Tech support scam caused massive data breach at Australian airline Qantas
It’s possible to leak PII describing 5.7 million people without breaching privacy rules
Stay informed on aviation cybersecurity trends, threats to aircraft systems, and airport security measures with the latest news and expert insights.
Search across headline titles and summaries.
Background for this topic.
Aviation encompasses the operation and support of aircraft, including flight control systems, air traffic management, and airport infrastructure. These systems rely on real-time data exchange for navigation, communication, and passenger processing, requiring continuous availability and data integrity to maintain safe and orderly air travel.
Information security in aviation focuses on preventing unauthorized access to avionics and air traffic control networks, which could disrupt flight operations or compromise safety. Key risks include manipulation of navigation data, interference with pilot-controller communications, and exposure of sensitive passenger information. Defenses emphasize strict access controls, network segmentation between operational and administrative systems, and monitoring for anomalies that could indicate cyber threats affecting flight safety or operational continuity.
Weekly headline count for the current query.
It’s possible to leak PII describing 5.7 million people without breaching privacy rules
Appeal Faces Steep Statistical Odds Given Previous Court RulingsPassengers affected by the July 2024 CrowdStrike outage are making a longshot bid to get their case reheard en banc, arguing that claims tied to the vendor's allegedly defective software update involve traditional negligence issues under state law rather than airline services.
Iran's Nimbus Manticore pushes AI-built MiniFast backdoor via phishing and SEO poisoning
The Iranian state-sponsored threat actor known as Nimbus Manticore (aka Screening Serpens and UNC1549) has been attributed to a fresh campaign using lures impersonating organizations in the aviation and software sectors across the U.S., Europe, and the Middle East following the joint U.S.-Israeli military campaign against the country in late February 2026
Unit 42 Says Iranian Operators Target Aerospace and Government StaffPalo Alto Networks' Unit 42 said Iran-linked operators tied to Screening Serpens are using fake recruiting campaigns, cloned aerospace hiring portals and malware-laced job materials to infiltrate defense, satellite communications and government networks.
The campaign quietly compromises aerospace and drone operators to exfiltrate GIS files, terrain models, and GPS data and gain a clear picture of adversaries' world view.
French Vendor's QShield Offering Protects Edge Systems From Reverse EngineeringAircraft manufacturer Airbus plans to acquire 100-person French cybersecurity vendor Quarkslab to strengthen sovereign European defenses by protecting aerospace and defense software, data and edge systems from AI-driven reverse engineering and exploitation.
Stolen airline miles are converted into flights and hotel stays, then resold as discounted travel. Flare shows how cybercriminals and underground markets treat loyalty accounts like tradable currency. [...]
High-value organizations located in South, Southeast, and East Asia have been targeted by a Chinese threat actor as part of a years-long campaign
Crim used infostealer to get cloud credentials If you don't say "yes way" to MFA, the consequences can be disastrous. Sensitive data belonging to about 50 global enterprises is listed for sale – and, in some cases, has already been sold – on the dark web following a major infostealer campaign, with apparent victims including American utility engineering firm Pickett and Associates; Japan's homebuilding giant Sekisui House; and Spain's largest airline Iberia.…
Countries that banded together to challenge Boeing in the air try to do the same to AWS, Microsoft, and Google on the ground Feature More than half a century ago, a consortium of European aerospace businesses from the UK, France, Germany and Spain joined forces to take on America's Boeing. Fast forward to the 21st century and the countries are applying the same model needs to the world of cloud computing, giving the continent a fighting chance to reduce the digital domination of Big Tech.…
Extra infosec investments are taxiing towards the runway India’s Civil Aviation Minister has revealed that local authorities have detected GPS spoofing and jamming at eight major airports.…
Spanish airline Iberia has begun emailing its customers about a supplier data breach
Spanish flag carrier Iberia has begun notifying customers of a data security incident stemming from a compromise at one of its suppliers. The disclosure comes days after a threat actor claimed on hacker forums to have access to 77 GB of data allegedly stolen from the airline. [...]
Hacking Group Deploys Raft of Custom Malware VariantsAn Iranian state hacking group with a history of targeting aerospace, aviation and defense industries across the Middle East has improved its tooling with multiple custom malware variants, warned Google. The group, tracked as UNC1549, is suspected of ties to the Iranian Revolutionary Guard Corps.
Researchers say Israel remains a central focus, with UNC1549 targeting aerospace and defense entities in the US, the UAE, Qatar, Spain, and Saudi Arabia.
Suspected espionage-driven threat actors from Iran have been observed deploying backdoors like TWOSTROKE and DEEPROOT as part of continued attacks aimed at aerospace, aviation, and defense industries in the Middle East
Skies are open for mischief as hard-to-trace drones and fast-moving cyber raids promise new wave of disruption Britain's aviation watchdog has warned it's only a matter of time before organized drone attacks bring UK airports to a standstill.…
NAV Canada CISO Tom Bornais on Keeping IT and OT Systems RunningWith threats targeting aviation infrastructure, NAV Canada CISO Tom Bornais explained how his team focuses on building resilience rather than chasing perfection. He outlined why internal alignment, incident simulation and supply chain security are critical to defending IT and OT systems.
Everest Extortion Group Lists Dublin AirportA Russian data extortion group threatened Sunday to release passenger data putatively stolen from the Dublin Airport days after its operator said it investigated a breach stemming from a September cybersecurity incident that affected airports across Europe.