✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨
Automotive
Breach intelligence, attack campaigns, and threat reports targeting the Automotive sector.
Explore Other Sectors
Automotive Threat Reports
Europe's Ransomware Epidemic: A 55% Surge in Early 2026
In the first four months of 2026, Europe experienced a significant surge in ransomware attacks, with incidents rising by 55% compared to the same period in 2025. This increase is attributed to factors such as attackers shifting focus from oversaturated markets like the U.S. to European targets, and the utilization of AI-assisted target research identifying vulnerabilities within European organizations. Notably, major economies including Germany, the UK, France, Italy, and Spain accounted for nearly 70% of these attacks, highlighting a concentration of cyber risk in Europe's largest markets. ([prnewswire.com](https://www.prnewswire.com/news-releases/black-kites-first-report-dedicated-to-europe-ransomware-incidents-rose-55-year-over-year-in-early-2026-as-supply-chains-become-a-key-attack-path-302808057.html?utm_source=openai)) This trend underscores the evolving tactics of ransomware groups, who are increasingly targeting supply chains to maximize impact. The Miljödata incident in August 2025 exemplifies this approach, where a ransomware attack on a Swedish HR software provider led to data breaches affecting numerous municipalities and corporations, including Volvo Group North America. ([incibe.es](https://www.incibe.es/en/incibe-cert/publications/cybersecurity-highlights/ransomware-attack-leads-data-breach-affecting-volvo-north-america-employees?utm_source=openai))
20 hours ago
Kill Chain
Critical Vulnerabilities in Rockwell Automation's FactoryTalk Historian SE Threaten Industrial Control Systems
In June 2026, Rockwell Automation disclosed multiple vulnerabilities in its FactoryTalk Historian Site Edition (SE) software, specifically affecting versions up to 11.00. The most critical, CVE-2025-13036, is an authentication bypass issue where an attacker can obtain a valid authentication token by repeatedly sending requests to the login endpoint. Additionally, CVE-2025-44019 and CVE-2025-36539 involve uncaught exceptions that could allow authenticated users to crash essential subsystems, leading to denial of service and potential data loss. These vulnerabilities pose significant risks to industrial control systems relying on this software. ([rockwellautomation.com](https://www.rockwellautomation.com/es-es/trust-center/security-advisories/advisory.SD1773.html?utm_source=openai)) The disclosure underscores the ongoing challenges in securing industrial control systems, highlighting the necessity for continuous monitoring and timely patching. Organizations must remain vigilant, as such vulnerabilities can be exploited to disrupt critical manufacturing operations, emphasizing the importance of robust cybersecurity practices in industrial environments.
6 days ago
Kill Chain
Critical Vulnerability in Mitsubishi Electric MELSEC iQ-F Series: CVE-2026-8805
In June 2026, Mitsubishi Electric disclosed a high-severity vulnerability (CVE-2026-8805) in its MELSEC iQ-F Series FX5-EIP EtherNet/IP Module. This flaw allows remote attackers to cause a denial-of-service (DoS) condition by rapidly establishing numerous TCP connections, leading to improper memory access and system instability. Affected versions include FX5-EIP up to and including version 1.000. ([mitsubishielectric.com](https://www.mitsubishielectric.com/fa/about-us/security/vulnerability/?utm_source=openai)) This incident underscores the critical importance of securing industrial control systems against network-based attacks. As cyber threats targeting operational technology (OT) environments increase, organizations must prioritize timely vulnerability management and implement robust network defenses to safeguard critical manufacturing processes.
6 days ago
Kill Chain
Critical DoS Vulnerability in Mitsubishi Electric's MELSEC iQ-F Series FX5-ENET/IP Module (CVE-2026-1876)
In March 2026, Mitsubishi Electric disclosed a high-severity denial-of-service (DoS) vulnerability (CVE-2026-1876) in its MELSEC iQ-F Series FX5-ENET/IP Ethernet Module. This flaw allows remote attackers to render the device unresponsive by continuously sending UDP packets, necessitating a system reset for recovery. The vulnerability affects all versions of the FX5-ENET/IP module, posing significant risks to industrial control systems reliant on this equipment. The incident underscores the critical importance of securing industrial control systems against network-based attacks. As similar vulnerabilities continue to emerge, organizations must proactively implement robust network security measures, including firewalls and VPNs, to mitigate potential threats and ensure operational continuity.
6 days ago
Kill Chain
Global Operation Dismantles SocGholish Botnet Linked to Evil Corp
In June 2026, an international law enforcement operation, including agencies from the United States, Canada, Germany, the Netherlands, and Europol, successfully disrupted the SocGholish botnet, a malware framework linked to the Russian cybercriminal group Evil Corp. The coordinated effort led to the takedown of 106 servers and the remediation of nearly 15,000 infected websites, primarily hosted on WordPress platforms. SocGholish, active since 2017, compromised legitimate websites to redirect users to malicious traffic distribution systems, facilitating further malware infections and enabling ransomware campaigns and espionage activities. This operation significantly impaired Evil Corp's ability to exploit these compromised sites for malicious purposes. The takedown of the SocGholish botnet underscores the persistent threat posed by sophisticated cybercriminal organizations like Evil Corp. Despite this disruption, the group's leaders remain at large, and similar malware campaigns continue to evolve. Organizations must remain vigilant, implementing robust cybersecurity measures to protect against such threats and staying informed about emerging attack vectors. ([moncloa.com](https://www.moncloa.com/2026/06/18/desmantelamiento-evil-corp-2026-3386510/?utm_source=openai))
6 days ago
Kill Chain
Attacker Exploits Tailscale and OpenSSH for Persistent Access in French Automotive Business Breach
In April 2026, a French-speaking attacker, identified as 'Poisson,' infiltrated a small French automotive business. Utilizing a VBScript stager and PowerShell loader, he deployed the Havoc Demon agent in memory, avoiding disk detection. For persistence, he established scheduled tasks and injected shellcode into Explorer.exe. Notably, before his command-and-control (C2) server went offline, Poisson installed OpenSSH and Tailscale on a compromised machine, creating an independent access route. This allowed him to maintain control even after the C2 server was deactivated, leading to the theft of banking and email credentials. This incident underscores the evolving tactics of cybercriminals who leverage legitimate tools like Tailscale and OpenSSH to establish resilient backdoors. The use of such tools complicates detection and remediation efforts, highlighting the need for organizations to monitor for unauthorized installations and unusual network configurations.
1 week ago
Kill Chain
Critical Vulnerabilities in Rockwell Automation's CompactLogix 5370 Controllers: Immediate Action Required
In June 2026, Rockwell Automation disclosed two critical vulnerabilities affecting its CompactLogix 5370 series controllers, specifically models L1, L2, and L3. The first vulnerability, CVE-2025-11694, involves improper validation of sequence numbers and source IP addresses in the CIP protocol, allowing attackers to exploit exposed Connection IDs to induce denial-of-service conditions. The second, CVE-2026-9307, pertains to the exposure of sensitive system information through the controller's web server, which reveals CIP Connection IDs to unauthenticated users, potentially leading to similar denial-of-service attacks. Both vulnerabilities have been addressed in firmware version V38.011, and users are strongly advised to update their systems accordingly. ([rockwellautomation.com](https://www.rockwellautomation.com/es-es/trust-center/security-advisories/advisory.PN1025.html?utm_source=openai)) These vulnerabilities underscore the persistent risks in industrial control systems, particularly in critical manufacturing sectors. The disclosure highlights the necessity for continuous monitoring, timely patch management, and adherence to cybersecurity best practices to safeguard operational technology environments from potential disruptions.
1 week ago
Kill Chain
Critical Vulnerabilities in Rockwell Automation FLEX I/O EtherNet/IP Adapters: CVE-2026-0646 and CVE-2026-0647
In June 2026, Rockwell Automation disclosed two critical vulnerabilities affecting their FLEX I/O EtherNet/IP Adapters, specifically models 1794-AENTR and 1794-AENTRXT version 2.012. The first vulnerability (CVE-2026-0646) involves improper memory handling of CIP protocol requests, leading to a denial-of-service condition that requires a manual reset. The second vulnerability (CVE-2026-0647) allows unauthenticated attackers to change the device's web interface password via a crafted HTTP GET request, potentially resulting in unauthorized access and account takeover. ([netstorage.rockwellautomation.com](https://netstorage.rockwellautomation.com/WebFiles/Resources/RAFirmware/1794-Products/1794-RN076G-EN-E.pdf?rwtoken=1778347671_97396ee2108d37e1ebe005d3b4e136a3&utm_source=openai)) These vulnerabilities are particularly concerning for critical manufacturing sectors, as exploitation could disrupt industrial operations and compromise system integrity. The increasing connectivity of industrial control systems heightens the risk of such vulnerabilities being exploited, emphasizing the need for timely updates and robust security measures.
1 week ago
Kill Chain
Critical Vulnerability in Rockwell Automation's FactoryTalk Analytics PavilionX: CVE-2025-14272
In June 2026, Rockwell Automation disclosed a critical vulnerability (CVE-2025-14272) in its FactoryTalk Analytics PavilionX software, versions prior to 7.01. This flaw arises from improper authorization enforcement in API endpoints, potentially allowing unauthorized actors to execute privileged operations, including user and role management. The vulnerability affects critical manufacturing sectors worldwide, with Rockwell Automation headquartered in the United States. To mitigate this risk, users are advised to update to version 7.01 or later. This incident underscores the persistent challenges in securing industrial control systems (ICS) and the importance of timely software updates. As cyber threats targeting ICS environments continue to evolve, organizations must remain vigilant and proactive in addressing vulnerabilities to safeguard operational integrity.
1 week ago
Kill Chain
Critical DoS Vulnerability in Rockwell Automation RSLinx Classic: CVE-2020-13573
In November 2020, a denial-of-service (DoS) vulnerability, identified as CVE-2020-13573, was discovered in Rockwell Automation's RSLinx Classic software, version 2.57.00.14 CPR 9 SR 3. This vulnerability resides in the Ethernet/IP server functionality and can be exploited by remote attackers sending specially crafted network requests, leading to a DoS condition. The vulnerability was reported by Cisco Talos and has a CVSS v3.0 base score of 7.5, indicating high severity. ([talosintelligence.com](https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1184?utm_source=openai)) The relevance of this vulnerability persists due to the widespread deployment of RSLinx Classic in industrial control systems. Exploitation could disrupt critical manufacturing, energy, and water sectors, emphasizing the need for timely patching and adherence to cybersecurity best practices to mitigate potential threats.
1 week ago
Kill Chain
Check Point VPN Zero-Day Exploited by Qilin Ransomware
In early May 2026, Check Point identified a critical authentication bypass vulnerability, CVE-2026-50751, in its Remote Access VPN and Mobile Access products configured with the deprecated IKEv1 protocol. This flaw allows unauthenticated remote attackers to establish VPN connections without valid credentials. Exploitation began on May 7, 2026, affecting a limited number of organizations globally, with at least one incident linked to the Qilin ransomware group. Check Point has released patches and mitigation measures to address this vulnerability. The exploitation of CVE-2026-50751 underscores the risks associated with using outdated protocols like IKEv1. Organizations are urged to update their systems promptly and transition to more secure configurations to prevent unauthorized access and potential ransomware attacks.
2 weeks ago
Kill Chain
Critical Vulnerability in ABB's PPT30 Operating System: CVE-2025-11482
On May 26, 2026, ABB disclosed a vulnerability (CVE-2025-11482) in its PPT30 Operating System versions prior to 1.8.0. This flaw resides in the OPC-UA Server component, where an unauthenticated attacker can exploit resource allocation issues to cause a denial-of-service condition, rendering the server unresponsive and disrupting industrial control processes. The vulnerability has a CVSS v3.1 base score of 7.5, indicating a high severity level. ([nvd.nist.gov](https://nvd.nist.gov/vuln/detail/CVE-2025-11482?utm_source=openai)) The disclosure underscores the critical need for timely patching in industrial control systems to prevent potential operational disruptions. Organizations are advised to upgrade to version 1.8.0 or later and implement network segmentation to mitigate risks associated with this vulnerability. ([feed.craftedsignal.io](https://feed.craftedsignal.io/briefs/2026-05-abb-ppt30-cve-2025-11482/?utm_source=openai))
3 weeks ago
Kill Chain
Stop Active Cloud Data Exfiltration
Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.
Looking for threats in a different sector?
Browse All Threat Reports