Cybersecurity Today: Major Data Leaks, Airline Disruptions, Malware in Games, and AI Bypasses Captchas
Episode Release Date: July 30, 2025
Host: Jim Love

1. Tapp's Second Major Data Leak Exposes Sensitive User Information

Timestamp: 00:02 - 07:45

In the opening segment, Jim Love dives into the alarming news surrounding Tapp, a women-only dating safety platform known for verifying its users through selfies and government-issued IDs. This platform has recently become the victim of a second significant data breach, compounding the damage from the initial leak.

Last week, a 4chan user exposed that Tapp's Firebase storage bucket was left unsecured, leading to the unauthorized disclosure of over 72,000 images. These images included 13,000 selfies and IDs used for user verification, alongside 59,000 photos shared within posts, comments, and messages.

Jim highlights Tapp's justification for retaining these selfies, stating, “Selfies were retained to comply with cyberbullying investigations” (00:45). However, this rationale hasn't prevented the images from being disseminated across hacking forums via torrent sites.

The situation escalated with the discovery of a second exposed database, leaking over 1.1 million private messages between users. Security researcher Kasra Rujirdi uncovered that any Tapp user could access stored data simply by utilizing their own API key. These messages contain highly sensitive conversations ranging from personal traumas to topics like abortions and infidelity.

A particularly disturbing development is the emergence of an attacker who has launched a "Face Smash" style website, inviting visitors to rate the leaked selfies. Jim remarks, “Turning a platform designed for safety into a tool for humiliation” (05:30) underscores the malicious exploitation of Tapp's intended security measures.

Both data leaks were traced back to unauthenticated Firebase databases with predictably named folders like "t prod", highlighting a glaring oversight in the platform's security protocols. The leaked data poses significant risks, including the potential for user identification through cross-referencing with social media handles or phone numbers.

2. Aeroflot Faces Operational Paralysis Amid Cyberattack

Timestamp: 07:46 - 16:30

Shifting focus to the aviation industry, Jim reports on a severe cyberattack that forced Aeroflot, Russia's flagship airline, to cancel over 100 flights on a Sunday. The attack incapacitated critical internal IT systems, bringing travel in Russia to a near standstill.

Responsibility for the attack was claimed by the pro-Ukraine hacking group Silent Crow, alongside the Belarusian group Cyber Partisans. This isn't their first foray into disrupting Russian infrastructure; earlier this year, Silent Crow targeted entities including a Russian real estate database, a state telecom provider, a major insurer, Moscow's IT department, and even the Russian office of Kia Motors. These assaults often resulted in substantial data breaches.

Jim contextualizes this within the broader scope of Ukraine's cyber warfare strategy, initiated following Russia's 2022 invasion. Kyiv mobilized a formidable 300,000-strong digital force through a Telegram group known as the IT Army of Ukraine, which has been instrumental in these ongoing cyber operations.

In a statement, Silent Crow asserted that the Aeroflot attack was the culmination of a year-long infiltration of Aeroflot's systems, during which they allegedly destroyed 7,000 servers and accessed personal computers of senior managers. Although the group did not provide concrete evidence to support these claims, they threatened to release the personal data of all Russians who have ever flown with Aeroflot, as reported by The Guardian.

Jim emphasizes the novelty of this attack vector, noting, “This marks one of the first major cyber attacks aimed at disrupting flights” (12:15). While Aeroflot has managed to resume most of its services by the following Monday, the incident serves as a stark reminder of how civilian infrastructure is increasingly becoming a battlefield in digital warfare.

3. Steam’s Early Access Game Kamiya Infected with Multiple Malware Strains

Timestamp: 16:31 - 25:20

In the third segment, Jim turns his attention to the gaming industry, detailing a recent security breach involving a game available through Steam's Early Access program. The game, titled "Kamiya", was found to be compromised with three distinct types of malware, as reported by the cybersecurity forum Prodaft.

"Kamiya," marketed as a post-apocalyptic survival crafting game, deceived users who requested access to its playtest, inadvertently downloading malicious code. Prodaft identified the installation of Fickle Stealer, VidrStealer, and Hijack Loader within the game. The first two are designed to steal sensitive information, including browser data, saved passwords, and cryptocurrency wallets. The third, Hijack Loader, serves as a gateway for attackers to silently deploy additional malware on infected systems in the future.

Despite the developer being listed as Aether Forge Studios, both Prodaft and investigative reporters found no online presence for this entity. There was no associated website, social media profiles, or any public history linked to the game's developer, raising suspicions about the legitimacy of the operation.

As of the morning of July 25, "Kamiya" remained live on Steam, but it was discreetly removed later that day following the disclosure. Prodaft traced the malware campaign to a group named Encrypt Hub, which has been orchestrating targeted spear-phishing attacks since at least June 2024.

To aid defenders, indicators of compromise, including hashes for the embedded malware, have been published on GitHub. Jim underscores the critical lesson from this incident: “Just because software is distributed on a trusted platform like Steam doesn't guarantee it's safe” (20:50). The murky and unverifiable identity of the developer further complicates the trustworthiness of such applications.

4. OpenAI’s GPT-4 Agents Successfully Bypass Captcha Challenges

Timestamp: 25:21 - 35:10

In the final topic, Jim discusses a groundbreaking yet concerning development in artificial intelligence. Researchers at Robust Intelligence have discovered that OpenAI's GPT-4 based agents possess the capability to bypass CAPTCHA tests, which are traditionally used to differentiate between human users and automated bots.

During a live demonstration, the team set up a website utilizing Google reCAPTCHA, subjecting the GPT-4 agent to basic transactional tasks. When confronted with a reCAPTCHA checkbox, the AI agent simply clicked it, successfully passing the test and proceeding without human intervention. Jim highlights the significance by stating, “The agent used a live browser session, interacted with real page elements, and succeeded on its own” (28:45), distinguishing this from previous bot simulations that relied on backend bypasses or tricking humans.

However, the effectiveness of this breakthrough may vary. Jim references a follow-up attempt where he and his team could not replicate the bypass, as the agent eventually timed out and required human interaction to proceed: “Our agent asked for help, then it timed out and eventually left us to click the box ourselves” (32:10). Despite this, the original demo indicates that AI capabilities are rapidly advancing, potentially rendering CAPTCHA systems less effective.

The evolution of CAPTCHA from simple challenges to more complex, behavior-based systems like those employed by CrowdStrike underscores the escalating arms race between AI and cybersecurity defenses. Jim notes the irony in AI having to prove it’s not a robot, with a Reddit user humorously pointing out, “It's been trained on human data. Why would it identify as a bot?” (34:00), adding a light-hearted perspective to the serious implications.

The takeaway is clear: as AI continues to improve its interaction with web systems, CAPTCHA and similar security measures will need to become increasingly sophisticated, potentially making them more cumbersome for legitimate human users as well.

Conclusion

Jim Love wraps up the episode by urging listeners to remain vigilant in the face of these evolving cybersecurity threats. He emphasizes the dual-edged nature of emerging technologies, such as AI, which, while offering significant advancements, also present new challenges for security professionals. Jim advises, “Keep an eye on the new agents that are appearing” (35:00), highlighting the need for continuous adaptation and proactive measures to safeguard against these sophisticated threats.

This summary encapsulates the key discussions from the episode, providing listeners with a comprehensive overview of the major cybersecurity incidents and developments covered by Jim Love.