swissinfo.ch - Swiss defence ministry funds domestic satellites with eye on sovereign communications network.
The first test satellite from the Geneva-based company Wisekey has been flying over Switzerland three times a day since January, with more to follow.
The satellite is not much larger than a desktop computer – a gray box equipped with panels. Wisekey launched the first test satellite for the Swiss army in January from California on a launch vehicle from Elon Musk’s company SpaceX.
Company founder and CEO Carlos Moreira confirmed this to Swiss public broadcaster SRF. “The satellite belongs to us. We lease it to the Swiss army through a partnership,” Moreira said.
Moreira’s company has been working with the army for three years. The next satellite is scheduled to be launched in June, with five more to follow. “Every time the satellite flies over Switzerland, we conduct tests,” said Moreira.
An important update and apology on the Expel blog, for a blog we published on PoisonSeed on July 17, 2025.
What we got wrong
The original post described a new form of phishing attack that allowed an attacker to circumvent a FIDO passkey protected login. It stated that this attacker used cross-device authentication to successfully authenticate while not in close proximity to the authenticating client device.
The evidence does show the targeted user’s credentials (username and password) being phished and that the attacker successfully passed password authentication for the targeted user. It also shows the user received a QR code from the attacker. This QR code, when scanned by a mobile device, initiates a FIDO Cross-Device Authentication flow, which according to FIDO specification requires local proximity to the device which generated the QR code (the WebAuthn client). When properly implemented, without proximity, the request will time out and fail.
So, at the time of the original post, Expel believed the attacker successfully completed the authentication workflow, resulting in access to protected resources. After discussing these findings with the security community, we understand that this is not accurate. The Okta logs show the password factor passing successfully, but all subsequent MFA challenges failed and the attacker is never granted access to the requested resource.
What we’re doing
We recognize that an attempted attack of this magnitude merits additional scrutiny beyond our typical technical blog review process.
We’re conducting a thorough review of our technical review processes. To enable proper scrutiny of our analysis, future posts will also include clear and transparent evidence alongside our findings.
In conclusion
Thank you for reading this far. We appreciate all of you and all the community members that have engaged with us. We especially appreciate the engagement from the FIDO Alliance and are happy to have the opportunity to clear up the misunderstanding we created. We value the defender community and know we missed the mark on this blog post. Thank you for allowing us the chance to fix it and thank you for the continued support.
We deeply apologize for any negative impact our mistake caused. Expel is committed to improving so it doesn’t happen again.
newsukraine.rbc.ua - Cyber specialists from Ukraine's Defense Intelligence (HUR) have carried out a large-scale special operation targeting the occupation authorities in Crimea.
According to a Ukrainian intelligence source speaking to RBC-Ukraine, the operation lasted several days.
A powerful DDoS attack effectively paralyzed the information systems and network infrastructure in Crimea.
While the Russian occupiers were scrambling to identify the cause of the government systems' failure, HUR cyber experts infiltrated the electronic accounts of the leadership of the occupation administration in temporarily occupied Crimea. They gained access to the following digital resources:
securityweek.com - LG Innotek LNV5110R security cameras are affected by a vulnerability that can be exploited for unauthenticated remote code execution.
Hundreds of LG security cameras are vulnerable to remote hacking due to a recently discovered flaw and they will not receive a patch.
The cybersecurity agency CISA revealed on Thursday that LG Innotek LNV5110R cameras are affected by an authentication bypass vulnerability that can allow an attacker to gain administrative access to the device.
The flaw, tracked as CVE-2025-7742 and assigned a ‘high severity’ rating, can allow an attacker to upload an HTTP POST request to the device’s non-volatile storage, which can result in remote code execution with elevated privileges, according to CISA.
LG Innotek has been notified, but said the vulnerability cannot be patched as the product has reached end of life.
Souvik Kandar, the MicroSec researcher credited by CISA for reporting the vulnerability, told SecurityWeek there are roughly 1,300 cameras that are exposed to the internet and which can be remotely hacked.
techcrunch.com - Google has suspended the account of phone surveillance operator Catwatchful, which was using the tech giant’s servers to host and operate the monitoring software.
Google’s move to shut down the spyware operation comes a month after TechCrunch alerted the technology giant the operator was hosting the operation on Firebase, one of Google’s developer platforms. Catwatchful relied on Firebase to host and store vast amounts of data stolen from thousands of phones compromised by its spyware.
“We’ve investigated these reported Firebase operations and suspended them for violating our terms of service,” Google spokesperson Ed Fernandez told TechCrunch in an email this week.
When asked by TechCrunch, Google would not say why it took a month to investigate and suspend the operation’s Firebase account. The company’s own terms of use broadly prohibit its customers from hosting malicious software or spyware operations on its platforms. As a for-profit company, Google has a commercial interest in retaining customers who pay for its services.
As of Friday, Catwatchful is no longer functioning nor does it appear to transmit or receive data, according to a network traffic analysis of the spyware carried out by TechCrunch.
Catwatchful was an Android-specific spyware that presented itself as a child-monitoring app “undetectable” to the user. Much like other phone spyware apps, Catwatchful required its customers to physically install it on a person’s phone, which usually requires prior knowledge of their passcode. These monitoring apps are often called “stalkerware” (or spouseware) for their propensity to be used for non-consensual surveillance of spouses and romantic partners, which is illegal.
Once installed, the app was designed to stay hidden from the victim’s home screen, and upload the victim’s private messages, photos, location data, and more to a web dashboard viewable by the person who planted the app.
TechCrunch first learned of Catwatchful in mid-June after security researcher Eric Daigle identified a security bug that was exposing the spyware operation’s back-end database.
The bug allowed unauthenticated access to the database, meaning no passwords or credentials were needed to see the data inside. The database contained more than 62,000 Catwatchful customer email addresses and plaintext passwords, as well as records on 26,000 victim devices compromised by the spyware.
The data also exposed the administrator behind the operation, a Uruguay-based developer called Omar Soca Charcov. TechCrunch contacted Charcov to ask if he was aware of the security lapse, or if he planned to notify affected individuals about the breach. Charcov did not respond.
With no clear indication that Charcov would disclose the breach, TechCrunch provided a copy of the Catwatchful database to data breach notification service Have I Been Pwned.
Catwatchful is the latest in a long list of surveillance operations that have experienced a data breach in recent years, in large part due to shoddy coding and poor cybersecurity practices. Catwatchful is by TechCrunch’s count the fifth spyware operation this year to have spilled users’ data, and the most recent entry in a list of more than two-dozen known spyware operations since 2017 that have exposed their banks of data.
As we noted in our previous story: Android users can identify if the Catwatchful spyware is installed, even if the app is hidden, by dialing 543210 into your Android phone app’s keypad and pressing the call button.
usine-digitale.fr - Un cybercriminel affirme avoir exfiltré des documents de type secret-défense appartenant à Naval Group. Les premières investigations de l'industriel français n'ont pas trouvé d'intrusion dans ses systèmes, mais l'enquête est toujours en cours.
Naval Group a annoncé, le 26 juillet, être la cible "d'une attaque réputationnelle" : un hacker affirme détenir des données classifiées et menace de les publier en ligne.
Aucune intrusion confirmée
Contacté par nos soins, l'industriel affirme "qu'aucune intrusion n'a été détectée dans [ses] systèmes informatiques", d'après les premiers résultats de son enquête interne, menée en collaboration avec les services de l'Etat. Il a également précisé que les investigations n'étaient pas terminées et qu'une plainte avait été déposée le 25 juillet. Les équipes sont en train de "vérifier dans les plus brefs délais l'authenticité, la provenance et l'appartenance des données concernées".
Des données potentiellement très sensibles
C'est le 23 juillet que le cybercriminel a posté sa revendication sur un forum, affirmant détenir des documents secret-défense appartenant à Naval Group. A titre de preuve, un premier lot de données d'environ 13 Go a été publié, rapporte Numerama. Ces fichiers comprendraient notamment des vidéos issues d'un système de surveillance sous-marin datant de 2003.
Plus grave, le hacker affirme être en possession du code source des systèmes de combat (CMS) pour sous-marins et frégates ainsi que de la typologie du réseau interne et de données techniques classifiées, selon le média Cybernews. Ces informations n'ont pas été confirmées par Naval Group.
numerama.com - Depuis le 23 juillet 2025, un cybercriminel prétend avoir en sa possession des documents secret défense appartenant à Naval Group. À moins de 24 heures de l’échéance fixée par le corbeau virtuel, le leader européen du naval de défense confirme avoir détecté un potentiel incident, mais précise qu’une enquête est en cours afin d’évaluer précisément la menace.
Coup de bluff ou réelle menace ? Depuis le 23 juillet 2025, un hacker dissémine au compte-goutte ce qu’il assure être des extraits de documents top-secrets appartenant à Naval Group. Échanges confidentiels, accès à des machines virtuelles, documents techniques, le cybercriminel assure détenir une mine d’or de données, couvrant principalement la période 2019-2024.
Sur un célèbre forum du Dark Web, le maitre-chanteur fanfaronne : les données ne sont pas à vendre, il souhaite être contacté directement par Naval Group avant le 26 juillet 2025. Si sa demande reste pour morte, il diffusera l’ensemble des documents gratuitement sur la plateforme.
Contacté par nos confrères de La Tribune, Naval Group confirme qu’un potentiel incident a été détecté par leurs équipes techniques mais que, pour l’heure, l’ampleur réel de la menace reste à déterminer.
Un chantage aux enjeux majeurs
Il demeure difficile d’évaluer avec précision le niveau de risque posé par ce chantage. Un premier lot de données d’environ 13 Go a été publié le 23 juillet 2025 à titre de preuve. Certains fichiers, comme des vidéos provenant d’un système de surveillance sous-marin datant de 2003, n’ont rien de décisif en matière de sécurité. Leur but semble avant tout de rendre crédible la menace, en montrant que le hacker détient bien des documents internes de Naval Group.
Si la véracité de la fuite se confirme, cet incident constituerait un risque majeur non seulement pour Naval Group, mais aussi pour la sécurité nationale française.
L’exposition du code source du CMS, le système informatique central pilotant les opérations des bâtiments militaires, ouvrirait la voie à des vulnérabilités critiques exploitables par des États ou groupes hostiles. De tels incidents obligeraient notamment à la mise en place de contre-mesures pour limiter les risques d’exploitation.
Enquête en cours et mobilisation des autorités
Le géant français semble en tout cas prendre la menace au sérieux et annonce travailler directement avec les autorités françaises pour lever le voile sur cette affaire. Une enquête est en cours.
Naval Group, joue un rôle stratégique majeur dans l’industrie de défense française et européenne. Il conçoit notamment les sous-marins nucléaires, frégates de combat et le porte-avions Charles de Gaulle.
nbcnews.com - Hackers have breached the Tea app, which went viral as a place for women to talk about men, and tens of thousands of women’s photos have now been leaked online.
A spokesperson confirmed the hack Friday afternoon. The company estimates that 72,000 images, including 13,000 verification photos and images of government IDs, were accessed.
Tea is designed to function as a virtual whisper network for women, allowing them to upload photos of men and search for them by name. Users can leave comments describing specific men as a “red flag” or “green flag,” and share other information about them.
It’s recently gained such popularity that it became the top free app in the Apple App Store this week. The app claimed Thursday to have recently gained nearly a million new signups.
Signing up for Tea requires users to take selfies, which the app says are deleted after review, to prove they are women. All users who get accepted are promised anonymity outside of the usernames they choose. Taking screenshots of what’s in the app is also blocked.
The hacker accessed a database from more than two years ago, the Tea spokesperson said, adding that “This data was originally stored in compliance with law enforcement requirements related to cyberbullying prevention.”
The Tea spokesperson said that the company has hired third-party cybersecurity experts and is “working around the clock to secure our systems.”
reuters.com - Russian airline Aeroflot was forced to cancel more than 50 round-trip flights on Monday, disrupting travel across the world's biggest country, as two pro-Ukraine hacking groups claimed to have inflicted a crippling cyberattack.
MOSCOW, July 28 (Reuters) - Russian airline Aeroflot (AFLT.MM), opens new tab was forced to cancel more than 50 round-trip flights on Monday, disrupting travel across the world's biggest country, as two pro-Ukraine hacking groups claimed to have inflicted a crippling cyberattack.
The Kremlin said the situation was worrying, and lawmakers described it as a wake-up call for Russia. Prosecutors confirmed the disruption at the national flag carrier was caused by a hack and opened a criminal investigation.
Senior lawmaker Anton Gorelkin said Russia was under digital attack.
"We must not forget that the war against our country is being waged on all fronts, including the digital one. And I do not rule out that the ‘hacktivists’ who claimed responsibility for the incident are in the service of unfriendly states," Gorelkin said in a statement.
Another member of parliament, Anton Nemkin, said investigators must identify not only the attackers but "those who allowed systemic failures in protection".
Aeroflot did not say how long the problems would take to resolve, but departure boards at Moscow's Sheremetyevo Airport turned red as flights were cancelled at a time when many Russians take their holidays.
The company's shares were down by 3.9% by 1533 GMT, underperforming the wider market, which was 1.3% lower.
A statement purporting to be from a hacking group called Silent Crow said it had carried out the operation together with Belarusian Cyberpartisans, a self-styled hacktivist group that opposes president Alexander Lukashenko and says it wants to liberate Belarus from dictatorship.
therecord.media - Prosecutors said Chapman helped the North Korean IT workers obtain jobs at 309 companies, including a major television network, a car maker, a media company, a Silicon Valley technology company and more.
A U.S. District Court judge sentenced an Arizona woman to eight and a half years in prison for running a laptop farm used by North Korea’s government to perpetrate its IT worker scheme.
Christina Chapman pleaded guilty in February to wire fraud, money laundering and identity theft after the FBI discovered she was an instrumental cog in a wider campaign to get North Koreans hired in six-figure IT roles at prominent companies.
Prosecutors said Chapman helped the North Korean IT workers obtain jobs at 309 companies, including a major television network, a car maker, a media company, a Silicon Valley technology company and more. Members of the same group unsuccessfully tried to get employed at two different U.S. government agencies.
After North Korean officials obtained employment using fake identities, work laptops were sent to a home owned by Chapman, where she enabled the workers to connect remotely to the U.S. companies’ IT networks on a daily basis.
The FBI seized more than 90 laptops from Chapman’s home during an October 2023 raid. In addition to hosting the laptops and installing software that allowed the North Koreans to access them remotely, she also shipped 49 laptops to locations overseas, including multiple shipments to a Chinese city on the North Korean border.
In total, Chapman’s operation helped generate $17 million for the North Korean government. Security companies and law enforcement have not said how many laptop farms they estimate are scattered across North America and Europe but the DOJ called Chapman’s case “one of the largest North Korean IT worker fraud schemes charged by the Department of Justice.”
Her part of the operation involved 68 stolen identities and she reported millions in income to the IRS under the names of the people who had their identity stolen.
She forged payroll checks with the fake identities and typically managed the wages received from U.S. companies through direct deposit. She would then transfer the earnings to people overseas.
District Court Judge Randolph Moss ordered the 50-year-old Chapman to serve a 102-month prison term and three years of supervised release. She will have to forfeit nearly $300,000 that she planned to send to North Korea before her arrest and will pay a fine of more than $175,000.
Chapman was arrested last May as part of a wider takedown of North Korea’s scheme to have hundreds of their citizens hired at unwitting U.S. companies in IT positions.
Chapman was initially charged alongside a 27-year-old Ukrainian, Oleksandr Didenko, for helping at least three workers who operated under the aliases Jiho Han, Chunji Jin and Haoran Xu. The three were hired as software and applications developers with companies in a range of sectors and industries.
U.S. State Department officials said the three North Koreans assisted by Chapman and Didenko “are linked to the DPRK’s Munitions Industry Department, which oversees the development of the DPRK’s ballistic missiles, weapons production, and research and development programs.”
Didenko was arrested in Poland last year and the U.S. is seeking his extradition.
