Canary Trap’s Bi-Weekly Cyber Roundup
Welcome to Canary Trap’s Bi-Weekly Cyber Roundup. Our mission is to keep you informed with the most pressing developments in the world of cybersecurity. This digest serves as your gateway to critical updates and emerging threats across the industry.
In this week’s cybersecurity roundup, we examine major incidents and emerging threats shaping the global landscape, from higher education institutions grappling with data breaches to legal action against international retailers over alleged data theft. We also highlight critical vulnerability patches, new revelations of GPS spoofing activity at major airports, and China’s expanding research into satellite internet disruption. These developments underscore the urgency of staying informed and resilient in an increasingly complex digital environment.
- University of Phoenix Discloses Data Breach After Oracle Hack
The University of Phoenix has become the latest U.S. institution swept up in a Clop-linked data theft campaign exploiting vulnerable Oracle E-Business Suite systems throughout August 2025.
The school, founded in 1976 and serving more than 100,000 students, confirmed the breach this week through a public notice and a corresponding SEC 8-K filing from its parent company, Phoenix Education Partners.
According to the university, attackers leveraged a previously unknown zero-day flaw in Oracle EBS’s financial modules, allowing them to steal sensitive personal and financial data tied to students, staff, faculty, and suppliers. UoPX discovered the intrusion on November 21, shortly after the extortion group listed the university on its leak site.
The compromised data includes names, contact details, dates of birth, Social Security numbers, and bank account information. The school says it is still reviewing affected records and will notify impacted individuals via mailed letters.
While UoPX has not officially named the threat actor, the attack aligns with a broader Clop campaign abusing the same Oracle EBS zero-day (CVE-2025-61882). Over recent months, the group has hit multiple universities, including Harvard and the University of Pennsylvania, as well as major corporations like GlobalLogic, Logitech, The Washington Post, and Envoy Air.
Clop is known for high-impact data theft operations, previously exploiting flaws in tools such as GoAnywhere MFT, Accellion FTA, Cleo, and MOVEit Transfer.
This incident comes amid a separate wave of voice-phishing intrusions targeting U.S. universities since late October, with several institutions reporting unauthorized access to systems containing donor, alumni, and staff information.
- Arizona Attorney General Sues Chinese Online Retailer Temu Over Data Theft Claims
Arizona Attorney General Kris Mayes has filed a lawsuit against Temu and its parent company, PDD Holdings, accusing the bargain-shopping app of secretly collecting extensive user data and misleading customers about product quality.
According to Mayes, Temu gathers an alarming amount of sensitive information without proper consent, including precise GPS data and even a list of other apps installed on a user’s device. The lawsuit also raises national-security concerns, noting that Chinese law could force the company to share data with government authorities. Prosecutors further claim the app’s code appears intentionally engineered to bypass security reviews.
“It can track everywhere you go, from medical offices to political events,” Mayes said, calling it potentially the most serious violation of Arizona’s Consumer Fraud Act to date.
The suit also alleges that Temu has infringed on local brands’ intellectual property, including designs tied to the Arizona Cardinals and Arizona State University. Other states, including Kentucky, Nebraska, and Arkansas, have filed similar actions in recent years.
Investigators in Arizona report that a forensic analysis uncovered code resembling malware or spyware, capable of quietly extracting data from user devices. They also found remnants of previously banned code from earlier versions of the app.
Mayes urged residents to delete their Temu accounts, remove the app, and run malware scans. She also pushed for stronger federal action to counter foreign influence in the tech sector, saying the concerns raised about Temu surpass those previously directed at TikTok.
- Chrome 143 Patches High-Severity Vulnerabilities
Google has released Chrome 143 to the stable channel, delivering patches for 13 vulnerabilities reported by external researchers. Four of the issues are rated high severity, including a type-confusion bug in the V8 JavaScript/WebAssembly engine (CVE-2025-13630). Google awarded $11,000 for that report, along with $3,000 for a separate high-severity flaw in Google Updater (CVE-2025-13631).
Other high-risk fixes address improper implementations in DevTools (CVE-2025-13632) and a use-after-free issue in Digital Credentials (CVE-2025-13633).
Chrome 143 also resolves three medium-severity problems, an implementation flaw in Downloads, a casting issue in Loader, and a V8 race condition, plus six lower-severity bugs spanning Downloads, Split View, WebRTC, Passwords, and Media Stream. Google confirmed $18,000 in total rewards for four of the reported issues, with additional payouts still pending.
There is currently no indication that any of the vulnerabilities have been exploited in active attacks.
Chrome 143 is rolling out as version 143.0.7499.40 for Linux, 143.0.7499.40/41 for Windows and macOS, 143.0.7499.52 for Android, and 143.0.7499.92 for iOS. Google also updated the Extended Stable release to 142.0.7499.226 for Windows and macOS.
As always, users and organizations should update promptly, Chrome vulnerabilities remain attractive targets for threat actors.
- Indian Government Reveal GPS Spoofing at Eight Major Airports
India’s Civil Aviation Minister has disclosed that authorities have detected GPS spoofing and jamming attempts at eight major airports across the country.
In a written statement to parliament, Minister Ram Mohan Naidu Kinjarapu confirmed recent spoofing activity targeting Delhi’s Indira Gandhi International Airport, along with recurring incidents since 2023 at airports in Kolkata, Amritsar, Mumbai, Hyderabad, Bangalore, and Chennai.
GPS jamming works by overwhelming satellite signals with stronger radio transmissions, while spoofing involves broadcasting false location data to mislead navigation systems. Both techniques can disrupt aircraft relying on satellite-based navigation, forcing pilots to fall back on traditional methods.
A high-profile jamming incident in August 2025, affecting a flight carrying European Commission president Ursula von der Leyen, highlighted the real-world impact of such interference. The EU attributed that event to Russia.
While Minister Naidu did not comment on who may be behind the incidents in India, he emphasized that no damage occurred. The Airports Authority of India (AAI) has tasked the national Wireless Monitoring Organization with identifying the source of the interference.
The minister also noted that the AAI is rolling out advanced cybersecurity measures across its IT infrastructure, acknowledging the growing threat of ransomware and other cyberattacks in the aviation sector. He added that defenses are continuously updated as new risks emerge.
- China Researches Ways to Disrupt Satellite Internet
Beijing is increasingly studying how to disrupt or jam large satellite networks. A recent academic paper from two major Chinese universities, highlighted by the South China Morning Post, argues that networks like Starlink can be jammed, but only with massive resources. According to the researchers, cutting off Starlink service across an area the size of Taiwan could require between 1,000 and 2,000 jamming drones.
For governments and satellite operators, the message is clear: satellite connectivity will be an early target in any major conflict in Asia, says Clémence Poirier of ETH Zürich’s Center for Security Studies. She warns that space companies must improve monitoring, segment civilian and military traffic, and refresh their threat models.
Low-earth-orbit (LEO) constellations have become indispensable, offering resilient connectivity for rural regions, disaster zones, and militaries. That usefulness also makes them attractive targets. GNSS spoofing and jamming are now routine around conflict areas, and researchers, as well as state-backed hackers, are increasingly probing satellites for cyber weaknesses. Even criminal groups leverage satellite links for harder-to-disrupt communications.
Cyber and electronic-warfare operations are the preferred tools for targeting satellites, says Clayton Swope of CSIS. Unlike kinetic attacks, they carry less risk of collateral damage or uncontrolled escalation.
Still, large LEO constellations are tough to knock offline. Starlink fields nearly 9,000 satellites, and Taiwan has already partnered with Eutelsat OneWeb’s 600-plus-satellite network as a redundancy measure. The Chinese study published in November explored how coordinated, distributed jammers might disrupt these downlinks, a sign of China’s growing focus on “precision warfare” in space.
China, Russia, and the United States all maintain anti-satellite (ASAT) programs, but traditional direct-ascent weapons are becoming less strategically useful as constellations grow. “Taking out a single satellite no longer cripples a system,” says Sam Wilson of The Aerospace Corp. As a result, adversaries are shifting toward electronic and cyber techniques.
China is also building its own Starlink-like constellations, which means the U.S. must plan not only to defend its own systems but also to potentially counter PLA access to their networks in a crisis, Swope notes.
While no nation has yet fired an ASAT weapon at an enemy satellite, tests have accelerated. And countries such as France, India, and China are pursuing new on-orbit operations, from nanosatellite defense concepts to rendezvous and “dogfighting” maneuvers.
As Poirier puts it, space has become the backbone of modern warfare, and that makes satellites prime real estate in the next era of cyber and electronic conflict.
References:
https://www.securityweek.com/chrome-143-patches-high-severity-vulnerabilities/
https://www.theregister.com/2025/12/03/india_gps_spoofing/
