CVE-2025-70994

CVE-2025-70994 affects Yadea T5 Electric Bicycles (models manufactured in/after 2024). The keyless-entry system uses the EV1527 fixed-code RF protocol without rolling codes or cryptographic challenge-response, enabling a local attacker who intercepts a legitimate fob transmission to perform a rep...

CVE-2026-2540 Micca KE700 Acceptance of previously used rolling codes

The Micca KE700 system contains flawed resynchronization logic and is vulnerable to replay attacks. This attack requires sending two previously captured codes in a specific sequence. As a result, the system can be forced to accept previously used stale rolling codes and execute a command...

EUVD-2026-5831

The Micca KE700 system contains flawed resynchronization logic and is vulnerable to replay attacks. This attack requires sending two previously captured codes in a specific sequence. As a result, the system can be forced to accept previously used stale rolling codes and execute a command...

PT-2026-8236

The Micca KE700 system relies on a 6-bit portion of an identifier for authentication within rolling codes, providing only 64 possible combinations. This low entropy allows an attacker to perform a brute-force attack against one component of the rolling code. Successful exploitation simplify an...

From ECU to VSOC: UDS Security Monitoring Strategies

Increasing complexity and connectivity of modern vehicles have heightened their vulnerability to cyberattacks. This paper addresses security challenges associated with the Unified Diagnostic Services UDS protocol, a critical communication framework for vehicle diagnostics in the automotive...

EUVD-2020-21813

Malware in sbrugna...

EUVD-2018-9810

Malware in sbrugna...

EUVD-2019-4380

Malware in sbrugna...

EUVD-2019-18867

Malware in sbrugna...

EUVD-2022-45505

Malicious code in bioql PyPI...

EUVD-2023-32519

Malicious code in bioql PyPI...

EUVD-2023-32523

Malicious code in bioql PyPI...

Exploit for Integer Overflow or Wraparound in Tesla Model_3_Firmware

CVE-2025-2082 – Function Pointer Overwrite PoV VCSEC-style...

$AutoGuardX$: a Comprehensive Cybersecurity Framework for Connected Vehicles

The rapid integration of Internet of Things IoT and interconnected systems in modern vehicles not only introduced a new era of convenience, automation, and connected vehicles but also elevated their exposure to sophisticated cyber threats. This is especially evident in US and Canada, where...

PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution

Cybersecurity researchers have discovered a set of four security flaws in OpenSynergy's BlueSDK Bluetooth stack that, if successfully exploited, could allow remote code execution on millions of transport vehicles from different vendors. The vulnerabilities, dubbed PerfektBlue , can be fashioned...

PT-2025-29081

Name of the Vulnerable Software and Affected Versions: OpenSynergy BlueSDK aka Blue SDK versions through 6.x Description: The BlueSDK Bluetooth stack contains an Improper Input Validation flaw. The issue stems from insufficient validation of the remote L2CAP channel ID CID. An attacker can exploi...

Volkswagen MIB3 Infotainment 安全漏洞

Volkswagen MIB3 Infotainment is an infotainment system on a vehicle from Volkswagen Germany. A security vulnerability exists in Volkswagen MIB3 Infotainment that stems from a disabled abort flag in the Bluetooth stack, which could lead to bypassing the assertion function...

Exploit for Integer Overflow or Wraparound in Tesla Model_3_Firmware

Tesla Nasıl Hacklenir? — Etkileşimli Senaryo Uygulaması Bu pr...

CISA Warns of Remote Control Flaws in SinoTrack GPS Trackers

The US CISA reports critical vulnerabilities in SinoTrack GPS devices that could let attackers remotely control vehicles and track locations. Discover the vulnerabilities and essential steps to secure your device...

CVE-2023-28896

Access to critical Unified Diagnostics Services UDS of the Modular Infotainment Platform 3 MIB3 infotainment is transmitted via Controller Area Network CAN bus in a form that can be easily decoded by attackers with physical access to the vehicle. Vulnerability discovered on Škoda Superb III 3V3 -...