This year has had its share of noteworthy stories touching upon wireless threats. Below is the top 10 most interesting stories for the first half of 2025, along with any relevant updates.
1: Chinese park‑bench bugs and mobile spying on UK officials
UK Security sources reported Chinese intelligence operatives have been planting covert listening devices in and around Westminster. UK sources previously reported that military doctors received warnings of adversaries targeting their phones to extract information on medical personnel. Officials advised Clinicians to revert to paper charts.
Notable updates
- 15 Jul 2025 – London’s Counter‑Terrorism Command says hostile‑state activity is now five times higher than in 2017, with China, Russia, and Iran running “threat‑to‑life” operations inside Britain.
- 25 Jun 2025 – A cross‑Whitehall audit confirms a “sharp rise” in Chinese espionage and allocates £600 m to bolster UK intelligence services.
2: PerfektBlue: Bluetooth Vulnerability Exploit Chain Leaves Millions of Cars Vulnerable to Remote Control
Four memory-corruption bugs (CVE-2024-45431–45434) in the OpenSynergy BlueSDK provide an attacker within radio range with a one-click route to code execution on infotainment units from Mercedes-Benz, Volkswagen, Škoda, and an unnamed OEM, enabling GPS tracking, cabin eavesdropping, phone-book theft, and, on poorly segmented designs, CAN-bus access.
Notable updates
- 22 Jul 2025 – Volkswagen begins OTA and dealer roll‑outs; urges owners to patch promptly.
- 22 Jul 2025 – Keysight researchers warn weak IVI–CAN gateways still allow lateral movement, underscoring the need for RF monitoring.
3: Hidden remote communication radios discovered inside US solar inverters and batteries
US forensic teams dismantling Chinese-made solar inverters and grid-scale batteries uncovered undocumented cellular modules that tunnel past utility firewalls, potentially allowing offshore operators to reconfigure or shut down equipment and destabilize the grid.
Notable updates
- 9 Jul 2025 – The Dutch government pledges tighter inverter checks ahead of new EU Radio Equipment Directive cybersecurity clauses.
- 3 Jun 2025 – Forescout’s SUN:DOWN follow‑up maps 35,000 exposed devices and 46 new flaws, urging VPN isolation.
4: Salt Typhoon breach of the Viasat satellite network
China‑linked group Salt Typhoon quietly siphoned ~100 million call‑detail and location records from 1.3 million Viasat users, revealing gaps in satellite‑ and RF-airspace defences.
Notable updates
- 24 Jul 2025 – Viasat says it has fully remediated the intrusion and no customer impact remains.
- 16 – 18 Jul 2025 – A leaked DHS memo shows Salt Typhoon also infiltrated a US Army National Guard network in 2024.
5: New Zero-Click Wireless iPhone Attacks Found In The Wild
Crash‑log fingerprints on six high‑profile iPhones suggest a sophisticated zero‑click exploit (now CVE‑2025‑43200) patched in iOS 18.3; Apple first called it a “mundane bug,” but later acknowledged in‑the‑wild abuse.
Notable updates
- 13 Jun 2025 – Apple’s iOS 18.3.1 release notes formally tag the exploit and credit Citizen Lab with links to Paragon’s Graphite spyware; Italy cancels Paragon contracts.
6 : Taiwanese presidential guards used personal phones for PRC espionage
Three security detail soldiers and one cyber‑command specialist received between 5 years and 10 months to 7 years prison terms for photographing and selling classified documents to China with personal smartphones, highlighting mobile insider threats.
Notable updates
- June 2025 – Taiwan’s President Lai Ching‑te proposes reinstating military judges to expedite espionage trials.
- 2024 vs 2022 – Taiwan’s intelligence agency reports 64 PRC‑spy prosecutions in 2024, up from 10 in 2022.
7: Wormable Zero-Click Wireless Airplay Vulnerability Threatens Apple & IoT device ecosystem
Oligo’s “AirBorne” study disclosed 23 AirPlay flaws (17 CVEs) that let attackers run wormable zero‑click RCE on Macs, iPhones, CarPlay units, and third‑party devices, then spread laterally over any network the victim later joins.
Notable updates
- Mid‑May 2025 – Public GitHub PoC automates CVE‑2025‑24252 + 24132 for reverse shells, raising real‑world risk.
- 8 May 2025 – runZero releases fingerprints to help defenders enumerate vulnerable assets.
- 25 Jul 2025 – Despite PoCs, the CVEs are still absent from CISA’s KEV list, and no mass exploitation is confirmed.
8: Insider Threats at the Department of Defense: The Jian Zhao & Li Tian Case
The Department of Justice indicted SGT Jian Zhao and 1LT Li Tian for photographing defence secrets inside Joint Base Lewis-McChord and selling them via encrypted Chinese apps
Notable update
- 14 Oct 2025 (scheduled) – Federal court reschedules Zhao’s jury trial; he remains in custody, pleading not guilty.
9: Russian spy ring with wireless arsenal outside Stuttgart Army Airfield Convicted
A GRU‑directed “Bulgarian” cell parked IMSI‑catchers and other surveillance equipment outside the US base, harvesting Ukrainian trainees’ phone IDs so Moscow could track their SAM units post‑deployment.
The group utilized Wi‑Fi Pineapples, drones, remote A/V equipment, and hundreds of phones and SIM cards for their operations.
Notable updates
- 23 Jul 2025 – FT Hot Money podcast publishes 300k Telegram messages showing fugitive Jan Marsalek micromanaged the operation.
- 18 Jul 2025 – The UK sanctions three GRU units and 18 officers, freezing assets and imposing travel bans.
- 12 May 2025 – Courts finalise prison terms: ringleader Orlin Roussev gets 10 years and 8 months; five accomplices share another 42 years.
10: Military Intelligence Breach Highlights Growing Mobile Insider Threat Concerns
Former U.S. Army intelligence analyst Korbein Schultz received a 7‑year (84‑month) federal prison sentence after admitting that he sold at least 92 classified military documents to a China‑based handler for roughly $42 000. Schultz even tried to recruit another cleared analyst at INDOPACOM, illustrating a deliberate, gradual escalation plan by his foreign contact.
Notable updates
- 18 Jul 2025 – Secretary of Defense memorandum directs the DoD CIO to tighten supply-chain and insider-threat controls, reinforcing demand for enterprise wireless monitoring.
- No notice of appeal appears on the federal docket; the last entry is from 7 Jul 2025, and the case remains closed
