🏷️ critical-infrastructure

19 articles tagged critical-infrastructure.

The Credential Reckoning: Smart Office Security in the First Half of June 2026

In two weeks, CISA published three IoT advisories covering smart doorbells, cameras and a yard robot — every headline flaw a hardcoded or default credential. Acer shipped fixes for two CVSS 10.0 mesh-router zero-days, Cisco confirmed active exploitation of an SD-WAN Manager flaw, and a multi-agency advisory warned of attacks on internet-exposed fuel-tank gauges. All of it lands as the EU Cyber Resilience Act's 24-hour reporting clock counts down to September 11.

June 14, 2026

Smart Office Security Month in Review: The Eight Things That Defined May 2026

May 2026 produced a CVSS 10.0 Cisco firewall zero-day exploited by ransomware for weeks before disclosure, two active botnet campaigns against industrial routers, a dark web ICS malware toolkit, a critical telnet RCE in legacy OT devices, CISA advisories across five major vendors, a supply chain attack targeting AI developers, and joint government guidance explicitly prohibiting LLMs in safety-critical OT systems. Here is what the month meant for organizations running connected office environments.

May 29, 2026

CISA and Five Allies Tell You Not to Put LLMs in Safety-Critical OT Systems — Here's the Actual Guidance

A joint guidance document issued by CISA, the Australian Signals Directorate's ACSC, and international partners establishes principles for integrating AI into operational technology environments. The guidance explicitly differentiates acceptable AI use by Purdue Model layer, warns against LLM-first approaches for safety-critical decisions in OT, and requires AI vendors supplying OT environments to provide software bills of materials, data residency documentation, and transparent AI feature disclosure. For organizations running smart buildings and industrial systems, this is the clearest official framework yet for AI in OT.

May 26, 2026

VoltRuptor: The ICS/SCADA Malware Being Sold on Dark Web Markets That Targets Industrial Infrastructure

A sophisticated ICS and SCADA malware toolkit called VoltRuptor, attributed to a group calling itself the Infrastructure Destruction Squad, is being sold through dark web channels in 2026. The malware supports multiple industrial protocols, includes persistence and anti-forensics capabilities, and is designed explicitly to cause operational disruption in industrial environments. Its availability as a commercial product lowers the barrier to sophisticated OT attacks significantly.

May 12, 2026

Smart Office Security Week in Review: The Seven Things That Mattered, April 22–28, 2026

This week produced a joint intelligence advisory on Chinese state-sponsored IoT device hijacking, a major Cisco wireless security report confirming that 85% of organizations are getting hit through wireless and IoT, critical vulnerabilities in Siemens industrial edge and building automation systems, a landmark workforce report linking skills gaps to real breaches, and a new NIST initiative on OT network visibility. Here is what it means for organizations running connected office environments.

April 29, 2026

NIST's New OT Visibility Project: Why You Can't Secure What You Can't See in a Smart Office Network

NIST's National Cybersecurity Center of Excellence has announced a new initiative focused on helping critical infrastructure organizations gain visibility into their operational technology environments. The project addresses a foundational problem that smart office and connected building operators face: most organizations do not have an accurate, current picture of what OT and IoT devices are on their networks or what those devices are doing.

April 27, 2026

The Skills Gap Is Now a Breach Statistic: What the SANS 2026 Workforce Report Means for OT and Smart Building Security

The SANS 2026 Cybersecurity Workforce Research Report, released at RSAC 2026, found that skills gaps — not headcount shortages — have become the leading workforce challenge in cybersecurity, with 27% of organizations reporting breaches directly linked to capability gaps. In OT and smart building environments, where specialized knowledge is scarce and AI is eliminating the training pipeline, the implications are severe.

April 26, 2026

China Is Weaponizing Your Office Router and IoT Devices: The Volt Typhoon and Flax Typhoon Threat Explained

A joint advisory from CISA, the FBI, NSA, and allied intelligence agencies issued April 22, 2026 confirms that Chinese state-sponsored groups are systematically compromising SOHO routers, IoT devices, and smart office equipment to build covert attack infrastructure. Your network edge devices are not just targets — they are being turned into weapons.

April 22, 2026

The ODNI Report Nobody Read: China, Russia, Iran, and North Korea Are All-In on Your Critical Infrastructure

The ODNI's annual threat assessment and Google's defense industrial base report confirm what a week of incidents has made viscerally clear: every major nation-state adversary has simultaneously prioritized critical infrastructure cyberattacks. The IoT and OT devices connecting your operations to the internet are their preferred entry point.

April 21, 2026

Bedside to Breach: 7 Million Medical IoT Devices, One Crisis, and the Ransomware Groups Targeting Them

22% of healthcare organizations have experienced cyberattacks that directly impacted medical devices, with three-quarters of those incidents disrupting patient care. As IoMT deployments surpass 7 million devices in smart hospitals, the attack surface is growing faster than the defenses.

April 12, 2026

Your Solar Panels Are Now a Cyberattack Vector: The Grid-Edge Threat Nobody Budgeted For

Millions of internet-connected solar inverters, battery storage systems, and smart meters now form the most distributed attack surface on the power grid. Security researchers have identified critical vulnerabilities that could allow remote manipulation of grid-edge devices at scale.

April 10, 2026

Six Agencies Just Sounded the Alarm: Iran Is Inside US Water and Energy Systems Right Now

A joint CISA advisory from six federal agencies confirms Iranian-affiliated hackers are exploiting internet-exposed Rockwell Automation PLCs across US water, energy, and municipal systems — without needing a single exploit.

April 7, 2026

America's Food Supply Under Silent Attack: 3,000 Farm Incidents and the Cybersecurity Blind Spot Nobody's Talking About

Over 3,000 farms, food processing facilities, and agriculture operations have suffered destructive incidents in five years. The cyber-physical attack surface on America's food supply is real — and largely undefended.

March 27, 2026

The South Pars Strike: How Attacking the World's Largest Gas Field Just Put Half the Planet's Energy at Risk

Israel struck South Pars — the world's largest gas field, jointly managed by Iran and Qatar. Now the IRGC has declared all major Gulf energy facilities as 'legitimate targets' with strikes promised 'in coming hours.' Saudi Aramco is evacuating workers. This is the most dangerous escalation of the entire war.

March 18, 2026

15 Security Incidents at US Military Bases in 18 Days: Drones, Bombs, and Breach Attempts During a Hot War

Since February 28, at least 15 security incidents have been reported at US military bases — from drones over nuclear bomber flightlines to bomb threats at CENTCOM headquarters. With the Iran war escalating and Chinese-owned land surrounding military installations, the physical security picture is alarming.

March 18, 2026

Iran Has Declared Your Bank a Legitimate Target: The CISO's Playbook for March 2026

Iran's Islamic Revolutionary Guard Corps has formally declared U.S. and Israeli-linked banks and economic centers as legitimate targets. With a simultaneous destructive attack on Stryker Medical destroying 200,000 systems, every CISO protecting critical infrastructure needs to treat this week as a turning point.

March 12, 2026

Lights Out: How Power Grid Attacks Are Crippling Smart Cities in the 2026 Conflict

Iraq went dark. Iran hit 1% connectivity. When the power grid falls, smart cities become dumb targets. Here's the pattern emerging from the 2026 conflict — and what it means for IoT-dependent enterprises.

March 8, 2026

When Water Becomes a Weapon: Critical Infrastructure Under Fire in the 2026 Iran Conflict

Iran just struck a Bahrain desalination plant. The US hit one in Iran. Meanwhile, IRGC-linked hackers have been inside American water systems since 2023. Here's what the 2026 war means for water infrastructure security.

March 8, 2026

Triple Threat in Texas Critical Infrastructure: Cybersecurity Breach, Fire, and Safety Concerns

Texas critical infrastructure companies experience series of incidents, raising concerns about connections and underlying factors.

September 16, 2024

← All topics