Security researchers successfully exploited Tesla's Infotainment System during the Pwn2Own Automotive 2026 competition, demonstrating 37 zero-day vulnerabilities on the first day. They earned a total of $516,500 for their exploits, which showcase significant flaws in the system. This incident raises concerns about the security of Tesla vehicles and the potential risks they pose to users. As more vehicles become connected, the implications of such vulnerabilities could extend beyond just infotainment systems, affecting critical vehicle functions and user safety. Companies like Tesla need to prioritize addressing these vulnerabilities to protect their customers and maintain trust in their technology.
Articles tagged "Critical"
Found 915 articles
MITRE has introduced the Embedded Systems Threat Matrix (ESTM), a new framework designed to enhance the security of critical embedded systems. This initiative aims to assist organizations in identifying and mitigating potential threats that target their embedded devices, which are increasingly integral to various industries, from automotive to healthcare. By providing a structured approach to understanding vulnerabilities and attack vectors, the ESTM seeks to bolster defenses against cyber threats that could compromise the functionality and safety of these systems. This development is particularly relevant as the reliance on embedded technology continues to grow, making it essential for companies to adopt better security practices. The framework is expected to serve as a valuable resource for organizations looking to strengthen their cybersecurity measures in this area.
In January 2026, Oracle released its first Critical Patch Update (CPU) of the year, addressing approximately 230 unique vulnerabilities across over 30 of its products. This update includes a total of 337 new security patches, which users are encouraged to apply to protect their systems. These vulnerabilities could potentially expose systems to various security risks, making it crucial for affected organizations to implement the patches promptly. The update reflects Oracle's ongoing commitment to security, as it aims to mitigate risks associated with its software products. Users and administrators should ensure they are running the latest versions to safeguard against potential exploitation.
The European Commission is pushing for new cybersecurity legislation aimed at enhancing the security of telecommunications networks. This proposal focuses on the removal of high-risk suppliers, particularly those linked to foreign nations, to protect against threats from state-sponsored actors and cybercriminal groups targeting critical infrastructure. The initiative comes in response to increasing concerns about security vulnerabilities in supply chains and the potential for attacks on essential services. By strengthening these regulations, the EU aims to create a safer digital environment for its member states and reduce reliance on potentially unsafe technology providers. The move is significant as it could reshape how telecommunications are managed across Europe, impacting various vendors and service providers.
Congressional appropriators are moving forward with legislation that aims to extend an information-sharing law designed to enhance cybersecurity collaboration between the government and private sector. The proposed legislation also allocates funds to the Cybersecurity and Infrastructure Security Agency (CISA), ensuring it can maintain adequate staffing levels. Additionally, it mandates funding for election security and continues a grant program for state and local governments to bolster their cyber defenses. This initiative is crucial as it aims to strengthen the country's overall cybersecurity posture, especially in light of ongoing threats to critical infrastructure and election systems. By securing funding and support for CISA, the legislation seeks to enhance response capabilities and resilience against cyber attacks.
Security Affairs
TP-Link has addressed a serious vulnerability in its VIGI C and VIGI InSight camera models that allowed remote access to surveillance systems. This flaw, identified as CVE-2026-0629, has a CVSS score of 8.7, indicating high severity. Over 32 models were affected, with more than 2,500 devices exposed to the internet and potentially at risk of being hacked. Attackers could exploit this vulnerability to bypass local network restrictions, putting users' security and privacy in jeopardy. The fix for this issue is crucial for ensuring the safety of surveillance operations for both businesses and individuals who rely on these cameras.
HackerOne has introduced a new framework called the Good Faith AI Research Safe Harbor, aimed at protecting researchers who test AI systems. This initiative addresses the legal uncertainties that often hinder responsible AI research. By establishing clear guidelines, the framework allows organizations and researchers to work together more effectively to identify and mitigate risks associated with AI technologies. This is particularly important as AI continues to be integrated into essential services, where any vulnerabilities could have significant consequences. The move is expected to encourage more proactive research into AI safety and security.
Hackread – Cybersecurity News, Data Breaches, AI, and More
RansomHouse, a known cybercriminal group, claims to have breached Luxshare, a major contractor for Apple. However, as of now, there is no tangible evidence to support this claim, and the links associated with the breach are currently offline. This situation raises concerns because Luxshare plays a critical role in Apple's supply chain, and any data breach could potentially compromise sensitive information related to Apple's operations. The lack of verification means that while the claim exists, its legitimacy remains uncertain. Companies in similar sectors should remain vigilant as the situation develops, given the potential risks from such threats.
Infosecurity Magazine
Researchers from ReliaQuest have identified a phishing campaign targeting high-profile business executives through LinkedIn messages. The attackers are using an open-source penetration testing tool to craft convincing messages that trick individuals into revealing sensitive information. This campaign is particularly concerning because it targets 'high-value individuals,' making it more likely to succeed against those with access to critical company data. Companies need to educate their employees about recognizing phishing attempts and to implement stronger security measures to protect against these types of attacks. With the rise of social engineering tactics like this, vigilance is essential for safeguarding sensitive business information.
SCM feed for Latest
Researchers have discovered five malicious Chrome extensions designed to target users of Workday, NetSuite, and SuccessFactors. These extensions are capable of stealing cookies and preventing access to critical security pages on these platforms. This poses a significant risk to organizations that rely on these software solutions for their operations, as attackers can gain unauthorized access to sensitive information. Users of these platforms should be particularly vigilant about the extensions they install and ensure they are using only trusted sources. The presence of such malicious tools illustrates the ongoing challenges of keeping enterprise software environments secure.
The UK government's National Cyber Security Centre (NCSC) has issued a warning about ongoing Distributed Denial of Service (DDoS) attacks carried out by Russia-linked hacktivists. These attacks are targeting critical infrastructure and local government systems across the UK. The NCSC's alert, released on January 19, 2026, emphasizes the potential disruption these attacks can cause, putting essential services at risk. The government urges organizations to bolster their defenses against such incidents, highlighting that the threat remains persistent. This situation is particularly concerning as it could impact public safety and the functionality of vital services during times of crisis.
The U.K. government has issued a warning about ongoing attacks from Russian-aligned hacktivist groups that are targeting the country's critical infrastructure and local government entities. These attacks primarily involve disruptive denial-of-service (DDoS) tactics, which can overwhelm systems and render them inoperable. As these groups continue their campaigns, organizations may face significant operational challenges and potential data breaches. It’s crucial for affected entities to bolster their cybersecurity measures to mitigate the risks associated with these aggressive actions. The situation highlights a growing trend of politically motivated cyberattacks that can impact essential services and public safety.
The UK's National Cyber Security Centre (NCSC) has issued a warning about an increase in disruptive cyber attacks carried out by Russian hacktivists. These attacks are primarily targeting critical infrastructure across the UK, raising concerns about the potential for significant disruptions to essential services. The NCSC has not specified the exact organizations or sectors being targeted, but the implications could be serious for public safety and national security. As these attackers become more aggressive, organizations must remain vigilant and enhance their cybersecurity measures to prevent potential breaches. This development comes amid heightened geopolitical tensions, making it crucial for all sectors to be prepared for potential cyber threats.
Ingram Micro, a major player in the information technology sector, experienced a ransomware attack in July 2025 that compromised the personal data of over 42,000 individuals. The breach raises serious concerns about data security and the potential misuse of sensitive information, as attackers often seek to exploit such data for financial gain or identity theft. The scale of the incident highlights the ongoing risks that companies face from cyber threats, particularly in the IT sector, which is often targeted due to its critical role in global infrastructure. Affected individuals should remain vigilant for signs of identity theft and consider monitoring their accounts for unusual activity. Organizations must strengthen their cybersecurity measures to prevent similar incidents in the future.
A new vulnerability known as the WhisperPair attack has been discovered, affecting millions of Bluetooth audio accessories that improperly implement Google's Fast Pair technology. This flaw allows attackers to hijack devices, potentially leading to unauthorized access to audio streams and user data. Products impacted include various Bluetooth headphones, earbuds, and speakers from multiple manufacturers. The significance of this issue lies in the widespread use of Bluetooth audio devices, making many users susceptible to exploitation. Users are urged to check for updates from their device manufacturers to mitigate the risk.