• Hype
  • Murai
  • Lipstiq
  • Varnam
  • Hangat
  • Autofreaks
Lowyat.NET
  • News
    • Lifestyle
    • Computing
    • Hardware
    • Internet
    • Rumours & Leaks
    • Software
  • Forums
    • Kopitiam
    • Tradezone
    • Property Talk
    • Finance & Business
    • Fast and Furious
  • Gaming
    • PC Gaming
    • Console
    • Mobile Gaming
    • Esports
  • Mobile
    • Apps
    • OS
    • Tablets
    • Phones
    • Telco
      • Celcom
      • DiGi
      • Maxis
      • Tune Talk
      • U Mobile
      • Buzzme
  • Pricelists
    • Compu-zoneUpdated
    • ViewnetUpdated
    • Sri ComputersUpdated
    • StartecUpdated
  • More
    • Automotive Tech
    • Drone
    • Enterprise
    • Entertainment
    • Fashion
    • E-Hailing
    • Wearables
    • Contact Us
No Result
View All Result
Lowyat.NET
  • News
    • Lifestyle
    • Computing
    • Hardware
    • Internet
    • Rumours & Leaks
    • Software
  • Forums
    • Kopitiam
    • Tradezone
    • Property Talk
    • Finance & Business
    • Fast and Furious
  • Gaming
    • PC Gaming
    • Console
    • Mobile Gaming
    • Esports
  • Mobile
    • Apps
    • OS
    • Tablets
    • Phones
    • Telco
      • Celcom
      • DiGi
      • Maxis
      • Tune Talk
      • U Mobile
      • Buzzme
  • Pricelists
    • Compu-zoneUpdated
    • ViewnetUpdated
    • Sri ComputersUpdated
    • StartecUpdated
  • More
    • Automotive Tech
    • Drone
    • Enterprise
    • Entertainment
    • Fashion
    • E-Hailing
    • Wearables
    • Contact Us
No Result
View All Result
Lowyat.NET
No Result
View All Result

Smart Selangor, Flexi Parking Apps Down After Cyberattack

The companies have ordered local councils not to issue summonses until the matter has been resolved.

by John Law
July 1, 2026
Image: Gotchaa Lab.

Image: Gotchaa Lab.

154
SHARES
Share on WhatsappShare on TelegramThreads

For those among you living in the state of Selangor and KL city, you may have noticed that both the Smart Selangor and Flexi Parking apps aren’t working as intended. Well, that’s because both apps were the victims of a cyberattack recently.

The state’s MP, Amirudin Shari, confirmed the situation with a statement on via his official X profile. “I have been informed that there is a complaint regarding the parking application that cannot be accessed by users. The technical team is currently upgrading the system to migrate to a new server. While this technical process is underway, I have directed that NO parking charges or compounds will be imposed on users until this technical issue is fully resolved.”

Saya telah dimaklumkan terdapat aduan berkenaan aplikasi parking yang tidak dapat diakses oleh pengguna.

Pasukan teknikal sedang menaiktaraf sistem untuk dimigrasi ke server baharu. Sementara urusan teknikal ini berjalan, saya telah mengarahkan agar TIADA caj parkir ataupun… pic.twitter.com/6F9kqWS6YF

— Amirudin Shari (@AmirudinShari) June 30, 2026

According to Gotchas Lab, the apps and their respective systems were taken down by a collective — presumably local — calling itself “MelayuSpiritual”, who then replaced the system with a black screen, a root shell, and message in Malaysia. Translated, the message reads “they were inside, and there were “7 million users” in the database. How they got in is the part every business owner should read carefully. They used two of the oldest tricks on the internet.”

Basically, how the hackers broke into the Flexi Parking and Smart Selangor apps were through what Gotchas Lab describe as two old, preventable bugs: SQL injection, and unauthenticated file upload. Borrowing a page out of the site’s description:

RELATED:  Smart Selangor, Flexi Parking Now Operational, But With Some Issues
Smart Selangor Warning App Down July 2026
Image: Smart Selangor.

“SQL injection is when an attacker types database commands into a normal input box, and the app runs them instead of treating them as plain text. It has sat near the top of web security lists for more than 20 years. The fix, parameterised queries, is built into every modern framework and costs nothing to use correctly. Unauthenticated file upload means a stranger can upload a file, often a small script, without logging in, and the server runs it. Once that works, they own the box. The fix is also standard: check who is uploading, check the file type, and never run uploaded files.”

At the time of writing, both Smart Selangor and Flexi Parking apps are still not back to working order: you can still access the app, but users will still be unable to make any payments through it.

(Source: Smart Selangor, Paultan.org, Gotchaa Lab)

Filed Under flexi parkingsmart selangor
Updated 7:49 pm, Wed, 1 July 26
SendShareShareShare62Tweet39

Follow us on Instagram, Facebook, Twitter or Telegram for more updates and breaking news. 

No Result
View All Result

TRENDING THIS WEEK

  1. 1
    Computing

    Apple Hikes Prices For Certain Products In Malaysia; Some See An Increase Of Over RM2,000

  2. 2
    Streaming

    Netflix Now Requires Unique Email For Each Profile Under Shared Accounts

  3. 3
    Entertainment

    RTM, Astro Renew Partnership

  4. 4
    Collectibles

    Tomica Factory Now Part Of KLCC Brand Store Malaysia; First Factory Location Outside Japan

  5. 5
    News

    Home Minister: Processing Fee For New MyKad To Remain At RM10

NETWORK

  • Hype
  • Murai
  • Lipstiq
  • Varnam
  • Hangat
  • Autofreaks

ABOUT

  • Advertise
  • Careers
  • Privacy Statement
  • Editorial Policy
  • Terms of Use
  • Contact Us

©2026 VIJANDREN RAMADASS. ALL RIGHTS RESERVED.

No Result
View All Result
  • News
  • Forums
  • Laptops
  • Telco
  • Mobile
  • Gaming
  • Fintech
  • Artificial Intelligence
  • Cryptocurrency
  • Cyber Security
  • Hybrid Vehicles
  • Advertise with Us

©2026 VIJANDREN RAMADASS. ALL RIGHTS RESERVED.

No Result
View All Result
  • News
  • Forums
  • Laptops
  • Telco
  • Mobile
  • Gaming
  • Fintech
  • Artificial Intelligence
  • Cryptocurrency
  • Cyber Security
  • Hybrid Vehicles
  • Advertise with Us

©2026 VIJANDREN RAMADASS. ALL RIGHTS RESERVED.