📰 Enterprise Security Blog

Expert insights on IoT security, physical security, compliance, and risk management.

The Credential Reckoning: Smart Office Security in the First Half of June 2026

In two weeks, CISA published three IoT advisories covering smart doorbells, cameras and a yard robot — every headline flaw a hardcoded or default credential. Acer shipped fixes for two CVSS 10.0 mesh-router zero-days, Cisco confirmed active exploitation of an SD-WAN Manager flaw, and a multi-agency advisory warned of attacks on internet-exposed fuel-tank gauges. All of it lands as the EU Cyber Resilience Act's 24-hour reporting clock counts down to September 11.

June 14, 2026 smart-officeIoT-security

Three Advisories, One Root Cause: CISA Flags Hardcoded and Default Credentials in Office IoT

On a single day, CISA published advisories for a smart doorbell and camera platform, a line of network cameras, and a connected outdoor robot. The CVEs differ; the root cause does not. Hardcoded cryptographic keys, default passwords, and credentials served up to anyone who asks — across devices that quietly accumulate on office networks, two of them with no patch coming.

June 11, 2026 smart-officeIoT-security

Ninety Days to the Clock: What the EU Cyber Resilience Act's 24-Hour Reporting Rule Means for Connected Offices

From September 11, 2026, manufacturers of connected products sold in the EU must report actively exploited vulnerabilities to ENISA within 24 hours. The obligation reaches routers, cameras, smart-building devices and OT, carries fines up to €15 million or 2.5% of global turnover, and reshapes how buyers should evaluate vendors. With roughly 90 days to go, two-thirds of vendors say they are still unfamiliar with the regulation.

June 9, 2026 smart-officeIoT-security

When the Network Is the Target: Acer's CVSS 10.0 Router Zero-Days and an Exploited Cisco SD-WAN Flaw

Acer shipped advisories for two maximum-severity zero-days in its Wave 7 mesh routers — a world-readable log leaking cleartext admin credentials and a hardcoded AES key that lets attackers backdoor device backups. Days later, Cisco confirmed active exploitation of a Catalyst SD-WAN Manager flaw being chained to push rogue configurations to edge devices. Both fit the dominant 2026 pattern: the network itself is the target.

June 5, 2026 smart-officeIoT-security

Smart Office Security Month in Review: The Eight Things That Defined May 2026

May 2026 produced a CVSS 10.0 Cisco firewall zero-day exploited by ransomware for weeks before disclosure, two active botnet campaigns against industrial routers, a dark web ICS malware toolkit, a critical telnet RCE in legacy OT devices, CISA advisories across five major vendors, a supply chain attack targeting AI developers, and joint government guidance explicitly prohibiting LLMs in safety-critical OT systems. Here is what the month meant for organizations running connected office environments.

May 29, 2026 smart-officeIoT-security

CISA and Five Allies Tell You Not to Put LLMs in Safety-Critical OT Systems — Here's the Actual Guidance

A joint guidance document issued by CISA, the Australian Signals Directorate's ACSC, and international partners establishes principles for integrating AI into operational technology environments. The guidance explicitly differentiates acceptable AI use by Purdue Model layer, warns against LLM-first approaches for safety-critical decisions in OT, and requires AI vendors supplying OT environments to provide software bills of materials, data residency documentation, and transparent AI feature disclosure. For organizations running smart buildings and industrial systems, this is the clearest official framework yet for AI in OT.

May 26, 2026 OT-securityAI-security

TrapDoor: The Supply Chain Attack Targeting AI Developers That's Stealing Cloud Keys and SSH Credentials

The TrapDoor supply chain campaign, active as of May 22, 2026, is targeting AI developer communities through malicious packages in public repositories. The packages use preinstall scripts to steal cloud credentials, SSH keys, and developer secrets, then exfiltrate them through GitHub-based command and control infrastructure. The campaign is specifically targeting the tooling and repositories used by AI development teams — a population with access to cloud environments, model infrastructure, and enterprise data pipelines.

May 22, 2026 supply-chain-securityAI-security

CISA's May 2026 ICS Advisory Wave: Schneider Electric, Advantech, Axis, Rockwell, and Mitsubishi

CISA's May 2026 ICS advisory release covers critical vulnerabilities across five major industrial and building automation vendors: Schneider Electric EcoStruxure Foxboro DCS, Advantech WebAccess/SCADA, Axis Communications security cameras, Rockwell Automation Micro820/850/870 controllers, and Mitsubishi Electric ICONICS products. The highest-severity advisory involves a CVSS 9.8 deserialization vulnerability in Schneider's DCS Advisor component. Combined, the advisories affect SCADA systems, IP cameras, PLCs, and building HMI software that are standard in smart office and industrial deployments.

May 19, 2026 CISAICS-security

CVE-2026-32746: The Telnet Vulnerability in Legacy OT That Gives Attackers Root Before the Login Prompt

CVE-2026-32746 is a pre-authentication remote code execution vulnerability in GNU Inetutils telnetd, scoring 9.8 Critical on CVSS 3.1 and affecting all versions up to and including 2.7. An unauthenticated attacker can trigger root-level code execution during the initial TCP handshake — before any login prompt appears. The vulnerability affects embedded systems, PLCs, SCADA components, and IoT devices that expose telnet interfaces, as well as major Linux distributions that include Inetutils in their default package sets.

May 15, 2026 CVEOT-security

VoltRuptor: The ICS/SCADA Malware Being Sold on Dark Web Markets That Targets Industrial Infrastructure

A sophisticated ICS and SCADA malware toolkit called VoltRuptor, attributed to a group calling itself the Infrastructure Destruction Squad, is being sold through dark web channels in 2026. The malware supports multiple industrial protocols, includes persistence and anti-forensics capabilities, and is designed explicitly to cause operational disruption in industrial environments. Its availability as a commercial product lowers the barrier to sophisticated OT attacks significantly.

May 12, 2026 OT-securityICS-security

Industrial Routers Under Botnet Attack: Four-Faith and ASUS Vulnerabilities Being Actively Exploited in OT Networks

Two vulnerabilities in widely deployed industrial and commercial routers are being actively exploited by botnets in May 2026. CVE-2024-9643 in Four-Faith F3x36 Industrial Cellular Routers, scoring 9.8 on CVSS, allows full administrative control without authentication. CVE-2018-5999 in ASUS AsusWRT routers, a vulnerability from 2018, has been re-weaponized by the RondoDox botnet as of May 17, 2026. Both vulnerabilities are being used to build botnet infrastructure, and compromised industrial routers in OT environments create paths from the internet directly into production control systems.

May 8, 2026 IoT-securityOT-security

CVSS 10.0: Interlock Ransomware Exploited Cisco's Firewall Zero-Day for Weeks Before Cisco Knew

CVE-2026-20131 in Cisco Secure Firewall Management Center carries the maximum possible CVSS score of 10.0 and allows unauthenticated remote attackers to execute arbitrary Java code as root via an insecure deserialization flaw. The Interlock ransomware group was exploiting it as a zero-day from January 26, 2026 — more than a month before Cisco disclosed the vulnerability publicly — using memory-resident web shells, custom JavaScript and Java remote access trojans, and Active Directory certificate abuse to move through victim networks.

May 5, 2026 CVEransomware