automotive cybersecurity
-
China’s MSS says NSA carried out ‘premeditated’ cyber operation against national time service
China’s Ministry of State Security said in a WeChat post it uncovered ‘irrefutable evidence’ that the U.S. NSA carried out a multi-year cyber operation against the National Time Service Center, alleging credential theft, deployment of a platform with 42 tools, and attempts to disrupt timing systems; the MSS said Chinese agencies neutralized the activity.
-
Have I Been Pwned reports 17.6 million addresses affected in Prosper data breach
Prosper, a peer-to-peer lending marketplace, disclosed a breach detected on Sept. 2. Data breach service Have I Been Pwned reported 17.6 million unique email addresses were exposed and said the stolen records include Social Security numbers and other personal data. Prosper said it has not found evidence of account or fund access and is investigating…
-
DraftKings warns accounts breached in credential stuffing attacks
DraftKings said an undisclosed number of customer accounts were accessed in credential stuffing attacks that exposed a limited set of account details; the company is requiring password resets, urging multifactor authentication and advising customers to monitor financial and credit accounts.
-
Archer Health data breach exposes 145,000 patient records in publicly accessible database
A California-based in-home health provider, Archer Health Inc., left a 23 GB cache of medical and personal data publicly accessible, exposing more than 145,000 files including patient names, SSNs and medical histories. The database was secured within hours after a cybersecurity researcher alerted investigators, and the company says it is investigating the incident, which underscores…
-
Critical CVSS-10 Flaw in Fortra GoAnywhere MFT Prompts Urgent Patch and Contingency Measures
A CVSS-10 vulnerability in Fortra's GoAnywhere MFT (CVE-2025-10035) threatens enterprise data transfers. The deserialization flaw in the License Servlet could enable remote code execution if exploited. Patches are available, and experts warn that thousands of internet-facing deployments may be at immediate risk unless mitigations are applied.
-
Malicious Rust crates impersonating fast_log steal Solana and Ethereum wallet keys, researchers say
Cybersecurity researchers say two malicious Rust crates impersonating the fast_log logging library were used to harvest Solana and Ethereum wallet keys from source code, with Crates.io removing the packages and preserving logs for analysis after responsible disclosure.
-
FBI Warns of Fake IC3 Websites Designed to Steal Personal Data
The FBI warning highlights that criminals are creating spoofed IC3 websites to harvest personal data, noting more than 100 impersonation reports since late 2023 and urging direct access to IC3.gov and vigilance against look-alike domains and scam communications.
-
Security firm flags in-the-wild exploitation of Pandoc flaw CVE-2025-51591 to target AWS IMDS
Security researchers at Wiz have observed in-the-wild exploitation of CVE-2025-51591, a Pandoc flaw that enables SSRF against AWS EC2 IMDS, with attackers attempting to exfiltrate data via crafted iframes. The activity underscores the importance of IMDSv2 and least-privilege IAM roles to mitigate cloud credential exposure.
-
SEO-poisoning BadIIS malware tied to Operation Rewrite targets East and Southeast Asia, researchers say
Security researchers say a Chinese-speaking actor is using the BadIIS malware in an Operation Rewrite SEO-poisoning campaign to hijack search results via a compromised IIS proxy, targeting East and Southeast Asia with Vietnam as a focus.
-
Google patches Chrome zero-day exploited in the wild; updates rolled out across Windows, macOS and Linux
Google released security updates for Chrome to fix four vulnerabilities, including a zero-day exploited in the wild (CVE-2025-10585) in the V8 engine, with patches available for Windows, macOS and Linux and guidance to update across Chromium-based browsers.
