Search Results: SupplyChainRisk

Hyundai AutoEver America (HAEA), the IT backbone of Hyundai and Kia's automotive operations, suffered a data breach exposing Social Security Numbers and driver's licenses. The breach persisted for over a week before detection, highlighting critical vulnerabilities in automotive IT ecosystems. This incident adds to Hyundai's troubling history of cybersecurity lapses across its global operations.

The newly released Python 3.12.4 addresses a severe security vulnerability (CVE-2023-6597) in the HTTP protocol stack. Attackers could exploit improper handling of non-ASCII characters in headers to execute arbitrary code on vulnerable servers. This patch is critical for all Python web applications using the standard library's http.server or related modules.

Electronics giant Avnet confirms hackers stole terabytes of data from its EMEA cloud storage but claims the information remains unreadable without proprietary tools. Threat actors counter they possess plaintext PII samples, creating a critical discrepancy in the incident's severity. The breach highlights persistent cloud security vulnerabilities in global supply chains.

A cybercrime group infiltrated Red Hat's private GitLab instance, stealing sensitive consulting reports and claiming access to customer infrastructure details. While Red Hat confirms the breach but downplays immediate product risks, the incident reignites critical questions about trust in open-source supply chains.

Samsung has issued an emergency patch for a critical zero-day vulnerability (CVE-2025-21043) in its image processing library, allowing remote code execution on Android devices. Discovered by Meta and WhatsApp security teams and already exploited in the wild, this flaw impacts Android 13 through 16. Users must install the September security update immediately to prevent potential device takeover.

Texas Attorney General Ken Paxton has filed a lawsuit against education software giant PowerSchool for a massive 2024 data breach that compromised the personal data of 62 million students globally. The breach, enabled by stolen subcontractor credentials, led to ransom demands and extortion of school districts despite payment, culminating in a guilty plea from a 19-year-old perpetrator.