Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Denmark and Norway investigate Yutong bus security flaw amid rising tech fears

Denmark and Norway probe a security flaw in Chinese-made Yutong buses, deepening European fears over reliance on Chinese tech and potential cyber risks. Bus operators in Denmark and Norway are urgently probing a security vulnerability in Chinese-made Yutong electric buses, raising concerns about Western dependence on Chinese technology. The issue highlights growing European fears that […]

Yutong buses

Denmark and Norway probe a security flaw in Chinese-made Yutong buses, deepening European fears over reliance on Chinese tech and potential cyber risks.

Bus operators in Denmark and Norway are urgently probing a security vulnerability in Chinese-made Yutong electric buses, raising concerns about Western dependence on Chinese technology.

The issue highlights growing European fears that Chinese-built infrastructure could be exploited or disabled amid geopolitical tensions with Beijing.

Yutong, based in Zhengzhou, is the world’s largest bus manufacturer by sales, and the discovery has prompted Scandinavian providers to investigate and implement fixes to prevent potential tampering or remote control risks in their fleets.

NBC News, citing chief operating officer of the Danish public transport provider Movia Jeppe Gaard, reported that Yutong electric buses can get remote updates and diagnostics, meaning manufacturers or threat actors could interfere with their operations. The risk impacts all connected vehicles, not just Chinese ones. Movia operates 262 Yutong buses across Copenhagen and eastern Denmark. The concern surfaced after Norway’s Ruter, which runs much of the country’s transport, tested Yutong and Dutch VDL buses in an underground facility to check for remote access vulnerabilities.

The test demonstrates that Yutong buses allow direct digital access for updates and diagnostics, meaning the manufacturer could theoretically disable them. Yutong responded that it values safety and data privacy, follows all laws and standards, and stores EU vehicle data securely on Amazon servers in Frankfurt, protected by encryption and access controls. The company said no one can access or operate the system without customer authorization.

“Electric buses, like electric cars, in principle can be remotely deactivated if their software systems have online access,” Gaard told NBC News. This isn’t just a “Chinese bus concern; it is a challenge for all types of vehicles and devices with these kinds of electronics built in,”.

China’s Ministry of Commerce hasn’t yet commented on the issue.

The relationship between European states and China is even more complicated. The E.U. depends on Chinese trade and technology but fears potential attacks by Beijing. The Dutch government seized Chinese chipmaker Nexperia, sparking fears for Europe’s auto sector. Nations are removing Huawei and ZTE 5G equipment from their telecommunications infrastructure and are now worried about Chinese electric vehicles, whose market share in Europe doubled to 5.1% in early 2025. Experts warn that connected EVs, Chinese or otherwise, can be remotely disabled. Norway has tightened cybersecurity for its buses, but analysts say complete safety is unrealistic. Trust remains the key issue.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Yutong)