The Living Risk Hiding in Automotive Supply Chain: GenAI Model Security Risks
As GenAI becomes deeply embedded in automotive systems, it introduces not just new functionality but a new category of living, evolving supply chain risk.
Blog
From Pwn2Own Automotive 2025: Unpacking the Tesla Wall Connector Exploit Chain and Its Broader Cybersecurity Implication
We analyze the exploit chain used against the Tesla Wall Connector EV charger at Pwn2Own Automotive 2025, mapping it to the Automotive Threat Matrix and exploring its broader implications for automotive cybersecurity.
Phishing Beyond Emails: How Compromised Installers Threaten Automotive Software Supply Chains
We examine how a signed Windows installer was used to deploy Redline Stealer malware, successfully bypassing traditional defenses. The incident reveals critical blind spots in automotive cybersecurity and highlights the need for zero-trust principles across the entire software supply chain.
Get CRA-Ready: One Platform to Simplify CRA Compliance
The EU Cyber Resilience Act (CRA) has set cybersecurity requirements focusing on Products with Digital Elements (PDE). This means that manufacturers within the supply chain must monitor and report vulnerabilities once discovered. Otherwise, a fine of a substantial financial penalty will be imposed. In this landscape, what manufacturers need is a solution that offers proactive Vulnerability and SBOM Management.
CVE-2025-6019: A Privilege Escalation Flaw With Implications for AGL and the Future of SDVs
A recently disclosed Linux flaw shows how seemingly ordinary bugs are starting to affect software-defined vehicles (SDVs). We unpack CVE-2025-6019, its impact on Automotive Grade Linux (AGL), and what it means for in-vehicle cybersecurity.
Replicating RAMN Using a Single STM32 Board: A Hands-On Exploration
Replicating the core functions of a full-scale Resistant Automotive Miniature Network (RAMN) using just a single STM32 board is a practical, cost-effective way to dive into advanced in-vehicle networking. In this hands-on guide, we run through the step-by-step setup, enabling engineers and enthusiasts alike to prototype resilient automotive communication systems with minimal hardware.
LockBit Ransomware Group Data Leak: Implications for Automotive Cybersecurity
A recent breach of the LockBit ransomware group exposed chat logs, offering a rare inside look at how victims were targeted and extorted. Automotive companies featured prominently among those attacked. We unpack the key findings and outline practical steps that automotive companies can take to block LockBit attacks or similar incidents.
The Recall Risk From Unseen Vulnerabilities: Strategies for Safer Software-Defined Vehicles
Traditional vulnerability management platforms overlook zero-day vulnerabilities, putting the automotive industry at risk. Discover how xZETA provides more visibility into vulnerabilities to help the industry stay ahead of emerging threats.
Exposing the Risks: Security Takeaways From a Successful Android OTA Decryption
By decrypting an Android OTA update to their vehicle’s infotainment system, a researcher gained access to proprietary code. We examine the method that the researcher used and what it means for modern vehicle security.
Automotive Threat Intelligence: Is It Your Shield or Your Burden?
As automotive cyberthreats grow more complex, automotive threat intelligence (TI) becomes more essential. But not all solutions reduce risk effectively. We explore why the right automotive TI approach can mean the difference between insight and information overload.
Why Dynamic TARA Matters: Gaining the Edge Before Attackers Do
Today’s threats move so fast that static threat analysis and risk assessment (TARA) can no longer keep up. We discuss how dynamic TARA gives organizations the edge, with faster response, tighter collaboration, and continuous protection.
Invisible Commands, Real Consequences: AI Prompt Injection in Vehicle Systems
As AI assistants become standard features in vehicles, new risks like prompt injection are emerging, quietly manipulating systems through seemingly harmless inputs. We explore how attackers could exploit invisible commands in everyday interactions and why securing AI at the input level is critical to automotive safety.
Apple CarPlay’s ‘AirBorne’ Vulnerabilities and What They Mean for the Automotive Industry
High-impact vulnerabilities in Apple’s AirPlay protocol, collectively known as “AirBorne,” expose CarPlay-equipped vehicles to remote code execution, privacy breaches, and potential system compromise. We explore how the vulnerabilities work, real-world scenarios where exploits could occur, and what users and automotive stakeholders can do to stay protected.
