CCTR.49.DEC.25
Monday morning cyber coffee read CCTR.49.DEC.25
A recent A320 Family incident showed that intense solar radiation can corrupt flight-critical control data and Airbus has identified many in-service aircraft that may be vulnerable. In one case, an A320 briefly pitched down uncommented while the autopilot was engaged, with analysis pointing to a faulty Elevator Aileron Computer as a likely contributing factor to this control anomaly.
EASA has now issued an Emergency alert, requiring immediate replacement of affected ELAC units to prevent unsafe elevator movements and protect aircraft structural integrity.
If the pilot called Airbus IT support, I could only imagine the first question was, “Have you tried turning the aircraft off and on again?”
EASA https://ad.easa.europa.eu/ad/2025-0268-E
External calendar subscriptions are designed to silently push events into a user’s schedule but this legitimate feature creates a hidden security risk. Threat actors can exploit it by tricking users into subscribing to malicious calendars that deliver harmful links, attachments or social engineering lures at scale.
Bitsight identified more than 390 abandoned / expired domains still receiving Calendar sync requests from around 4 million devices, meaning millions of calendars continue polling servers that no longer exist or could be hijacked. Attackers can weaponise these domains and push malicious events without any further user interaction.
This issue is not a flaw in Calendar software itself, the risk comes from the trusted but unmonitored behaviour of third-party calendar subscriptions.
Audit and remove unused calendar subscriptions across all devices. Monitor for suspicious calendar activities.
Educate staff that calendar events can contain links and malicious payloads.
https://www.bitsight.com/blog/hidden-dangers-calendar-subscriptions-4-million-devices-risk
A critical authentication bypass (CVE-2025-49752) in Microsoft Azure Bastion allowed remote attackers to gain full administrative access to Azure virtual machines with a single network request. Azure Bastion is widely used to provide secure RDP/SSH access without exposing VMs to the internet, the flaw posed a severe risk, enabling full takeover of cloud workloads and potential lateral movement across Azure environments. All Azure Bastion deployments prior to the 20 November 2025 security update were affected.
Monitor Azure VM integrity for tampering, credential harvesting, or lateral movement.
Review incident response playbooks for cloud-based authentication bypass scenarios.
Last updated