VulnHub

Real-time Cybersecurity News

Swipe, Plug-in, Pwned: Researchers Find New Ways to Hack Vehicles

darkreading

Overview

During the Pwn2Own contest at Automotive World 2026, security researchers successfully exploited multiple vulnerabilities in vehicle infotainment systems and electric vehicle (EV) chargers. These findings raise significant concerns about the security of modern vehicles, which increasingly rely on complex software for functionality. The vulnerabilities could potentially allow attackers to gain unauthorized access to vehicle systems, posing risks to both drivers and passengers. As vehicles become more connected, the implications of these security flaws extend beyond individual cars to broader public safety and privacy issues. Manufacturers must take these findings seriously to protect their customers and ensure the safety of their products.

Key Takeaways

  • Affected Systems: Vehicle infotainment systems, electric vehicle chargers
  • Action Required: Manufacturers should investigate and patch the identified vulnerabilities in their systems.
  • Timeline: Newly disclosed

Original Article Summary

Security researchers exploited dozens of vulnerabilities in vehicle infotainment systems and EV chargers during the latest Pwn2Own contest at Automotive World 2026.

Impact

Vehicle infotainment systems, electric vehicle chargers

Exploitation Status

The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.

Timeline

Newly disclosed

Remediation

Manufacturers should investigate and patch the identified vulnerabilities in their systems.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Read Original Article

Related Coverage

China-Linked Hackers Deploy New TencShell Malware Against Global Manufacturer

Infosecurity Magazine

Hackers believed to be linked to China have targeted the Indian branch of a major global manufacturer using a new type of malware called TencShell. This malware is based on an open-source offensive toolkit, which suggests that the attackers are utilizing publicly available resources to carry out their operations. The implications of this attack are significant, as it not only affects the manufacturer but also raises concerns about the security of global supply chains. Companies operating in similar sectors should be vigilant, as this incident could indicate a broader trend of targeting multinational firms. The incident underscores the need for enhanced cybersecurity measures across industries to protect against sophisticated attacks.

May 15, 2026

Chrome 148 Update Patches Critical Vulnerabilities

SecurityWeek

Google's latest Chrome update, version 148, addresses several critical vulnerabilities, including a serious use-after-free issue affecting various browser components. This type of vulnerability can allow attackers to execute arbitrary code, potentially leading to unauthorized access or data breaches. Users of Chrome should update to the latest version to ensure their browsers are secure. Keeping browsers up to date is crucial, as these vulnerabilities can be exploited if left unpatched. The update underscores the ongoing need for vigilance in cybersecurity, especially given the frequency of browser-based attacks.

May 15, 2026

Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026

SecurityWeek

Cisco has released a patch for a newly discovered zero-day vulnerability, identified as CVE-2026-20182, which has been actively exploited in targeted attacks. This vulnerability affects Cisco’s SD-WAN products and has been linked to a sophisticated threat actor known as UAT-8616. The exploitation of this flaw marks the sixth zero-day incident involving Cisco in 2026, raising concerns about the security of their products. Companies using Cisco SD-WAN solutions should prioritize applying the latest patches to protect against potential breaches. The ongoing exploitation of this vulnerability highlights the need for vigilance in cybersecurity practices.

May 15, 2026

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

The Hacker News

Microsoft has announced a serious security vulnerability affecting on-premise versions of Exchange Server, identified as CVE-2026-42897. This issue, which has a CVSS score of 8.1, is classified as a spoofing vulnerability that arises from a cross-site scripting flaw. The vulnerability has been confirmed to be actively exploited by attackers, which raises significant concerns for organizations still using on-premise Exchange Servers. An anonymous researcher discovered and reported the issue, signaling the need for prompt attention from IT security teams. Organizations must take immediate action to protect their systems and data from potential exploitation.

May 15, 2026

Zombie linkages are keeping expired domains trusted for years

Help Net Security

Researchers from USC and the University of Twente have identified a significant issue with expired domains, which can continue to hold trust long after they have changed hands. This phenomenon, referred to as 'zombie linkages,' occurs in systems like Web PKI, Maven Central, and Ethereum Name Service. When a domain expires and is transferred to a new owner, the systems still recognize and trust the previous owner, potentially allowing malicious actors to exploit this trust. This lingering trust can create security risks, as users may unknowingly interact with compromised or malicious domains. Addressing this problem is crucial for maintaining the integrity of online systems and protecting users from potential fraud or exploitation.

May 15, 2026

You're not going to patch your way out of this - PSW #926

SCM feed for Latest

A recent cybersecurity article warns about a significant vulnerability that cannot simply be fixed by applying patches. The issue affects multiple software systems and could leave users exposed if not addressed comprehensively. Researchers emphasize that traditional patch management strategies may not suffice, as attackers could exploit underlying flaws. This situation puts organizations at risk of data breaches and financial losses. The need for a more thorough approach to security is critical for companies relying on these systems.

May 14, 2026