🏷️ OT-security

24 articles tagged OT-security.

The Credential Reckoning: Smart Office Security in the First Half of June 2026

In two weeks, CISA published three IoT advisories covering smart doorbells, cameras and a yard robot — every headline flaw a hardcoded or default credential. Acer shipped fixes for two CVSS 10.0 mesh-router zero-days, Cisco confirmed active exploitation of an SD-WAN Manager flaw, and a multi-agency advisory warned of attacks on internet-exposed fuel-tank gauges. All of it lands as the EU Cyber Resilience Act's 24-hour reporting clock counts down to September 11.

June 14, 2026

Smart Office Security Month in Review: The Eight Things That Defined May 2026

May 2026 produced a CVSS 10.0 Cisco firewall zero-day exploited by ransomware for weeks before disclosure, two active botnet campaigns against industrial routers, a dark web ICS malware toolkit, a critical telnet RCE in legacy OT devices, CISA advisories across five major vendors, a supply chain attack targeting AI developers, and joint government guidance explicitly prohibiting LLMs in safety-critical OT systems. Here is what the month meant for organizations running connected office environments.

May 29, 2026

CISA and Five Allies Tell You Not to Put LLMs in Safety-Critical OT Systems — Here's the Actual Guidance

A joint guidance document issued by CISA, the Australian Signals Directorate's ACSC, and international partners establishes principles for integrating AI into operational technology environments. The guidance explicitly differentiates acceptable AI use by Purdue Model layer, warns against LLM-first approaches for safety-critical decisions in OT, and requires AI vendors supplying OT environments to provide software bills of materials, data residency documentation, and transparent AI feature disclosure. For organizations running smart buildings and industrial systems, this is the clearest official framework yet for AI in OT.

May 26, 2026

CISA's May 2026 ICS Advisory Wave: Schneider Electric, Advantech, Axis, Rockwell, and Mitsubishi

CISA's May 2026 ICS advisory release covers critical vulnerabilities across five major industrial and building automation vendors: Schneider Electric EcoStruxure Foxboro DCS, Advantech WebAccess/SCADA, Axis Communications security cameras, Rockwell Automation Micro820/850/870 controllers, and Mitsubishi Electric ICONICS products. The highest-severity advisory involves a CVSS 9.8 deserialization vulnerability in Schneider's DCS Advisor component. Combined, the advisories affect SCADA systems, IP cameras, PLCs, and building HMI software that are standard in smart office and industrial deployments.

May 19, 2026

CVE-2026-32746: The Telnet Vulnerability in Legacy OT That Gives Attackers Root Before the Login Prompt

CVE-2026-32746 is a pre-authentication remote code execution vulnerability in GNU Inetutils telnetd, scoring 9.8 Critical on CVSS 3.1 and affecting all versions up to and including 2.7. An unauthenticated attacker can trigger root-level code execution during the initial TCP handshake — before any login prompt appears. The vulnerability affects embedded systems, PLCs, SCADA components, and IoT devices that expose telnet interfaces, as well as major Linux distributions that include Inetutils in their default package sets.

May 15, 2026

VoltRuptor: The ICS/SCADA Malware Being Sold on Dark Web Markets That Targets Industrial Infrastructure

A sophisticated ICS and SCADA malware toolkit called VoltRuptor, attributed to a group calling itself the Infrastructure Destruction Squad, is being sold through dark web channels in 2026. The malware supports multiple industrial protocols, includes persistence and anti-forensics capabilities, and is designed explicitly to cause operational disruption in industrial environments. Its availability as a commercial product lowers the barrier to sophisticated OT attacks significantly.

May 12, 2026

Industrial Routers Under Botnet Attack: Four-Faith and ASUS Vulnerabilities Being Actively Exploited in OT Networks

Two vulnerabilities in widely deployed industrial and commercial routers are being actively exploited by botnets in May 2026. CVE-2024-9643 in Four-Faith F3x36 Industrial Cellular Routers, scoring 9.8 on CVSS, allows full administrative control without authentication. CVE-2018-5999 in ASUS AsusWRT routers, a vulnerability from 2018, has been re-weaponized by the RondoDox botnet as of May 17, 2026. Both vulnerabilities are being used to build botnet infrastructure, and compromised industrial routers in OT environments create paths from the internet directly into production control systems.

May 8, 2026

Routers Are Now the Riskiest Device in Your Network: The 2026 Connected Device Risk Report

New research tracking connected device risk across IT, OT, IoT, and IoMT environments has named routers the single most dangerous device category in enterprise networks, averaging 32 vulnerabilities per device and accounting for roughly a third of all critical vulnerabilities found in corporate infrastructure. Forty percent of device types on the 2026 riskiest list are entirely new entries, and 75% were not on the list two years ago — a pace of attack surface expansion that most security programs are not designed to absorb.

May 1, 2026

Smart Office Security Week in Review: The Seven Things That Mattered, April 22–28, 2026

This week produced a joint intelligence advisory on Chinese state-sponsored IoT device hijacking, a major Cisco wireless security report confirming that 85% of organizations are getting hit through wireless and IoT, critical vulnerabilities in Siemens industrial edge and building automation systems, a landmark workforce report linking skills gaps to real breaches, and a new NIST initiative on OT network visibility. Here is what it means for organizations running connected office environments.

April 29, 2026

The Skills Gap Is Now a Breach Statistic: What the SANS 2026 Workforce Report Means for OT and Smart Building Security

The SANS 2026 Cybersecurity Workforce Research Report, released at RSAC 2026, found that skills gaps — not headcount shortages — have become the leading workforce challenge in cybersecurity, with 27% of organizations reporting breaches directly linked to capability gaps. In OT and smart building environments, where specialized knowledge is scarce and AI is eliminating the training pipeline, the implications are severe.

April 26, 2026

Siemens Industrial Edge Auth Bypass (CVE-2026-33892): What This ICS Vulnerability Means for Connected Offices and OT Networks

CISA released an advisory on April 21, 2026 disclosing a critical authentication bypass in Siemens Industrial Edge Management that allows unauthenticated remote attackers to access connected edge devices. The vulnerability affects organizations using Siemens industrial edge infrastructure for manufacturing, smart building management, and IT/OT convergence deployments.

April 25, 2026

When Your Security Cameras Become the Attacker's Infrastructure: The IoT Pivot Threat in Smart Buildings

Security cameras, smart displays, and building automation devices are no longer just passive targets in a cyberattack — they are being actively repurposed as attack infrastructure. State-sponsored actors and criminal groups are using compromised IP cameras and IoT equipment as relay nodes, reconnaissance tools, and lateral movement staging points inside the networks they were supposed to protect.

April 24, 2026

85% of Organizations Got Hit Through Wireless: What the Cisco 2026 State of Wireless Report Means for Your Smart Office

Cisco surveyed 6,098 wireless decision-makers across 30 countries and found that 85% of organizations experienced wireless security incidents in the past year, with IoT and OT devices identified as the primary weak link. Half of those incidents cost over $1 million. Here is what the data means for organizations running connected smart offices.

April 23, 2026

China Is Weaponizing Your Office Router and IoT Devices: The Volt Typhoon and Flax Typhoon Threat Explained

A joint advisory from CISA, the FBI, NSA, and allied intelligence agencies issued April 22, 2026 confirms that Chinese state-sponsored groups are systematically compromising SOHO routers, IoT devices, and smart office equipment to build covert attack infrastructure. Your network edge devices are not just targets — they are being turned into weapons.

April 22, 2026

The ODNI Report Nobody Read: China, Russia, Iran, and North Korea Are All-In on Your Critical Infrastructure

The ODNI's annual threat assessment and Google's defense industrial base report confirm what a week of incidents has made viscerally clear: every major nation-state adversary has simultaneously prioritized critical infrastructure cyberattacks. The IoT and OT devices connecting your operations to the internet are their preferred entry point.

April 21, 2026

Manufacturing Ransomware's 'New Normal': 800 Victims, Data Extortion, and Four Groups Running the Show

Q1 2026 ransomware data confirms manufacturing's sustained crisis: 800+ victims across all sectors, attack volumes holding steady quarter-over-quarter, and a structural shift toward data extortion replacing traditional encryption. Four groups — RansomHub, SafePay, Akira, and Qilin — are running the industrial targeting playbook.

April 19, 2026

Bedside to Breach: 7 Million Medical IoT Devices, One Crisis, and the Ransomware Groups Targeting Them

22% of healthcare organizations have experienced cyberattacks that directly impacted medical devices, with three-quarters of those incidents disrupting patient care. As IoMT deployments surpass 7 million devices in smart hospitals, the attack surface is growing faster than the defenses.

April 12, 2026

Your Solar Panels Are Now a Cyberattack Vector: The Grid-Edge Threat Nobody Budgeted For

Millions of internet-connected solar inverters, battery storage systems, and smart meters now form the most distributed attack surface on the power grid. Security researchers have identified critical vulnerabilities that could allow remote manipulation of grid-edge devices at scale.

April 10, 2026

Masjesu: The Commercial IoT Botnet That Sells 290 Gbps DDoS Attacks on Telegram — and Targets Your Factory Floor

Security researchers have exposed Masjesu, a sophisticated IoT botnet sold as a DDoS-for-hire service on Telegram. It targets routers and gateways across ARM, MIPS, and AMD64 architectures — and has begun extorting smart manufacturing operations.

April 8, 2026

Six Agencies Just Sounded the Alarm: Iran Is Inside US Water and Energy Systems Right Now

A joint CISA advisory from six federal agencies confirms Iranian-affiliated hackers are exploiting internet-exposed Rockwell Automation PLCs across US water, energy, and municipal systems — without needing a single exploit.

April 7, 2026

America's Food Supply Under Silent Attack: 3,000 Farm Incidents and the Cybersecurity Blind Spot Nobody's Talking About

Over 3,000 farms, food processing facilities, and agriculture operations have suffered destructive incidents in five years. The cyber-physical attack surface on America's food supply is real — and largely undefended.

March 27, 2026

Manufacturing Under Siege: 89 Ransomware Attacks in 30 Days Signal Industry's Most Dangerous Era

Manufacturing is now the #1 ransomware target for five consecutive years. 89 confirmed attacks in 30 days reveals a structural shift — attackers are going after OT/ICS systems, not just IT infrastructure.

March 27, 2026

When Water Becomes a Weapon: Critical Infrastructure Under Fire in the 2026 Iran Conflict

Iran just struck a Bahrain desalination plant. The US hit one in Iran. Meanwhile, IRGC-linked hackers have been inside American water systems since 2023. Here's what the 2026 war means for water infrastructure security.

March 8, 2026

AI-Driven Intrusion Detection for Industrial IoT

Machine learning is revolutionizing how enterprises protect Industrial IoT environments. Discover how AI-driven intrusion detection is defending OT/IT convergence, enabling real-time anomaly detection, and integrating with platforms like Forescout and Netskope.

March 6, 2026

← All topics