Russian ransomware operators Qilin have claimed to have broken into the Tulsa International Airport and stolen an unspecified amount of sensitive company data.
A report from Cybernews says the group recently added the airport to their data leak site, and included 18 samples as proof of their claims. The researchers analyzed the samples, finding it included C-suite emails, as well as email correspondence between executives and “high-level banking officials” outside the airport. The data also apparently includes copies of employee IDs, driver’s licenses, and passports, but also annual budget and revenue spreadsheets, confidentiality and non-disclosure agreements, telehealth reports, governance meeting minutes,etc.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Threat Actors Spoofing FIFA Websites in Advance of the 2026 World Cup
May 27, 2026
The FBI is issuing this Public Service Announcement (PSA) to warn the public that cyber threat actors are conducting spoofing attacks against the Fédération Internationale de Football Association (FIFA) website in advance of the 2026 FIFA World Cup. A spoofed website is designed to pose as a legitimate website, with branding, product listings, etc., and malicious ...
- Industrial robots targeted by malware, which could open them up to hacking
May 25, 2026
A critical command injection vulnerability has been discovered in Universal Robots PolyScope 5, the operating system whucg powers the company’s collaborative robots. The flaw, tracked as CVE-2026-8153, carries a CVSS score of 9.8 and affects all software versions prior to PolyScope 5.25.1. This vulnerability could lead to complete compromise of the robot controller, affecting the confidentiality, integrity, and availability ...
- Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload
May 22, 2026
In 2025, Kaspersky observed pervasive SSH tunnel activity, which has remained active into 2026, affecting many government organizations and commercial companies in Russia and Belarus. Behind some of this activity is Cloud Atlas, a group which was known to Kaspersky researchers since 2014. During the investigation, the researches identified new tools used by this group, as ...
- ROADtools and Nation-State Tactics in the Cloud
May 22, 2026
ROADtools is a publicly available toolkit for offensive and defensive security purposes that attackers have integrated into cloud attacks. The tool is designed to: Enumerate Entra ID Register devices in Entra ID Acquire, exchange and manipulate Microsoft Entra ID tokens ROADtools is an open-source framework written in Python and built for red-teaming and research. It primarily targets the identity and ...
- Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns
May 22, 2026
Unit 42 researchers have observed evidence of cyberattacks by the Iran-nexus advanced persistent threat (APT) group Screening Serpens (aka UNC1549, Smoke Sandstorm and Iranian Dream Job). Based on Unite 42 visibility, researchers believe that the group targeted entities in the U.S., Israel and the United Arab Emirates, and likely two additional Middle Eastern entities. This research follows ...
- Cybercriminal VPN used by ransomware actors dismantled in global crackdown
May 21, 2026
A VPN service used by cybercriminals to conceal ransomware attacks, data theft, and other serious offences has been dismantled in an international operation led by France and the Netherlands, with support from Europol and Eurojust. For years, the service, known as ‘First VPN’, was promoted on Russian-speaking cybercrime forums as a trusted tool for remaining beyond ...