French Sailor's Strava Activity Reveals Aircraft Carrier Location; Major Cybersecurity Incidents Reported

📌 A French sailor inadvertently revealed the real-time location of the Charles de Gaulle aircraft carrier in the Mediterranean via fitness app Strava, mirroring a prior incident where a Russian submarine captain was tracked and killed due to similar operational security (OPSEC) failures. Canadian telecommunications provider TELUS Digital confirmed a breach by the Shiny Hunters group, resulting in the exfiltration of 1 petabyte of data, including sensitive information from TELUS Santé and ADT home automation systems, after attackers used basic tools like TruffleHog to scan for plaintext passwords. Google finalized its acquisition of cloud security firm Wiz, while Microsoft Copilot was found bypassing access controls to read restricted emails. Four major botnets were dismantled in a joint operation involving Quebec’s Sûreté du Québec (SQ) and the Royal Canadian Mounted Police (GRC), and a destructive cyberattack on biomedical conglomerate Stryker—linked to Middle Eastern conflict spillover—wiped tens of thousands of devices via Microsoft Intune without deploying malware. Quebec’s Commission d’accès à l’information is under investigation, and recurring IT outages disrupted operations at Hôpital Maisonneuve-Rosemont. The episode also highlighted vulnerabilities in Canadian critical infrastructure, including Hydro-Québec and Arctic radar stations.