In today’s cybersecurity news…
President orders probe of former CISA Director Chris Krebs
President Donald Trump signed an Executive Order on Wednesday intended to remove the security clearance of Chris Krebs, who had served as director of CISA and who was fired in 2020 after having stated he there had been “no technological issues with the presidential election.” The EO not only directs agencies to revoke Krebs’ security clearance but also to “suspend those held by individuals at entities associated with Krebs,” including the cybersecurity firm SentinelOne, where he is the chief intelligence and public policy officer. That directive is “pending a review of whether such clearances are consistent with the national interest,” according to a fact sheet supplied by the White House.
Nissan Leaf cars can be hacked for remote spying and physical takeover
Researchers at PCAutomotive, a pentesting and threat intelligence company specializing in the automotive and financial sectors, services industries revealed the hacking potential last week at Black Hat Asia 2025. Focusing on the second generation Nissan Leaf made in 2020, they were able to “use the infotainment system’s Bluetooth capabilities to infiltrate the car’s internal network. They were then able to escalate privileges and establish a command and control channel over cellular communications to maintain stealthy and persistent access to the EV directly over the internet, up to and including being able to control the steering when while a car was in motion.
Infosec experts warn of China Typhoon retaliation against tariffs
Referring to the White House imposition of tariffs on China, cybersecurity advisor Tom Kellermann warns that China may “retaliate with systemic cyber attacks as tensions simmer over.” Speaking to The Register, he points out how the various “Typhoon” campaigns “have given them a robust foothold within critical infrastructure that will be used to launch destructive attacks. Trade wars were a historical instrument of soft power. Cyber is and will be the modern instrument of choice.” In a separate interview with The Register, Annie Fixler, director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies, said, “to the extent that China is holding back on conducting certain types of cyberattacks, it may feel less restrained now.”
Germany links cyberattack on research group to Russian state-backed hackers
German authorities are suggesting that a Russian state-backed hacking group, likely APT29, also known as Cozy Bear, was responsible for a recent cyberattack on the Berlin-based research institute, the German Association for Eastern European Studies (DGO). This is the second such incident involving the organization in recent months. The DGO described this second attack, which happened in March, as “highly professional” and which “targeted email systems, bypassing enhanced cybersecurity measures put in place after a previous breach in October 2024 with suspected Russian links.”
Huge thanks to our sponsor, Nudge Security
Start a free 14-day trial
Sensor company Sensata detects ransomware attack
The company based in Attleboro, Massachusetts, “provides sensors, relays, switches and other electrical components for the automotive, industrial, and aerospace sectors. The company has operations in 14 countries and employs more than 18,000 people.” It recently informed the Security and Exchange Commission of a cyberattack that was detected on April 6 that it described it as a ransomware incident that resulted in files stored on some devices being encrypted, along with evidence of files stolen from its systems. An investigation is underway to determine exactly which files have been taken. Company representatives say this incident has “impacted Sensata’s operations, including shipping, receiving, manufacturing, production, and various other support functions,” and the full scope and impact of the incident is not yet known.
AkiraBot campaign uses OpenAI-generated spam, bypassing CAPTCHA
Researchers at SentinelOne are describing “an artificial intelligence powered platform called AkiraBot being used to spam website chats, comment sections, and contact forms to promote dubious SEO services such as Akira and ServicewrapGO. In a conversation with The Hacker News, the researchers describe the procedure as “using OpenAI to generate custom outreach messages based on the purpose of the website.” What distinguishes this technique is its ability to craft content such that it can bypass spam filters.
Wyden to block Trump’s CISA nominee due to missing telecoms report
Oregon Sen. Ron Wyden (D) announced Wednesday he is blocking the nomination of Sean Plankey to run CISA due to the agency’s refusal to release an unclassified 2022 report documenting security problems at U.S. telecommunications companies. Calling the action a “multi-year cover up of the phone companies’ negligent cybersecurity,” Wyden rejects CISA’s statement that it “cannot make the report public because of a ‘deliberative process privilege,’ saying instead the report is a “technical document containing factual information about U.S. telecom security.”
Cyber experts question voluntary Pall Mall code governing use of commercial hacking tools
Following up on a story we covered last week, the Pall Mall Process, a joint initiative led by France and the UK, has presented a voluntary code of conduct signed by 21 countries to guide the responsible use of commercial hacking tools. While cybersecurity experts say the guidelines offer modest progress, they see potential in establishing parallel guidance for the private sector. Prompted by concerns over spyware, the initiative aims to address broader commercial cyber intrusion capabilities. Participants, including former exploit brokers and vendors like NSO Group, view the process as a step toward responsible partnerships between governments and industry, ensuring cyber tools aren’t used to target dissidents or journalists.