- Neeve
- Posts
- ✈️Collins Hack Grounds EU Airports
✈️Collins Hack Grounds EU Airports
Fines, leaks, and hacks—key cyber updates
Alison Bridge
September 23, 2025
Welcome to your essential briefing on threats at the intersection of cybersecurity and critical infrastructure, brought to you by Neeve, the edge cloud security platform for smart buildings, making built spaces secure, intelligent, and sustainable.
This Week’s Cyber Insights
A cyberattack on Collins Aerospace disrupted check-in and boarding systems at major European airports, forcing manual operations and causing widespread flight delays at Heathrow, Brussels, and Berlin.
Collins Aerospace Muse software targeted, affecting electronic check-in and baggage drop systems
Incident began Friday night, continued impacting operations through Saturday
Heathrow, Brussels, and Berlin airports most severely affected with extended waiting times
29 flight cancellations reported across the three airports, with hundreds more flights scheduled
RTX (Collins' parent company) attempted to downplay severity, calling impact "limited"
🤔 The Bigger Picture:
The incident exposes critical vulnerabilities in aviation infrastructure's reliance on centralized software providers. Collins Aerospace provides systems for commercial, business, and military aircraft globally, making it a high-value target. Single points of failure in aviation technology can cascade across multiple airports simultaneously, highlighting the need for robust backup systems and security controls in transportation infrastructure.
Canada's operational technology systems protecting critical infrastructure remain dangerously exposed as cyber incidents affecting these systems surge 49% year-over-year, with the nation lacking comprehensive federal cybersecurity frameworks.
73% of reported cyber incidents in Canada affected OT systems in 2024, up from 49% the previous year
Canada lacks national OT cybersecurity strategy unlike peer nations including US, UK, and Germany
Critical Cyber Systems Protection Act (CCSPA) in Bill C-8 remains unenacted, leaving no federal framework
Energy grid operators track 60 new vulnerabilities daily across power infrastructure
Small and mid-sized operators lack expertise and budget for adequate OT defense
🤔 The Bigger Picture:
OT systems control electricity, pipelines, mining equipment, ports, and hospital systems across Canada. As IT and OT converge, a single phishing email can cascade into industrial shutdowns, affecting public safety and human lives. The attack surface is massive, and the consequences of inaction jeopardize economic output and Canadian safety.
The Cybersecurity and Infrastructure Security Agency warns of sophisticated malware campaigns actively exploiting critical Ivanti Endpoint Manager Mobile vulnerabilities to achieve complete system compromise across enterprise mobile device management infrastructure.
Threat actors actively exploiting CVE-2025-4427 (authentication bypass) and CVE-2025-4428 (code injection)
Attack campaign began May 15, 2025, shortly after Ivanti disclosed vulnerabilities on May 13
All Ivanti EPMM versions affected including 11.12.0.4 and prior, 12.3.0.1 and prior, 12.4.0.1 and prior, 12.5.0.0 and prior
Attackers chain vulnerabilities targeting /mifs/rs/api/v2/ endpoint using malicious HTTP GET requests
Two distinct malware sets identified with sophisticated persistence mechanisms and AES-encrypted communication
🤔 The Bigger Picture:
Mobile device management systems are increasingly critical for organizations managing both IT and OT environments. These attacks demonstrate how enterprise mobility infrastructure becomes a gateway for broader network compromise, particularly concerning for industrial environments where mobile devices control operational technology systems.
Further Alerts & Insights
⛽ Critical Vulnerabilities Found in Dover Fuel Management Devices
Dover Fueling Solutions' ProGauge MagLink LX4 devices contain critical vulnerabilities with a CVSS v4 score of 9.3. The flaws are remotely exploitable with low attack complexity, potentially allowing unauthorized access to sensitive fueling operations across multiple device models.
⚡ Hitachi Energy Service Suite Faces Critical Security Flaw
A critical vulnerability scoring 9.3 on CVSS v4 has been identified in Hitachi Energy Service Suite, involving deserialization of untrusted data. The remotely exploitable flaw with low attack complexity puts organizations at risk of unauthorized access and potential data breaches.
🤖 SystemBC Botnet Compromises 1,500 Commercial Servers Daily
Lumen Technologies researchers document botnet operation compromising 1,500 commercial Virtual Private Servers daily for criminal proxy infrastructure.
🚔 US Charges UK Teen in $100M Ransomware Campaign
Thalha Jubair, 19, faces US charges for his role in a yearslong hacking spree that targeted 47 American organizations, resulting in over $100 million in ransom payments. The case highlights the global scale of cybercrime and the need for enhanced international cooperation to combat organized cybercriminal activities.