Security Digest: Tchap Breach, GPS Jamming, Check Point, Microsoft

France’s Tchap Messenger Breached via Credential Hijack

France’s sovereign encrypted messenger Tchap, built on the Matrix protocol, was compromised on June 7 through a credential hijacking attack, not a crack in encryption. The government’s Digital Affairs Directorate (DINUM) says only unencrypted public chat rooms were exposed, and blocked the account. However, a threat actor named Misère claims access to data of 73,000 agents, 643,000 messages, and 60,000 files, including restricted-marked documents. The government has not verified these figures.

France’s ‘sovereign’ messenger Tchap was breached, and officials and the hacker disagree on how badly →

Research Points to Russian Satellite Jamming GPS Across Europe

A new study from the University of Texas at Austin and Stanford University suggests that Russia’s Kosmos 2546 satellite, part of the EKS early warning system, is likely the source of powerful GPS jamming signals across Europe. The researchers analyzed interference events from 2019 to 2026, finding short bursts of jamming (<10 seconds) that occur mainly during European business hours on weekdays. The study, not yet peer-reviewed, calculates the source with five-meter accuracy.

A ‘massive escalation in electronic warfare’: researchers show how Russian satellites can jam GPS across Europe — and a mysterious series of ‘interference events’ show it could already be happening →

Critical Check Point VPN Flaw Exploited Since Early May

Check Point disclosed CVE-2026-50751, a critical authentication bypass vulnerability (CVSS 9.3) in Security Gateways and Spark Firewalls using deprecated IKEv1 for Remote Access VPN. The flaw has been exploited since early May as a zero-day, targeting a few dozen organizations globally. Check Point Research links post-exploitation activity to a Qilin ransomware affiliate. A second flaw, CVE-2026-50752 (CVSS 7.4), enables man-in-the-middle attacks on site-to-site VPN. Customers are urged to patch immediately.

Check Point VPN Flaw Exploited Since Early May →

Microsoft GitHub Repositories Compromised with Credential-Stealing Malware

Dozens of cryptographically verified open source packages from Microsoft were compromised on GitHub, injecting advanced credential-stealing code (Miasma malware) that activates when opened in AI coding agents. Multiple researchers report 73 packages flagged as malicious. Microsoft disabled the repositories but initially only cited a terms-of-service violation. The attack is linked to threat actor TeamPCP and marks the second supply-chain compromise of Microsoft packages in two months. Developers who used AI agents with these packages should assume compromise.

For the 2nd time in weeks, Microsoft packages laced with credential stealer →

Microsoft Repos Used to Deliver Malware via AI Coding Tools

Microsoft shut down over 70 of its GitHub repositories after hackers planted malware that steals credentials when opened in AI coding tools like Claude Code and Gemini CLI, according to 404 Media and researchers. The exact extent of the breach is unclear, but the compromised packages were related to Azure and AI coding agents. Microsoft confirmed it removed the repositories while investigating.

Microsoft Hacked to Deliver Malware to Claude and Gemini Users →