The collision avoidance system on commercial aircraft is the final line of defense against mid-air collisions. It detects other aircraft in the vicinity using radio communications and, if necessary, gives mandatory commands for coordinated evasive action among the aircraft involved. In 2024, researchers from the University of Genoa and the CASD - Scuola Superiore Universitaria proved that it was feasible to deceive this system by exploiting vulnerabilities in radio protocols. They generated false collision alarms and disabled critical functions using certified equipment that was identical to that installed on civilian aircraft. In January 2025, the US Cybersecurity Agency (CISA) issued a bulletin admitting these vulnerabilities but stating that they had only been shown in a lab setting. Last March 1st, ten aircraft landing on Runway 19 at Ronald Reagan Washington Airport had an unusual sequence of TCAS alerts. At present, there are no official explanations for the incidents; however, there has been widespread speculation regarding potential malfunctions or interference. As a result, Italian researchers did new research based on an independent analysis of publicly available data, revealing remarkable similarities between the dynamics observed in the Washington incident and those revealed in previously replicated hacking attacks in the laboratory. The investigation shows that the observed behavior is compatible with an in-flight cyberattack on the collision avoidance system, albeit in a previously unknown variation. To secure future operational scenarios, the research team created a new approach for determining the source of the attack. Based on this evidence, the research has also identified a new attack technique that opens up previously unexplored scenarios for air traffic safety.