Global Aviation Summit Opens in Montreal as Cyber-Threats, Diplomatic Cracks and Environmental Pressures Loom Large Montreal — The triennial assembly of the United Nations’ International Civil Aviation Organization (ICAO) starts today (23 September 2025), and for many delegates, the atmosphere is uncomfortably charged. What should be a forum for technical cooperation and shared progress in … Continued
Microsoft Seals Critical Entra ID Flaw After Discovery of Global-Tenant Admin Impersonation Vulnerability September 22, 2025 Microsoft has patched a severe security vulnerability (CVE-2025-55241) in its identity platform, Entra ID (formerly Azure Active Directory), that could have allowed attackers to impersonate Global Administrators across any tenant worldwide. The flaw, which carried a maximum severity score … Continued
A sophisticated cyberattack has disrupted operations at three major European airports—Heathrow, Brussels, and Berlin—causing widespread flight cancellations and delays. Cybersecurity leaders say the incident exposes systemic weaknesses in shared aviation technology and underscores the urgent need for stronger supply chain security and compliance with evolving regulations like the NIS2 Directive. “Simultaneous disruptions at multiple airports … Continued
Russian hackers Gamaredon and Turla have been caught working together in a cyber campaign against Ukraine. This finding comes from cybersecurity company ESET, which uncovered the link after noticing Gamaredon’s tools being used to deliver Turla’s Kazuar backdoor. The activity was observed between February and June 2025, and researchers believe it shows direct collaboration rather … Continued
OpenAI Introduces Flexible Thinking Controls in ChatGPT OpenAI has unveiled a major update to ChatGPT, giving users the ability to choose how much reasoning effort the GPT-5 Thinking model invests before producing a response. This new control feature is designed to balance speed with depth, allowing users to tailor the AI’s output depending on their … Continued
A surprising announcement has come from the cybercrime world. A group calling itself Scattered Lapsus$ Hunters, along with several other well-known hacker aliases, has declared that they are ending their hacking spree. The group posted messages on Telegram and BreachForums, saying they would “go dark” and stop their offensive operations. In their farewell message, the … Continued
A North Korean hacking group known as Kimsuky has carried out a new cyberattack against South Korea by using artificial intelligence to generate fake military identification cards. Security researchers discovered that the group used these forged IDs in targeted phishing campaigns aimed at organizations linked to South Korea’s defense sector. Researchers from Genians, a South … Continued
Researchers from ETH Zürich and Google have revealed a new RowHammer attack called Phoenix, which is able to defeat the protections built into DDR5 memory modules. The team demonstrated that Phoenix could reliably trigger bit flips and escalate privileges on real DDR5 hardware, completing one exploit in as little as 109 seconds. This finding proves … Continued
A significant security breach has recently affected the npm ecosystem, compromising over 40 packages maintained by various developers. The attack involved the injection of a malicious script named bundle.js into these packages, enabling unauthorized access to sensitive credentials. The compromised packages were updated with a function called NpmModule.updatePackage. This function downloads the package’s tarball, modifies … Continued
A new AI-powered penetration testing tool called Villager has quickly gained attention in the cybersecurity world after being downloaded nearly 11,000 times from PyPI since its release in late July 2025. The tool is linked to a China-based group named Cyberspike, and experts are raising alarms because it could easily be misused by cybercriminals. Villager … Continued
