notes, attack methods, and encryption tactics all signs pointing to the group already being back in business.
Beware of new malware attack
A new infostealer called Shuyal is targeting 19 browsers, including privacy-focused ones like Tor—while quietly gathering system data and stealing credentials. Researchers say it uses aggressive evasion techniques, disables Task Manager, and deletes its own traces after exfiltrating data through Telegram bots. Distribution methods are still unknown, but like other stealers, it could be a precursor to larger attacks like ransomware or business email compromise (BEC).
PaperCut exploit in need of bandaid
CISA is warning that hackers are exploiting a high-severity vulnerability in PaperCut NG/MF print management software that can lead to remote code execution. The flaw, CVE-2023-2533, was patched in June 2023, but CISA recently added it to its Known Exploited Vulnerabilities catalog, giving federal agencies until August 18 to patch it. The software is used by more than 100 million people across 70,000 organizations.
Starlink scam-bright
A U.S. senator is calling on SpaceX to crack down on scammers using its Starlink internet service to run large-scale cyber fraud operations across Southeast Asia. Human rights groups and U.N. reports have repeatedly linked Starlink to scam compounds that rely on its portability and independence from national telecom networks. With sightings increasing and usage reportedly doubling in some regions, Sen. Maggie Hassan is demanding answers on what SpaceX is doing to stop the abuse.
