All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Security Vulnerability: Default Credentials Allowed Unauthorized Access to Send Messages to Aircraft Cockpits

By

hacka22

7mo ago· 1 min readenNews
Bagel score 46 of 100
46/100
Doughy
Bagelometer

You can taste the rush. The dough hadn't risen.

Score46TypenewsSentimentnegative

Summary

Security researchers discovered a vulnerability in Collins Aerospace's ARINC OpCenter Message Browser where default credentials 'test:test' allowed unauthorized access to send text messages to aircraft cockpits. The vulnerability was reported to RTX Corporation (Collins Aerospace's parent company) and the Department of Defense Cyber Crime Center, but RTX did not respond before the account was disabled.

Key quotes

· 3 pulled
Using the credentials test:test, it was possible to log in at the ARINC OpCenter Message Browser as U.S. Navy Fleet Logistics Support Wing.
Via this web service, text messages can be sent to the cockpit. For obvious reasons, we did not try that.
Unfortunately, RTX did not respond to our vulnerability report. The account was disabled.
Snippet from the RSS feed
Der Chaos Computer Club ist eine galaktische Gemeinschaft von Lebewesen für Informationsfreiheit und Technikfolgenabschätzung.

You might also wanna read

Phishing Campaign Targets Signal Users by Stealing Backup Recovery Keys

A new wave of phishing attacks is targeting Signal users by impersonating the app's support team. Hackers send messages inside Signal claimi

cybersecuritynews.com·2h ago

New phishing campaign targets Signal users to steal chat backup recovery keys

Hackers are targeting Signal users in a new phishing campaign that attempts to steal their chat backups. The attackers pose as Signal's supp

techcrunch.com·2h ago

Weekly cybersecurity roundup: FortiClient EMS infostealer, Trend Micro Apex One exploit, and crypto payment security

A weekly roundup of cybersecurity news, featuring an interview with Coinflow's CISO about crypto payment security under AI-driven threats, c

helpnetsecurity.com·4h ago

CISA Adds Palo Alto Networks PAN-OS Authentication Bypass Vulnerability to Known Exploited Vulnerabilities Catalog

CISA has added a new vulnerability (CVE-2026-0257) to its Known Exploited Vulnerabilities (KEV) Catalog, affecting Palo Alto Networks PAN-OS

cisa.gov·7h ago

CISA Adds Palo Alto Networks PAN-OS Authentication Bypass Vulnerability to Known Exploited Vulnerabilities Catalog

CISA has added a new vulnerability (CVE-2026-0257) to its Known Exploited Vulnerabilities (KEV) Catalog, affecting Palo Alto Networks PAN-OS

cisa.gov·7h ago

Microsoft warns of crypto mining malware disguised as fake downloads of popular PC utilities

Microsoft's Windows Defender team has uncovered a cryptocurrency mining campaign targeting PC enthusiasts. Scammers are manipulating search

techspot.com·15h ago