Yazılar

Stellantis reports data breach at third-party provider for North America

/in /tarafından

Stellantis, the parent company of Chrysler, said on Sunday it had detected unauthorized access at a third-party service provider supporting its North American customer service operations.

The company confirmed that the breach exposed only basic contact information, with no financial or highly sensitive personal data compromised. Stellantis did not specify how many customers were affected.

“Upon discovery, we immediately activated our incident response protocols … and are directly informing affected customers,” Stellantis said, adding that authorities have been notified. The automaker urged customers to remain vigilant against phishing attempts.

The breach is the latest in a growing wave of cyberattacks targeting automakers. Earlier this month, Jaguar Land Rover was forced to shut factories until September 24 after a major cyber incident disrupted retail and production operations.

The rise in attacks reflects the increasing vulnerability of the automotive industry, as digital platforms and connected services become more integral to customer operations and vehicle support systems.

Suspected Russian Hackers Use Sophisticated New Tactic to Target UK Researcher

/in /tarafından

Suspected Russian hackers deployed a novel and highly convincing tactic to trick British researcher Keir Giles into compromising his own accounts, according to Giles and cybersecurity experts.

Last month, the hackers impersonated a U.S. State Department official named “Claudie Weber” who contacted Giles via email to arrange a meeting requiring use of a secure government app. Although the email came from a Gmail address, the communication was fluent, idiomatic, and included apparent State Department colleagues copied on the exchange. Giles, a seasoned expert on Russia and espionage, was usually wary but was eventually deceived by the professionalism and persistence over nearly two weeks.

Giles provided an app-specific password—a credential that grants third-party app access but can bypass regular password protections—thus exposing his account.

Alphabet’s Google attributed the attack to the Russian government, citing similarities to prior campaigns. The Russian Foreign Ministry did not respond to inquiries. Giles described the operation as seamless, with no obvious red flags even in hindsight.

Cybersecurity researchers from Citizen Lab noted the attack’s fluency might indicate the use of advanced AI, such as large language models, to craft convincing messages—marking a significant upgrade from typical error-ridden phishing attempts. They also pointed out that the hackers exploited the lack of error messages when sending emails to fake State Department addresses.

This sophisticated social engineering attack highlights evolving cyber threats where even cautious experts can be deceived by carefully orchestrated campaigns.

The U.S. State Department did not immediately comment on the incident.