Cybersecurity Today: Major Data Leaks, Airline Disruptions, Malware in Games, and AI Bypasses Captchas - Cybersecurity Today

Summary6 min read

Cybersecurity Today: Major Data Leaks, Airline Disruptions, Malware in Games, and AI Bypasses Captchas
Episode Release Date: July 30, 2025
Host: Jim Love

1. Tapp's Second Major Data Leak Exposes Sensitive User Information

Timestamp: 00:02 - 07:45

In the opening segment, Jim Love dives into the alarming news surrounding Tapp, a women-only dating safety platform known for verifying its users through selfies and government-issued IDs. This platform has recently become the victim of a second significant data breach, compounding the damage from the initial leak.

Last week, a 4chan user exposed that Tapp's Firebase storage bucket was left unsecured, leading to the unauthorized disclosure of over 72,000 images. These images included 13,000 selfies and IDs used for user verification, alongside 59,000 photos shared within posts, comments, and messages.

Jim highlights Tapp's justification for retaining these selfies, stating, “Selfies were retained to comply with cyberbullying investigations” (00:45). However, this rationale hasn't prevented the images from being disseminated across hacking forums via torrent sites.

The situation escalated with the discovery of a second exposed database, leaking over 1.1 million private messages between users. Security researcher Kasra Rujirdi uncovered that any Tapp user could access stored data simply by utilizing their own API key. These messages contain highly sensitive conversations ranging from personal traumas to topics like abortions and infidelity.

A particularly disturbing development is the emergence of an attacker who has launched a "Face Smash" style website, inviting visitors to rate the leaked selfies. Jim remarks, “Turning a platform designed for safety into a tool for humiliation” (05:30) underscores the malicious exploitation of Tapp's intended security measures.

Both data leaks were traced back to unauthenticated Firebase databases with predictably named folders like "t prod", highlighting a glaring oversight in the platform's security protocols. The leaked data poses significant risks, including the potential for user identification through cross-referencing with social media handles or phone numbers.

2. Aeroflot Faces Operational Paralysis Amid Cyberattack

Timestamp: 07:46 - 16:30

Shifting focus to the aviation industry, Jim reports on a severe cyberattack that forced Aeroflot, Russia's flagship airline, to cancel over 100 flights on a Sunday. The attack incapacitated critical internal IT systems, bringing travel in Russia to a near standstill.

Responsibility for the attack was claimed by the pro-Ukraine hacking group Silent Crow, alongside the Belarusian group Cyber Partisans. This isn't their first foray into disrupting Russian infrastructure; earlier this year, Silent Crow targeted entities including a Russian real estate database, a state telecom provider, a major insurer, Moscow's IT department, and even the Russian office of Kia Motors. These assaults often resulted in substantial data breaches.

Jim contextualizes this within the broader scope of Ukraine's cyber warfare strategy, initiated following Russia's 2022 invasion. Kyiv mobilized a formidable 300,000-strong digital force through a Telegram group known as the IT Army of Ukraine, which has been instrumental in these ongoing cyber operations.

In a statement, Silent Crow asserted that the Aeroflot attack was the culmination of a year-long infiltration of Aeroflot's systems, during which they allegedly destroyed 7,000 servers and accessed personal computers of senior managers. Although the group did not provide concrete evidence to support these claims, they threatened to release the personal data of all Russians who have ever flown with Aeroflot, as reported by The Guardian.

Jim emphasizes the novelty of this attack vector, noting, “This marks one of the first major cyber attacks aimed at disrupting flights” (12:15). While Aeroflot has managed to resume most of its services by the following Monday, the incident serves as a stark reminder of how civilian infrastructure is increasingly becoming a battlefield in digital warfare.

3. Steam’s Early Access Game Kamiya Infected with Multiple Malware Strains

Timestamp: 16:31 - 25:20

In the third segment, Jim turns his attention to the gaming industry, detailing a recent security breach involving a game available through Steam's Early Access program. The game, titled "Kamiya", was found to be compromised with three distinct types of malware, as reported by the cybersecurity forum Prodaft.

"Kamiya," marketed as a post-apocalyptic survival crafting game, deceived users who requested access to its playtest, inadvertently downloading malicious code. Prodaft identified the installation of Fickle Stealer, VidrStealer, and Hijack Loader within the game. The first two are designed to steal sensitive information, including browser data, saved passwords, and cryptocurrency wallets. The third, Hijack Loader, serves as a gateway for attackers to silently deploy additional malware on infected systems in the future.

Despite the developer being listed as Aether Forge Studios, both Prodaft and investigative reporters found no online presence for this entity. There was no associated website, social media profiles, or any public history linked to the game's developer, raising suspicions about the legitimacy of the operation.

As of the morning of July 25, "Kamiya" remained live on Steam, but it was discreetly removed later that day following the disclosure. Prodaft traced the malware campaign to a group named Encrypt Hub, which has been orchestrating targeted spear-phishing attacks since at least June 2024.

To aid defenders, indicators of compromise, including hashes for the embedded malware, have been published on GitHub. Jim underscores the critical lesson from this incident: “Just because software is distributed on a trusted platform like Steam doesn't guarantee it's safe” (20:50). The murky and unverifiable identity of the developer further complicates the trustworthiness of such applications.

4. OpenAI’s GPT-4 Agents Successfully Bypass Captcha Challenges

Timestamp: 25:21 - 35:10

In the final topic, Jim discusses a groundbreaking yet concerning development in artificial intelligence. Researchers at Robust Intelligence have discovered that OpenAI's GPT-4 based agents possess the capability to bypass CAPTCHA tests, which are traditionally used to differentiate between human users and automated bots.

During a live demonstration, the team set up a website utilizing Google reCAPTCHA, subjecting the GPT-4 agent to basic transactional tasks. When confronted with a reCAPTCHA checkbox, the AI agent simply clicked it, successfully passing the test and proceeding without human intervention. Jim highlights the significance by stating, “The agent used a live browser session, interacted with real page elements, and succeeded on its own” (28:45), distinguishing this from previous bot simulations that relied on backend bypasses or tricking humans.

However, the effectiveness of this breakthrough may vary. Jim references a follow-up attempt where he and his team could not replicate the bypass, as the agent eventually timed out and required human interaction to proceed: “Our agent asked for help, then it timed out and eventually left us to click the box ourselves” (32:10). Despite this, the original demo indicates that AI capabilities are rapidly advancing, potentially rendering CAPTCHA systems less effective.

The evolution of CAPTCHA from simple challenges to more complex, behavior-based systems like those employed by CrowdStrike underscores the escalating arms race between AI and cybersecurity defenses. Jim notes the irony in AI having to prove it’s not a robot, with a Reddit user humorously pointing out, “It's been trained on human data. Why would it identify as a bot?” (34:00), adding a light-hearted perspective to the serious implications.

The takeaway is clear: as AI continues to improve its interaction with web systems, CAPTCHA and similar security measures will need to become increasingly sophisticated, potentially making them more cumbersome for legitimate human users as well.

Conclusion

Jim Love wraps up the episode by urging listeners to remain vigilant in the face of these evolving cybersecurity threats. He emphasizes the dual-edged nature of emerging technologies, such as AI, which, while offering significant advancements, also present new challenges for security professionals. Jim advises, “Keep an eye on the new agents that are appearing” (35:00), highlighting the need for continuous adaptation and proactive measures to safeguard against these sophisticated threats.

This summary encapsulates the key discussions from the episode, providing listeners with a comprehensive overview of the major cybersecurity incidents and developments covered by Jim Love.

Loading summary

Transcript1 lines

[00:03]
A
Hackers disrupt all Aeroflot flights, bringing travel in Russia to a halt. Kamiya, a game from Steam, is riddled with malware. OpenAI's agents are able to handle CAPTCHAs, and T for two takes on a whole new meaning with a second leak of even more sensitive information. This is Cybersecurity today. I'm your host Jim Love. The tapp, a woman only dating safety platform that verifies users with a selfie and government id, is now at the center of a second serious data leak. Last week, a user on 4chan revealed that T's Firebase storage bucket was left unsecured, exposing over 72,000 images. These included 13,000 selfies and and IDs used for verification, plus 59,000 photos shared in posts, comments and messages. T claims selfies were retained to comply with cyberbullying investigations, but that hasn't stopped the images from spreading across hacking forums via torrents. And now a second exposed database has been discovered, this time leaking over 1.1 million private messages between users. Security researcher Kasra Rujirdi found that any T user could access stored data simply by using their own API key. And these messages, spanning much more recent times from 2023 to just last week, include highly sensitive conversations about such things as abortions, infidelity and even personal trauma. Researchers say it's possible to identify users by cross referencing message content with social media handles or phone numbers. One attacker has already created a Face Smash style website inviting visitors to rate leaked selfies, turning a platform designed for safety into a tool for humiliation. Both the first and second leaks were due to unauthenticated Firebase databases using easily guessed names like t prod. Aeroflot, Russia's flagship airline, was forced to cancel more than 100 flights on Sunday after a cyber attack disabled parts of its internal IT systems. The pro Ukraine hacking group Silent Crow claimed responsibility for along with the Belarusian group Cyber Partisans, Silent Crow has also taken credit for attacks this year on a Russian real estate database, a state telecom provider, a major insurer, the Moscow IT department and even the Russian office of Kia Motors, some resulting in large data leaks. Cyberwarfare has been part of Ukraine's fight back since Russia's 2022 invasion, when Kyiv helped mobilize a 300,000 strong digital force through a telegram group known as the IT army of Ukraine. And that army is having an impact. In a statement, Silent Crow claimed this attack followed a year long infiltration of Aeroflot systems, during which it destroyed 7,000 servers and accessed personal computers used by senior managers. The group did not provide proof of these claims, but threatened to release the personal data of of all Russians who've ever flown with Aeroflot, according to the Guardian. Silent Crow said it isn't seeking ransom or money, just disruption. The group remains relatively unknown, with only a few previous public claims. And while Russian passengers have become familiar with drone attacks causing air travel delays, this marks one of the first major cyber attacks aimed at disrupting flights. Aeroflot has resumed most services by Monday, but the incident highlights how civilian infrastructure is becoming a front line in digital warfare and finally, a game offered through Steam's early access program has been found hiding three types of malware, according to a report by the cybersecurity forum Prodaft. Prodaft, a European cyber threat intelligence company known for tracking advanced threat actors, said the game Kamiya, I hope I'm saying it right, was laced with info stealers and backdoor malware. The title was marketed as a post apocalyptic survival crafting game, but users who requested access to its playtest were unknowingly downloading malicious code. According to Prodaft, Tamiya installed Fickle Stealer, vidrstealer and Hijack Loader. The first two are designed to steal sensitive information, including browser data, saved passwords and cryptocurrency wallets. The third acts as a loader, enabling attackers to silently deliver more malware to infected systems in the future. The developer was listed as Aether Forge Studios, but Prodaft and reporters found no trace of that name online. No website, no social media, no public history tied to the game. Kamiya remained live on Steam as of the morning of July 25, two days after the report was published, but it was quietly pulled later that day. The malware campaign appears linked to a group called Encrypt Hub, which Prodaft says has been running targeted spear phishing attacks since at leave June of 2024. Indicators of compromise, including hashes for the embedded malware, have been published on GitHub for defenders to review. This incident is a stark reminder. Just because software is distributed on a trusted platform like Steam doesn't guarantee it's safe, especially when the developer's identity is murky or unverifiable. And finally, researchers at Robust Intelligence have discovered that OpenAI's GPT4 based agent is not just phenomenal in terms of its actions, but it can actually bypass Captcha tests. You know those I am not a robot challenges that are meant to block automated access to websites. In their demo, the team built a live site using Google recaptcha and had GPT4 perform basic tasks through OpenAI's browser and function calling tools. When the agent encountered a recaptcha checkbox, it simply clicked. It passed the test and moved on without human help. This wasn't a simulation or a backend bypass. The agent used a live browser session, interacted with real page elements, and succeeded on its own. It didn't need to solve visual puzzles or trick a human as earlier bots sometimes did. Captcha, which is short for Completely Automated Public Turing test to tell computers and humans apart, has evolved from simple challenges to complex behavior based systems. Some implementations, like CrowdStrikes, now detect non human interaction patterns and then serve up image puzzles even humans find frustrating. According to Ars Technica, GPT4 treated the Recaptcha like any other interface and casually clicked through. That said, results may vary. We saw this and tried it on a live site using a recaptcha, and we couldn't reproduce the bypass. Our agent asked for help, then it timed out and eventually left us to click the box ourselves. Still, the original demo shows that AI is getting better and better at these tasks, and that means that Captcha systems will have to get harder, unfortunately for humans too. And if you've ever sat there clicking through some of these blurry pictures of traffic lights and steps and mountains, expect more of that. But before you get too annoyed, here's a reason to smile. The irony of having an AI having to prove it's not a robot hasn't gone unnoticed. As one Reddit user joked, it's been trained on human data. Why would it identify as a bot? We should respect that choice. And that's our show. Just a reminder to keep an eye on the new agents that are appearing. While they're no doubt interesting and perhaps highly useful, I'm working with them now, and I gotta tell you, I think they're going to present us with some challenges. OpenAI has warned people to ensure we don't use them unsupervised or use them in highly sensitive processes before they're actually proven. But hey, if people actually paid attention to warnings, 90% of our job would be done with just a warning until we reach that nirvana. I'm your host Jim Love. Thanks for listening.