LogoLogo

Podcasts

Newsletters

Videos

Catalog

People

About

Search

Risky Bulletin Newsletter

July 08, 2026

Risky Bulletin: All new cars to include a camera aimed at the driver's face

Written by

Catalin Cimpanu
Catalin Cimpanu

News Editor

This newsletter is brought to you by Sublime Security. You can subscribe to an audio version of this newsletter as a podcast by searching for "Risky Business" in your podcatcher or subscribing via this RSS feed. You can also add the Risky Business newsletter as a Preferred Source to your Google search results by going here.

All new cars manufactured and sold in the EU and in the US will have to include a mandatory infrared camera aimed at the driver's face at all times, which is alarming some privacy groups.

The infrared camera will track the driver's head position and eye movements and then alert distracted drivers if their eyes go off the road.

The new regulation has entered into effect in the EU on Monday and will enter into effect next year in the US. In the EU, the new camera requirement is part of the block's second General Safety Regulation (GSR2), a broader swath of new safety rules introduced for the auto industry and designed to improve road safety.

🔸Advanced emergency brake detecting pedestrians and cyclists 🔹Advanced driver distraction warning system 🔸Better forward vision 🔹New tests for worn tyres 🔸Expanded safety glass area designed to protect pedestrians during accidents

[image or embed]

— European Commission (@ec.europa.eu) July 5, 2026 at 10:22 AM
via RAC UK

Both directives say the cameras must not collect biometric data and that all information must stay on the car, but don't specify penalties for rulebreakers—and there will be rulebreakers.

Privacy experts have warned that compliance and enforcement will be a problem, as carmakers have historically been some of the biggest offenders in consumer privacy over the past decade.

Governments like to pass strong privacy protections, but they then drag their feet enforcing them for decades, or give offenders a pass. The best example here is the super-awesome GDPR itself, with only 0.5% of all GDPR fines issued in Ireland, the home of most tech giants activating in the EU, being collected since the regulation entered into effect.

Coming back to the camera requirement, also known as the Advanced Driver Distraction Warning (ADDW) system, it's already clear that some carmakers are already set to break it. Answering questions from Belgium's state broadcaster VRT, Volvo says it will process the data on "secure servers" in real-time, which—NEWS ALERT—is not on the car!

We learned earlier this decade that carmakers were intercepting SMS texts and recording calls through infotainment systems, and we learned last year that carmakers were selling braking data to data brokers, which were then selling it to car insurance companies, which in turn were using it to jack up rates for "aggressive" drivers. Don't be surprised if your car insurance goes up in the coming years because you looked too many times down to your phone.

Fun times ahead for vehicle owners!

Risky Business Podcasts

The main Risky Business podcast is now on YouTube with video versions of our recent episodes. Below is our latest weekly show with Pat, Adam, and James at the helm!


Breaches, hacks, and security incidents

UK Foreign Office impacted by Fortibleed: Hackers are selling credentials stolen from the UK Foreign Office in a hack earlier this year. The credentials are for firewall and VPN servers installed at the agency, British embassies, and some UK local councils. They were gathered during the FortiBleed hack, when a hacker stole credentials from almost 80,000 Fortinet devices. A threat actor going by SantaAd has taken credit for the FortiBleed campaign. The UK Foreign Office credentials are being sold as one archive for $60,000. [The Telegraph]

Prince Harry loses Daily Mail hacking lawsuit: A UK judge has dismissed a case filed by Prince Harry and six others against UK tabloid the Daily Mail. The judge ruled that the plaintiffs failed to prove that the newspaper used hacking and other illegal tactics to obtain information for their articles. Other plaintiffs included singer Elton John and actress Elizabeth Hurley. Prince Harry successfully sued and won similar cases against the Daily Mirror and The Sun. Both newspapers admitted their guilt, but not the Daily Mail. [Associated Press]

Predator victims sue Intellexa: Eight Predator victims have sued spyware malware Intellexa, seeking €7,600,000 million in damages. Victims include Greek politicians, a former Meta manager, journalists, and former Greek intel officials. The trial is set to begin next April. [eKathimerini]

US Army defacements: Multiple US Army websites have been defaced by a pro-Kuridsh group with messages attacking Donald Trump and US Ambassador to Türkiye Tom Barrack. [CyberScoop]

BONK hacked for $20m: Hackers have stolen $20 million worth of crypto-assets from the BONK meme coin. The hackers pulled off a malicious governance attack that sent 4.4 trillion BONK coins to their wallets. Upbit and Kraken have paused BONK transactions as the hack is being investigated. [Decrypt]

Ctrl Wallet shuts down after exploit: The Ctrl Wallet multi-chain wallet will shut down on August 3 after the platform was hit by an exploit at the end of June. The service didn't say how much it lost, but told users to withdraw their funds within the next month. Ctrl Wallet is one of several Cardano-based wallets that got hit by mysterious exploits at the end of last month. [CoinTelegraph // Ctrl Wallet security incident]

Ill Bloom bug exploited to steal crypto: Hackers have stolen more than $3.1 million worth of cryptocurrency from wallets with weak private keys. The attackers exploited a vulnerability named Ill Bloom. The vulnerability allowed attackers to recover a crypto-wallet's private key from its public address due to weak randomness. According to security firm Coinspect, the hacks impacted users who generated their public addresses using "less widely used mobile software wallets." [Coinspect]

General tech and privacy

Amazon puts Mechanical Turk on life support: Amazon will stop accepting new customers for its Mechanical Turk service, effectively putting the service on life support until existing subscriptions expire and it can shut it down. [TechCrunch]

Class-action accuses RAM makers of price fixing: A class-action lawsuit filed in California has accused the world's top three memory chip makers—Samsung, SK Hynix, and Micron —of colluding to drive up RAM prices for profit. The three companies account for 90% of the RAM market. [OpenClassActions] [h/t PrivacyBetty]

Godot bans AI code slop: The Godot open-source gaming engine has banned contributors from submitting AI-generated code contributions. The project says it "can't trust heavy users of AI to understand their code enough to fix it" when it breaks. Godot says its team is already flooded with contributions and does not have the time to deal with "low-effort slop." [Godot]

Meta in trouble with US states: Meta says four US states—California, Colorado, Kentucky and New Jersey—are seeking combined penalties of $1.4 trillion over its addictive designs of Facebook and Instagram. The company is currently worth $1.5 trillion. [Reuters]

Tech platforms fail to deploy age restrictions in Australia: Young children can still set up social media accounts in Australia even after the government passed a minimum age requirement. An academic study found that tech platforms are very rarely prompting children to prove their age before registering a new account. [BMG // University of Newcastle]

Government, politics, and policy

Canada hacked a ransomware gang: Canada's top spy agency carried out offensive cyber operations against a ransomware platform last year. The unnamed group had allegedly been involved in more than 25 hacks across Canada. The Communications Security Establishment says it worked with Five Eyes partners to render the group's infrastructure inoperable and deleted stolen data after it was advertised for sale. The agency also targeted ten other ransomware groups with "technical disruptions." Other CSE cyber operations also targeted a group of violent extremist recruiting in Canada and a drug gang linked to fentanyl production. [The Globe and Mail // TechCrunch // CSE report, PDF]

The Communications Security Establishment (CSE) released its 2025-26 Annual Report today. I will comment on some of the points that stood out for me in the thread that follows. www.cse-cst.gc.ca/en/accountab...

[image or embed]

— Bill Robinson (@billrobinson.bsky.social) June 30, 2026 at 12:31 AM

DHS IG investigates CISA reassignments: The Department of Homeland Security inspector general is investigating the agency for forcibly reassigning CISA staff to immigration-related operations. Tens of CISA senior staff were forced to take new roles with ICE and CBP last year during former DHS Secretary Kristi Noem. The procedure is also known as forced reassignment and those who didn't take the new roles were forced to quit. The investigation will seek to determine if the reassignments followed US federal laws. [FNN]

Cyber Hiroshima: UK Foreign Secretary Yvette Cooper has likened AI to the effect of the Hiroshima nuclear bomb. Not quite the Cyber Armageddon reference the infosec peeps like to joke about, but close enough. Regardless of my quip, it is a good piece on the current geo-political landscape. [Chatham House]

This is very much worth a read from the Foreign Secretary @yvettecooper-mp.bsky.social. It's a serious assessment of where the UK stands in the world, our strengths and our weaknesses, and the challenges we face. A serious politics that rises above the childish nonsense of Reform and the media.

[image or embed]

— Duncan Hothersall (@dhothersall.bsky.social) July 6, 2026 at 10:26 AM

EU RT ban also applies to websites and persons: The EU's ban on broadcasting Russian propaganda also applies to private websites and individuals, and not just radio, TV, and news agencies. The ban also applies to content distributed for free, without a monetary benefit. The EU banned media broadcasts from Russian state-controlled news agencies in 2022, after Russia invaded Ukraine. The Court of Justice of the EU ruled on the ban last week in a case of three German nationals indicted for re-broadcasting Russia Today via personal websites. The ruling also gives EU law enforcement a new legal tool to go after Russian influence operations, many of which share articles from Russian state news agencies. [Agence Europa // CJEU, PDF]

Outrage in the Netherlands: A consumer privacy group has accused the Dutch intelligence services AIVD and MIVD of training their AI on bulk data they collected from Dutch citizens. [Bits of Freedom]

Sponsor section

In this Risky Business sponsor interview, Catalin Cimpanu talks with Alex Orleans, Head of Threat Intelligence at Sublime Security, about the increase in email attacks leveraging Zoom invites and other video conferencing tools.

Arrests, cybercrime, and threat intel

Taiwan charges two execs for helping Chinese hackers: Taiwanese authorities have charged two local businessmen with helping Chinese cyber spies. The two ran a company that sold LINE instant messenger accounts to Chinese hackers. The hackers used the accounts for social engineering attacks that targeted Taiwanese officials, academics, and NGOs staff. [Taiwan's Ministry of Justice Investigation Bureau // ICIJ]

Spain arrests CARR and Z-Pentest member: Spanish authorities have arrested a suspect for his involvement with two pro-Kremlin hacktivist groups. The suspect allegedly cooperated with the CyberArmy of Russia Reborn (CARR) and the Z-Pentest Alliance. The two groups are behind cyberattacks against critical infrastructure in the EU and US. Previous research has linked them to Russia's military intelligence. [Spain National Police]

15yo anime site hacker arrested: Tokyo police have arrested a 15-year-old boy for allegedly hacking the Bandai Channel anime streaming service. The teen allegedly used ChatGPT to hack the site and delete more than 46,000 user accounts. He hacked the site in November last year and Bandai staff needed almost a month to restore service. [The Strait Times]

Vietnam takes down anime piracy site: Vietnamese authorities have arrested seven suspects for allegedly running more than 100 movie piracy websites. The group allegedly ran HiAnime, the largest anime pirate streaming portal on the internet. The operation made almost $13 million from online ads since 2020. Four suspects have been detained, while three have been put in house arrest. [Boa Ha Tinh // ACE LinkedIn post]

Tax Trap campaign: Indian users are seeing a flood of tax-themed malspam campaigns delivering two in-memory RATs—a Gh0st RAT derivative and a Quasar/AsyncRAT-family payload. [Cyderes]

Veil#Drop campaign: Securonix looks at one of those SocGolish-like malware delivery framework that uses hacked websites to hijack traffic from legitimate locations and redirect users to malware-laced installers. [Securonix]

More AI spotted in SpectrePaste delivery: The Walmart security team has published a report on SpectrePaste, a malware delivery campaign that appears to have been orchestrated with AI. [Walmart]

DEBULL cluster: Security researchers have stumbled on a cluster of malicious tooling used in device-code phishing operations. Early evidence suggests this may be associated with a Russian APT group tracked as Storm-2372, but no final attribution just yet. [ZeroBEC]

Lurking Lizard proxy operator: A China-based operation has infected millions of users with malware that turns their devices into secret nodes inside residential proxy networks. The Lurking Lizard group has used trojanized Windows installers and boobytrapped mobile apps to deploy the proxy malware on user devices. Bandwidth from the infected devices was sold on specialized websites that often imitated well-known residential proxy brands. The operation launched in 2022 and is still active. [Infoblox]

Scattered Spider profile: Security firm Group-IB has published a profile on Scattered Spider, the infamous hacking group that just won't go away. [Group-IB]

Pink group registers passkeys on behalf of its victims: Hackers are calling employees at large companies and walking them through a process that steals their Microsoft credentials and adds an attacker's passkey to their account. The incidents are the first known cases of attackers targeting and hijacking the passkey registration process. Okta's security team has linked the attack to a group tracked as Pink (O-UNC-066/CL-CRI-1147). The group started operating this year and is believed to be another hacking operation that originated from The Com online community. [Okta]

Most crypto-hacks target DeFi platforms: DeFi platforms accounted for 63% of all blockchain cybersecurity incidents this year, with losses reaching approximately $490 million. [SlowMist]

Malware technical reports

Vidar is still alive: Even if its code is years-old now, the Vidar infostealer is still being widely used in the wild these days. [AhnLab]

Banana RAT: ANY.RUN's Moises Cerqueira looks at a recent version of the Banana remote access trojan, and the features it got over the course of a month, from May to June. [ANY.RUN]

RedWing Android MaaS: A new Android spyware strain named RedWing is being advertised via a Malware-as-a-Service model on Telegram. Zimperius says RedWing appears to be a new version of the old Oblivion malware. [Zimperium]

Sponsor section

In this sponsored product demo Sublime Security co-founder and CEO Josh Kamdjou joins Risky Business podcast host Patrick Gray to show off the company's email security platform, including its latest agentic AI bells and whistles. 

APTs, cyber-espionage, and info-ops

Cavern Manticore: Security firm Check Point has discovered a new Iranian APT group that appears to be under the umbrella of Iran's intelligence service MOIS. Current targets include Israeli government agencies. [Check Point]

UAT-7810 builds ORBs for other APTs: A Chinese APT group is building a proxy network to help other espionage groups in disguising their attacks. The UAT-7810 group is behind a botnet discovered last year and known as LapDogs. The botnet's main targets have been unpatched Ruckus wireless routers. [Cisco Talos]

UNK_MassTraction targets Roundcube servers: A suspected Chinese espionage group is targeting RoundCube email servers at US and Canadian universities. The attacks have specifically targeted physics and engineering departments. The UNK_MassTraction group is using old RoundCube exploits to breach the email servers and then pivot to internal networks. The hacking campaign is recent and started in May. [Proofpoint]

Vulnerabilities, security research, and bug bounty

Security updates: Apache Camel, ASUS, BeyondTrust, OpenSSH, OPNsense, Ubiquiti.

ColdFusion bug exploited in the wild: Hackers are exploiting a recently patched vulnerability in the Adobe ColdFusion platform. Attacks began two days after patches were released last week, and two hours after a blog post explained the technical details. The vulnerability, tracked as CVE-2026-48286, can allow attackers to run malicious code on servers where the Remote Development Services protocol has been enabled. This protocol is disabled by default. [Canadian Centre for Cyber Security // WatchTowr // Adobe patch // KEVIntel]

Hoymiles solar systems vulnerabilities: Hackers can turn Hoymiles solar panels on or off, or even disable the devices by setting a password unknown to the owner. Another attack can also allow a threat actor to render the device inoperable by erasing the solar panel inverter's flash storage. The attacks are possible only within a device's WiFi range. Users are advised to disconnect the solar panels from their inverter until the vendor releases firmware patches. The vendor was notified of the issues earlier this year but has allegedly reacted with "irritation." Hoymiles solar panels are often installed on balconies and very popular across Germany and other European countries. [Chaos Computer Club]

Tenda router backdoor: Some Tenda routers include a backdoor system that grants admin access to the device's web management panel. The backdoor can be used with any attacker-supplied username and can be invoked over a network connection. The issue impacts only certain Tenda firmware versions and is not universal. The vendor has failed to respond to security researchers and no firmware patches are available. [CERT/CC]

Rogue Agent flaw: Varonis discovered a vulnerability in Google Cloud's DialogFlow service, Google's conversational AI platform for building interactive experiences for voice and text chatbots. [Varonis]

"The vulnerability allowed attackers to exploit the Code Blocks feature to inject persistent malicious code into the Dialogflow agents’ pipeline, silently exfiltrating conversations and conducting large-scale phishing campaigns. To initiate, the exploit requires a single edit permission known as dialogflow.playbooks.update on one agent."

New prompt injection techniques: Security firm CrowdStrike has discovered five new prompt injection techniques. [CrowdStrike]

Januscape vulnerability: A new vulnerability allows attackers to escape Linux virtual machines and execute malicious code as root on the underlying host. Named Januscape, the vulnerability impacts the Kernel-based Virtual Machine (KVM) component. The bug was discovered and used in the Google kvmCTF hacking contest. It was reported and patched in the Linux kernel last month. Januscape impacts all Linux kernel versions released over the past 16 years. It is one of the rare KVM escapes that works on both Intel and AMD CPU platforms. The bug was discovered by Hyunwoo Kim, the same security researcher who also found the DirtyFrag and ITscape vulnerabilities. [Hyunwoo Kim on GitHub]

Anyway, this wraps up my cute tux series. The face is especially funny, isn't it? lol

- Dirty Frag: Universal Linux LPE
- ITScape: The first Guest-to-Host Escape in KVM/arm64
- Januscape: The first Guest-to-Host Escape in KVM/x86 && Google kvmCTF 0-day exploit pic.twitter.com/vGYDx0rPRF

— V4bel (@v4bel) July 6, 2026

Infosec industry

Threat/trend reports: Cisco, Kaspersky, Positive Technologies, and SlowMist have recently published reports and summaries covering various threats and infosec industry trends.

New tool—P3 Loader: Orange's SensePost has released P3 Loader, a tool for running process parameter poisoning attacks.

Risky Business podcasts

In this edition of Between Two Nerds,Tom Uren and The Grugq talk about why we haven't yet seen an explosion of devastating hacks even though AI has been used to discover lots and lots of bugs.

Recent Newsletters

  • Risky Bulletin: All new cars to include a camera aimed at the driver's face
  • Risky Bulletin: Android drops PIN guessing limit from 1,800 attempts to just 20
  • Risky Bulletin: FatFs bugs enable physical access attacks on a load of devices
  • Srsly Risky Biz: America Won't Beat the Distillation Ecosystem
  • Risky Bulletin: Researcher drops giant cache of zero-day exploits

Recent Videos

  • Soap Box: Using threat hunting to drive detection
  • Between Two Nerds: Why AI has not meant more hacks. Yet.
  • Srsly Risky Biz: America won't beat the distillation ecosystem
  • Risky Business (844): China closes AI vulndev gap as US lifts Fable ban
  • Mythos on your desk? Using local LLMs for code reviews

Recent Podcasts

  • Risky Bulletin: DHS IG investigates forced CISA reassignments
  • Soap Box: Using threat hunting to drive detection
  • Between Two Nerds: Why AI has not meant more hacks. Yet.
  • Risky Bulletin: EU official’s phone infected with Pegasus
  • Risky Bulletin: FatFs bugs enable physical access attacks on a load of devices
Risky Business Media

Risky Business

  • Home
  • Podcasts
  • Newsletters
  • Video
  • Sitemap

Risky Business Media

  • About
  • People
  • Advertising
  • Sponsor Enquiries: sales@risky.biz

Risky Connections

  • Risky Business on Apple Podcasts
  • Risky Business on Spotify
  • Risky Bulletin on Apple Podcasts
  • Risky Bulletin on Spotify
  • Risky Business Features on Apple Podcasts
  • Risky Business Features on Spotify
  • Risky Business Stories on Apple Podcasts
  • Risky Business Stories on Spotify
  • YouTube
  • LinkedIn

Risky Contacts

Risky Business Media Pty Ltd
PO Box 774
Byron Bay NSW 2481
General Email: editorial@risky.biz

© Risky Business Media 2007–2026. All rights reserved.
ABN 73 618 465 517