By Ashwani Mishra, Editor-Technology, 63SATS
CERT-In issued a high-severity alert for WhatsApp Desktop users on Windows, while the Indian Air Force faced a GPS-spoofing attack during a relief mission over Myanmar. In Europe, a ransomware attack on IKEA operator Fourlis Group caused €20 million in losses. In the U.S., a data breach at LSC exposed information of 1.6 million individuals, and Western Sydney University reported cyber incidents affecting 10,000 people.
Meanwhile, senior Chinese officials reportedly acknowledged long-denied cyberattacks on U.S. infrastructure—fuelling concerns over nation-state threats amid rising global tensions.
CERT-In Flags Critical Flaw in WhatsApp Desktop for Windows Users
India’s cybersecurity agency CERT-In has issued a high-severity alert for WhatsApp Desktop on Windows due to a newly discovered vulnerability (CIVN-2025-0075). The flaw affects versions prior to 2.2450.6 and stems from improper handling of MIME types and file extensions, potentially allowing attackers to run arbitrary code or bypass security filters using malicious attachments.
If exploited, the bug could lead to unauthorized system access and data theft. CERT-In urges users to update the app immediately and avoid opening suspicious attachments. The issue is particularly concerning given WhatsApp’s widespread use for both personal and professional communications across devices.
Indian Air Force C-130J Targeted in GPS Spoofing Over Myanmar
According to India Today, during a relief mission under Operation Brahma, an Indian Air Force C-130J aircraft was hit by a GPS-spoofing attack while flying over Myanmar. Defence sources confirmed that the aircraft’s real-time positioning was manipulated mid-air, forcing pilots to rely on the onboard Inertial Navigation System (INS) to safely complete the mission. GPS spoofing is a cyber tactic where false satellite signals are used to deceive navigation systems.
The incident highlights emerging threats in military aviation, particularly during cross-border humanitarian operations, and underscores the growing role of electronic warfare in modern conflicts.
IKEA Operator Fourlis Suffers €20M Ransomware Hit
Greek multinational Fourlis Group, operator of IKEA stores in Greece, Cyprus, Romania, and Bulgaria, reported a ransomware attack that caused damages of approximately €20 million. The attack occurred just before Black Friday on November 27, 2024, but was only publicly confirmed in early December.
The incident primarily disrupted IKEA’s online operations, though Fourlis also manages other retail brands like Intersport and Foot Locker. Despite the scope of the attack, no public details have emerged about ransom demands or stolen data. The event serves as another example of how cyberattacks can severely impact retail operations during peak seasons.
Data Breach at Laboratory Services Cooperative Affects 1.6M Individuals
Seattle-based Laboratory Services Cooperative (LSC) has disclosed a major data breach involving the personal and medical data of approximately 1.6 million people. The nonprofit, which serves various reproductive health clinics, including Planned Parenthood centers across 35 U.S. states, detected the breach on October 27, 2024.
According to a statement, hackers infiltrated LSC’s systems and accessed sensitive lab, billing, and personal records. Third-party cybersecurity experts were brought in, and federal authorities were alerted. With its critical role in healthcare diagnostics, the breach raises concerns about the security of health data managed by smaller, specialized service providers.
Western Sydney University Confirms Data Exposure in Two Cyber Incidents
Western Sydney University (WSU) has reported two separate cybersecurity incidents that led to unauthorized access to personal data of students and staff. One of the breaches occurred via a compromised Single Sign-On (SSO) system between January and February 2025.
Data belonging to around 10,000 individuals, including demographic and academic information, was exposed. Serving over 47,000 students and employing more than 4,500 staff, WSU operates on an annual budget of $600 million. The incidents have sparked concern across the Australian education sector, prompting a review of digital security protocols in higher education institutions.
China Quietly Admits to Years-Long Cyberattacks on U.S. Infrastructure
In a private setting, senior Chinese officials have reportedly admitted to cyber operations targeting U.S. critical infrastructure—an acknowledgment that contradicts years of public denial.
According to The Wall Street Journal, these admissions, though indirect, confirm that China’s Volt Typhoon group infiltrated energy, water, communication, and transportation systems. U.S. officials view this as a geopolitical signal tied to tensions over Taiwan. The disclosure underscores the severity of state-sponsored cyber threats and raises concerns about the long-term vulnerabilities in America’s foundational systems. This rare diplomatic cue signals how deeply cybersecurity is embedded in global power play.
