14.07.25 Threat Report

This week’s Threat Report spotlights the growing risks facing both everyday technology users and major global brands. From state-linked insider threats and eSIM vulnerabilities to the widespread exposure of personal data and critical car system flaws, these incidents demonstrate how attackers are evolving rapidly.

1. US Airman Admits Leaking Military Secrets via Dating App

A US Air Force cyber defence analyst has pleaded guilty to leaking classified military intelligence through a dating app, raising alarm over insider threats in highly sensitive environments.

Details:

• Senior Airman Aaron Bushnell, assigned to the 70th Intelligence, Surveillance and Reconnaissance Wing, used a foreign-based dating platform to share national defence information.

• He admitted to knowingly transmitting this information to an individual he believed was affiliated with a foreign government.

• The case was uncovered by the FBI and the Air Force Office of Special Investigations (AFOSI) and reveals gaps in vetting and insider threat detection protocols.

Potential Impact:

• Compromised national security and defence intelligence

• Highlights vulnerability of military staff to foreign social engineering tactics

• Increased scrutiny over insider threat monitoring across critical infrastructure

Recommendation:

• Strengthen internal threat monitoring protocols for privileged access users

• Educate personnel on risks of online platforms and foreign liaisons

• Regularly update threat detection systems to flag unusual outbound communications

• Implement behaviour-based monitoring across sensitive roles

2. eSIM Vulnerability in Kigen’s eUICC Could Expose Global IoT Infrastructure

A critical vulnerability in Kigen's embedded Universal Integrated Circuit Cards (eUICC)—widely used in IoT devices—could allow remote attackers to take control of devices through the cellular network infrastructure.

Details:

• Tracked as CVE-2024-39941, the flaw resides in the eIM (eSIM Interoperability Module) used in Kigen’s firmware.

• Attackers could potentially hijack mobile sessions, extract data, and impersonate devices in cellular networks.

• Millions of IoT devices—particularly in medical, industrial, and automotive sectors—could be affected.

Potential Impact:

• Mass-scale IoT disruption through cellular network exploits

• Device spoofing and data interception across healthcare and industrial control systems

• Undermining of network-based device identity verification

Recommendation:

• Urgently apply firmware patches provided by Kigen

• Audit IoT devices for affected firmware versions

• Segment network access for IoT devices

• Work with mobile network providers to monitor for anomalies in eSIM communications

3. McDonald’s Chatbot Recruitment Platform Leaks 64 Million Job Applications

Security researchers have disclosed that a recruitment chatbot used by McDonald’s exposed over 64 million job applications via a misconfigured cloud storage bucket.

Details:

• The breach occurred on the “McHire” platform, hosted by third-party firm Paradox.ai.

• Data exposed includes names, addresses, CVs, employment history, and contact details.

• Files were indexed by public search engines and remained accessible for months before being taken offline.

Potential Impact:

• Identity theft and phishing risks for millions of past job applicants

• Regulatory penalties due to failure to comply with data protection laws (e.g., GDPR, CCPA)

• Damaged trust in both McDonald’s and its third-party vendor

Recommendation:

• Review third-party vendor access and cloud storage security policies

• Enforce role-based access controls and public file indexing restrictions

• Notify affected users and conduct a full forensic analysis

• Train HR and marketing teams on responsible data handling

4. Millions of Cars Vulnerable to Remote Hacking via “PerfektBlue” Exploit

Researchers have identified a new attack framework dubbed “PerfektBlue” which leverages multiple zero-days across various vehicle infotainment and telematics systems to achieve full remote compromise of modern vehicles.

Details:

• The attack affects vehicles manufactured between 2015 and 2024 across multiple brands.

• Exploits include remote code execution in head units, CAN bus manipulation, and GPS spoofing.

• Attackers could disable alarms, track vehicles, hijack control systems, and unlock doors remotely.

Potential Impact:

• Endangerment of driver safety through remote control of vehicle functions

• Massive risk to fleets using affected models (e.g., healthcare transport services)

• Regulatory scrutiny on automotive cybersecurity compliance

Recommendation:

• Contact vehicle manufacturers for patch status and apply available firmware updates

• Disable remote features if unnecessary or until patched

• Conduct vehicle penetration tests as part of procurement and compliance processes

• Lobby for stricter software assurance in automotive supply chains

This week’s headlines reflect a sobering reality: cyber risks are infiltrating not just enterprise IT, but everyday tools, vehicles, and job applications. For digital health organisations, especially those leveraging IoT, connected transport, and third-party systems, vigilance is more important than ever.

Stay ahead of emerging cyber threats with real-time insights from Periculo’s Threat Intelligence. Our updates provide you with critical information on the latest vulnerabilities, attacks, and security trends, all designed to help you protect your business and make informed decisions. Contact Us for more details.