Transport

Elixir-Tesla Compression Vulnerability

A vulnerability was discovered in elixir

AI Expands Travel Tech Threat Model

The travel industry's interconnected ecosystem is at increased risk due to AI-powered threats, including prompt injection and shadow AI adoption. This affects companies in the travel and hospitality sectors, as well as their customers. To mitigate these risks, organizations should reassess their threat models and implement AI-specific security measures.

Train, Lawnmower Hacks Exposed

A radio enthusiast used a £300 device to disrupt high-speed trains, while owners of a $4,000 robot lawnmower are vulnerable to hijacking and data theft. Those affected include train passengers and lawnmower owners who have not changed default passwords. Users should prioritize changing default passwords and monitoring firmware updates.

AI-Powered App Attacks Rise

A recent report by Digital.ai warns that AI-powered attacks on mobile apps are becoming faster, more frequent, and harder to stop, affecting all industries. These attacks can occur within hours of an app's release, erasing the distinction between emerging and primary targets. Users and developers should be vigilant and take proactive measures to secure their apps.

Vulnerability Exploitation Tops DBIR

According to the 2026 Verizon Data Breach Investigations Report, vulnerability exploitation has become the most common initial access vector, surpassing stolen credentials. This shift affects organizations of all sizes and industries, emphasizing the need for robust vulnerability management. To mitigate this risk, prioritize vulnerability patching and implement a comprehensive security strategy.

BYD Atto3 Auth Key Disclosure

A vulnerability in the BYD Atto3 allows attackers to obtain an authentication key through brute force attacks, potentially enabling unauthorized access to the Electronic Parking Break (EPB) and Supplemental Restoration System (SRS) related ECUs. This affects BYD Atto3 owners and users. Users should monitor for updates and patches from the manufacturer to address this issue.

Cyber-Enabled Cargo Theft

Cybercrime groups are using phishing emails and stolen credentials to steal freight from supply chains, affecting transportation and logistics companies. This shift in tactics allows thieves to reroute shipments without physical hijackings. Companies should review their security protocols to prevent such attacks.

Š

Škoda's online shop was breached due to a software vulnerability, allowing attackers temporary unauthorized access. The company has taken the shop offline, fixed the vulnerability, and reported the incident to authorities. Customers who have used the online shop should monitor their accounts for suspicious activity.

phpVMS Authorization Bypass

A critical vulnerability in phpVMS, a PHP application for simulating airlines, allows unauthenticated access to a legacy import feature, potentially causing full database wipe. Users of phpVMS versions prior to 7.0.6 are affected. To mitigate this vulnerability, users should update to version 7.0.6 as soon as possible. KEY

Taiwan Rail Hack

A 23-year-old student triggered an emergency alarm on Taiwan's high-speed rail system, disrupting service and exposing a security gap. The incident affected four trains, causing nearly an hour of delays during a holiday period. Users of critical infrastructure systems should review their security protocols to prevent similar incidents.

GPS Interference Detector Developed

Researchers at Oak Ridge National Laboratory have created a portable detector kit to identify GPS interference, including spoofing and jamming attacks. This development can help mitigate the growing threat of GPS interference, which affects various industries relying on GPS technology. Users of GPS-dependent systems should be aware of this development and consider implementing similar detection measures.

E-Motorcycles, Scooters Vulnerable

Vulnerabilities in electric motorcycles and scooters have been discovered, posing physical security and safety risks to riders. Affected models include Zero Motorcycles and Yadea electric scooters. Riders and owners should be aware of these risks and take precautions to secure their vehicles.

SQL Injection in Courier Mgmt System

A vulnerability in the itsourcecode Courier Management System allows for SQL injection attacks via the edit_branch.php file. Users of this system are at risk of data exposure and potential system compromise. To mitigate, apply patches or updates as soon as possible.

Public

A security vulnerability in public EV chargers has been demonstrated, allowing attackers to disable all chargers in a city. This affects cities with public EV charging infrastructure, potentially disrupting transportation. Users and administrators should review security protocols to prevent such attacks.

SpiceJet Booking System Vulnerability

A vulnerability has been reported in the SpiceJet Online Booking System, allowing for authorization bypass through remote manipulation. This issue affects users of the online booking system. No exploit is

SpiceJet Booking System Vulnerability

A critical vulnerability has been discovered in the SpiceJet Online Booking System, affecting its authentication process. This issue allows for remote exploitation, potentially impacting users of the system. Users are advised to exercise caution when using the system until a patch is available.

Zero Motorcycles Firmware Vulnerability

A vulnerability in Zero Motorcycles firmware versions 44 and prior allows an attacker to forcibly pair a device with the motorcycle via Bluetooth, potentially leading to malicious firmware uploads. The motorcycle must be in Bluetooth pairing mode and the attacker must be in proximity. Users should update their firmware to a version later than 44 to mitigate this risk.

Gentlemen Ransomware Exp

The Gentlemen ransomware-as-a-service (RaaS) has experienced rapid growth, with an increasing number of affiliates and multi-platform attacks. This expansion affects organizations across various sectors, potentially leading to widespread infections and data breaches. To mitigate the risk, organizations should prioritize robust security measures and regular system updates.

Cargo Theft via Cyber Attacks

Hackers are infiltrating logistics firms to steal cargo and divert payments, with attacks linked to organized crime and rising losses. Trucking and logistics companies are primarily affected, and should take immediate action to secure their systems. Proofpoint researchers observed coordinated remote access campaigns to steal cargo and divert payments.

Coast Guard Cybersecurity Rules

The US Coast Guard has introduced new cybersecurity rules under the Maritime Transportation Security Act (MTSA)