Everest Ransomware Targets Collins Aerospace, Claims September Airport Attacks
Overview On 24 September 2025, the Everest ransomware group publicly claimed responsibility for the cyberattack on Collins Aerospace, a subsidiary of RTX (Raytheon Technologies). The group has listed Collins Aerospace on its dark web leak site and posted a password-protected message addressed to the company’s CEO, suggesting active extortion efforts. Everest claims to have exfiltrated […]
Alleged Data of Vueling, Air Europa, and IBERIA Are on Sale
Overview Between 24 September and October 10, 2025, multiple listings appeared on dark web hacker forums advertising alleged customer and operational data belonging to Vueling, Air Europa, and IBERIA, three major Spanish airlines. The posts claim to offer large datasets for sale, with the sellers providing contact channels through Telegram and linking to Telegram groups […]
The Alleged Login Information of Airbus is on Sale
Overview On October 4th 2025, dark web monitoring revealed a forum post advertising alleged login credentials for Airbus internal systems. The seller claimed to possess multiple sets of credentials linked to Airbus accounts that could potentially grant access to internal applications, engineering resources, or administrative platforms. Although the seller acknowledged that the logins were “not […]
Alleged Path Traversal Exploit for Deutsche Rettungsflugwacht (DRF) on Sale
Overview Dark web monitoring on 26 September 2025 uncovered an advertisement offering a path traversal exploit allegedly targeting Deutsche Rettungsflugwacht (DRF), also known as the German Air Rescue Service. DRF is a critical component of Germany’s emergency medical aviation network, providing 24/7 air ambulance operations across Europe. The seller claimed that the exploit could be […]
The Alleged Database of Hélity Copter Airlines is on Sale
Overview On 21 September 2025, a dark web forum advertisement surfaced claiming to hold the customer database of Hélity Copter Airlines, a small regional operator connecting Spain with Morocco and other nearby destinations. The seller alleged that the database contained approximately two million records of passenger data, including sensitive personally identifiable information (PII). If authentic, […]
Heathrow Cyberattack Triggers Airport Chaos Across Europe
Overview On 19 September 2025, a ransomware attack struck Collins Aerospace, a critical IT supplier for airlines. The incident affected check-in and bag-drop systems across multiple European airports, including London Heathrow. While flights continued, automated passenger-processing systems were degraded, forcing airports to revert to manual handling. The disruption led to significant delays, long queues, and […]
Nordavia Regional Airlines: Alleged Sale of 40 Million User Records
Overview On 6 August 2025, cyber threat intelligence sources identified a dark web forum listing advertising the sale of an alleged 40 million–record database belonging to Nordavia Regional Airlines. The seller claims the dataset is in CSV format (~1 GB in size) and contains extensive passenger and operational data, including contact details, emergency contacts, and […]
Corporación América Airports Data Allegedly Leaked: Executives, Users, and Systems Exposed!
Overview On 7 August 2025, dark web monitoring sources reported the alleged leak of sensitive corporate and operational data belonging to Corporación América Airports (CAAP), a multinational private airport operator managing airports across Latin America, Europe, and Armenia. The leaked dataset reportedly contains: This breach represents a multi-vector threat that could impact corporate governance, airport […]
Half a Million Turkish Airlines Passenger Details Hit the Dark Web
Overview On 13 May 2025, a hacker forum listing was identified advertising the alleged sale of a Turkish Airlines customer database. The dataset reportedly contains 499,689 customer records, sized at 26.5 MB in CSV format, and is priced at $420 USD. The leaked records include names, phone numbers, booking numbers, loyalty IDs, and customer codes. […]
Hackers Seek Aviation Insiders in New Dark Web Campaign
Overview On 6 August 2025, a dark web recruitment post was detected, specifically targeting employees and contractor intermediaries at airlines and airports across major European cities. The post promises “good income” in exchange for insider access or assistance in exfiltration, signalling a high risk of malicious insider recruitment aimed at compromising aviation infrastructure or data. […]
