Shaq’s new ride gets jaq’ed in haq attaq

Steven

Shaq’s new ride gets jaq’ed in haq attaq

Summary

Infosec In Brief: Cybercriminals targeted the transport company’s network handling Shaquille O’Neal’s customised Range Rover, causing the vehicle to go missing in transit. Effortless Motors says it was a “highly coordinated criminal act” and is working with law enforcement to recover the car. The piece also bundles several other security and tech briefs: a US judge has permanently banned NSO Group from targeting WhatsApp with its Pegasus spyware; a critical remote code execution bug in the async-tar Rust library (CVE-2025-62518, “TARmageddon”) prompts migration to actively maintained forks; Scouting America introduces AI and cybersecurity merit badges; and Mozilla will require new Firefox extensions to disclose data collection practices from November 3.

Key Points

  • A customised Range Rover for Shaquille O’Neal was lost after a suspected cyberattack on the transport firm’s network handling the delivery.
  • Effortless Motors describes the incident as a “highly coordinated criminal act” and is cooperating with federal investigators.
  • A US judge has issued a permanent injunction preventing NSO Group from targeting WhatsApp after evidence the company exploited a WhatsApp flaw to deploy Pegasus spyware.
  • The async-tar Rust ecosystem has a severe boundary-parsing RCE (CVE-2025-62518, CVSS 8.1). Developers are urged to move off unmaintained forks (eg tokio-tar) to actively maintained alternatives like astral-tokio-tar.
  • Scouting America adds AI and cybersecurity merit badges focused on safe, ethical use and basic defensive skills rather than advanced hacking techniques.
  • Mozilla will require new Firefox extensions to declare what personal data they collect or transmit in the extension manifest from 3 November, with a full rollout for all extensions in early 2026.

Context and relevance

The story about Shaq’s missing car is a vivid reminder that attackers increasingly target supply chains and logistics operations, not just traditional IT assets. The NSO injunction is legally and technologically significant — it curtails a prolific spyware vendor’s ability to abuse a major messaging platform and sets precedent for vendor litigation against surveillance firms. TARmageddon highlights ongoing supply-chain and dependency risks in modern development ecosystems, especially for languages like Rust where forks and abandonment can leave projects vulnerable. Mozilla’s extension disclosure move and the Scouts’ badges underline growing emphasis on transparency and basic cyber literacy across society.

Author style

Punchy: This roundup mixes a cheeky celeb theft with genuinely serious security developments. The NSO ruling and the TARmageddon vulnerability are the real headlines here — read the details if you care about platform security, developer supply chains, or legal precedents in cyber-surveillance.

Why should I read this?

Short version: because it’s a tidy collection of stuff that matters. Celebrity car theft? Fun hook. NSO ban and TARmageddon? Potentially big headaches for security teams and devs alike. Mozilla and Scouts stories show how security and AI are bleeding into everyday life. Skip nothing if you deal with messaging security, Rust dependencies or browser extension policy.

Source

Source: https://go.theregister.com/feed/www.theregister.com/2025/10/26/shaq_haq_attaq/