ShinyHunters vishing attack against an online automotive marketplace help desk exfiltrated 12.4 million user records (6.1 GB) in mid-February 2026

Q4 2025 automotive vulnerabilities mapped to 19 distinct TTPs in the Auto-ISAC Automotive Threat Matrix

Q4 2025 severity breakdown: 146 Medium, 54 High and 2 Critical automotive vulnerabilities

88% of Q1 2026 automotive vulnerabilities require Low Attack Complexity

Ethernet represented over 25% of all automotive attack vector entries in Q1 2026

BEAST threat actor leaked 700 GB of internal data from a large Chinese automotive group in late February 2026

2024 SafePay ransomware breach at a global BPO provider exposed nearly 17,000 employees and customers of a major commercial vehicle manufacturer, disclosed in January 2026 after a 14-month notification delay

Incransom ransomware group published a 200 GB leak from a Tier-1 electronics component supplier in January 2026

An automotive parts marketplace database with over 7.7 million records was exposed via a misconfigured Elasticsearch instance in January 2026

3.7 million of the 12.4 million records exposed in the ShinyHunters automotive marketplace breach were previously unseen in other breaches

206 unique automotive vulnerabilities identified in Q4 2025, a 19% increase over Q3 2025

Q4 2025 automotive vulnerabilities span 64 unique CWEs

Local Shell was the most frequent attack vector in Q4 2025, representing over 62% of total automotive entries

Ethernet and Wi-Fi combined accounted for more than 18% of Q4 2025 automotive attack vectors

In-vehicle and Virtualization target types accounted for 95%+ of Q4 2025 automotive vulnerabilities

14 different attack methods observed in Q4 2025 automotive vulnerabilities

Pwn2Own Automotive 2026 in Tokyo produced 76 unique zero-days and $1.047 million in payouts

DrainDead portable EV battery siphoning rig was built for approximately €1,200 using a solar inverter and CCS adapter

Ultra-Fast Wireless Charging attack synchronises with the charger's signal within only three cycles, defeating frequency hopping countermeasures

160 Medium, 75 High, and 16 Critical automotive vulnerabilities identified in Q1 2026