Blog

From August 22 to September 1, VicOne and Block Harbor co-hosted the 2025 Global Vehicle Cybersecurity Competition (VCC), bringing together nearly 500 individuals of all skill levels, pursuing careers in automotive cybersecurity from around the world.

A bus hacking demo revealed how attackers could use a bus’s guest Wi-Fi to access and compromise critical systems, underscoring the need for stronger automotive cybersecurity in smart transit systems.

In our previous analysis, we argued that GenAI isn’t just a tool, it’s a living risk embedded in your automotive supply chain. We highlighted how AI models introduce unseen, evolving security risks at every stage of the AI lifecycle. But as the industry shifts toward GenAI-enabled, software-defined vehicles (SDVs), another powerful technology is rising fast—Agentic AI.

In this blog, we present a systematic OSINT-driven methodology, one that aligns with the Auto-ISAC Automotive Threat Matrix (ATM) and is tailored for automotive threat intelligence. This approach enables security researchers and car manufacturers to map the continually expanding attack surface of connected vehicles.

At Black Hat USA 2025, security researchers revealed how vulnerabilities in EV chargers could cause charging cables to overheat and burst into flames. Their findings underscore the urgent need for stronger safeguards and hardware protection to ensure the safety of these devices.

As GenAI becomes deeply embedded in automotive systems, it introduces not just new functionality but a new category of living, evolving supply chain risk.

We analyze the exploit chain used against the Tesla Wall Connector EV charger at Pwn2Own Automotive 2025, mapping it to the Automotive Threat Matrix and exploring its broader implications for automotive cybersecurity.

We examine how a signed Windows installer was used to deploy Redline Stealer malware, successfully bypassing traditional defenses. The incident reveals critical blind spots in automotive cybersecurity and highlights the need for zero-trust principles across the entire software supply chain.

The EU Cyber Resilience Act (CRA) has set cybersecurity requirements focusing on Products with Digital Elements (PDE). This means that manufacturers within the supply chain must monitor and report vulnerabilities once discovered. Otherwise, a fine of a substantial financial penalty will be imposed. In this landscape, what manufacturers need is a solution that offers proactive Vulnerability and SBOM Management.

A recently disclosed Linux flaw shows how seemingly ordinary bugs are starting to affect software-defined vehicles (SDVs). We unpack CVE-2025-6019, its impact on Automotive Grade Linux (AGL), and what it means for in-vehicle cybersecurity.

Replicating the core functions of a full-scale Resistant Automotive Miniature Network (RAMN) using just a single STM32 board is a practical, cost-effective way to dive into advanced in-vehicle networking. In this hands-on guide, we run through the step-by-step setup, enabling engineers and enthusiasts alike to prototype resilient automotive communication systems with minimal hardware.

A recent breach of the LockBit ransomware group exposed chat logs, offering a rare inside look at how victims were targeted and extorted. Automotive companies featured prominently among those attacked. We unpack the key findings and outline practical steps that automotive companies can take to block LockBit attacks or similar incidents.