Set for January 2026 at Automotive World in Tokyo, the contest will have six categories, including Tesla, infotainment systems, EV chargers, and automotive OSes. The post Over $3 Million in Prizes Offered at Pwn2Own Automotive 2026 appeared first on SecurityWeek.
Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously. Zendesk is an automated help desk service designed to make it simple for people to contact companies for customerRead More »Email Bombs Exploit Lax Authentication in Zendesk
Sotheby’s has disclosed a data breach impacting personal information, including SSNs. The post Hackers Steal Sensitive Data From Auction House Sotheby’s appeared first on SecurityWeek.
Here’s the summary: We pointed a commercial-off-the-shelf satellite dish at the sky and carried out the most comprehensive public study to date of geostationary satellite communication. A shockingly large amount of sensitive traffic is being broadcast unencrypted, including critical infrastructure, internal corporate and government communications, private citizens’ voice calls andRead More »A Surprising Amount of Satellite Traffic Is Unencrypted
The danger isn’t that AI agents have bad days — it’s that they never do. They execute faithfully, even when what they’re executing is a mistake. A single misstep in logic or access can turn flawless automation into a flawless catastrophe. This isn’t some dystopian fantasy—it’s Tuesday at the officeRead More »Identity Security: Your First and Last Line of Defense
CVE-2025-55315 is an HTTP request smuggling bug leading to information leaks, file content tampering, and server crashes. The post ‘Highest Ever’ Severity Score Assigned by Microsoft to ASP.NET Core Vulnerability appeared first on SecurityWeek.
Incident description The first version of the AdaptixC2 post-exploitation framework, which can be considered an alternative to the well-known Cobalt Strike, was made publicly available in early 2025. In spring of 2025, the framework was first observed being used for malicious means. In October 2025, Kaspersky experts found that theRead More »Post-exploitation framework now also delivered via npm
Cybersecurity researchers have disclosed details of a recently patched critical security flaw in WatchGuard Fireware that could allow unauthenticated attackers to execute arbitrary code. The vulnerability, tracked as CVE-2025-9242 (CVSS score: 9.3), is described as an out-of-bounds write vulnerability affecting Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 upRead More »Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices
Hackers stole names, addresses, dates of birth, email addresses, Social Security numbers, government IDs, and other information. The post Prosper Data Breach Impacts 17.6 Million Accounts appeared first on SecurityWeek.
An attacker can exploit the flaws to put devices into a permanent DoS condition that prevents remote restoration. The post Vulnerabilities Allow Disruption of Phoenix Contact UPS Devices appeared first on SecurityWeek.
