Skip to main content

United Airlines Flight To Spain Pulls U-Turn Over Bluetooth Device Name

1 month 1 week ago
Tony Isaac shares a report from NPR: A United Airlines flight traveling from Newark, New Jersey, to Palma de Mallorca, Spain, was forced to make a U-turn and return to Newark after more than four hours in the air due to a security concern. According to passenger reports and air traffic control audio, the disruption was caused by a personal Bluetooth speaker -- reportedly belonging to a teenager -- that had been named "BOMB." Upon returning to Newark, passengers were evacuated so that security details could inspect the entire aircraft and cargo area. The flight was ultimately cleared, reboarded, and arrived at its destination in Spain approximately nine and a half hours behind schedule. Multiple posts on social media from self-identified passengers indicate that the problem was a Bluetooth device on board the plane. One post referenced in-flight announcements with "lots of comments like 'this little joke is ruining it for everyone.'" Audio from air traffic control sheds a little more light on the situation: "There's a security detail out there, someone had a Bluetooth speaker and they named it a certain four-letter word," another voice responded. "So they have to inspect the whole aircraft including the cargo area [and] passengers have to evacuate."

Read more of this story at Slashdot.

BeauHD

Red Hat npm Packages Compromised to Spread a Credential-Stealing Worm

1 month 1 week ago
Aikido Security says more than 30 official @redhat-cloud-services npm packages were compromised with a credential-stealing worm called "Miasma," a variant resembling the open-sourced Mini Shai-Hulud supply-chain malware. "The packages were published via GitHub Actions OIDC, indicating the CI/CD pipeline was compromised rather than an npm token," the report says. "If you have installed any affected package versions since June 1, 2026, treat all CI secrets, cloud credentials, SSH keys, and npm tokens as compromised and rotate them immediately." From the report: Each compromised package declares a preinstall script in its package.json that executes node index.js automatically on every npm install, before any application code runs and before the developer has any indication something is wrong. The index.js file is 4.2 MB payload hidden behind multiple layers of obfuscation. As with previous Mini Shai-Hulud attacks, the payload performs a broad credential sweep across cloud providers, CI/CD environments, and developer tooling. On the CI side it targets GitHub Actions secrets including GITHUB_TOKEN and ACTIONS_RUNTIME_TOKEN. For cloud credentials it collects AWS access keys and session tokens, GCP application default credentials and service account key files, and Azure service principal credentials and managed identity tokens. It also sweeps for HashiCorp Vault tokens, Kubernetes service account tokens and kubeconfig files, npm and PyPI publish tokens, SSH private keys, Docker registry credentials, GPG keys, and any .env files it can find across the filesystem.

Read more of this story at Slashdot.

BeauHD