Skip to main content

Tag: industrial control systems

135 articles

Industrial control equipment and network switch on a rack in a brightly-lit control room.

Siemens ROX II Zero-Days Expose Critical Infrastructure Risks

Our research team, in close collaboration with Siemens, uncovered a critical vulnerability chain of three zero-day exploits in Siemens ROX II operational-technology switches, posing significant risks to critical infrastructure security. This chained exploit could allow attackers to escalate from basic reconnaissance to full root-level control.

Analyst 207
A dimly lit industrial control room with a clean, empty workstation and unoccupied chair in front of computer screens and…

Malicious Activity on Industrial Systems Declines to 3-Year Low

Malicious activity on industrial systems has hit a 3-year low, with only 19.6% of ICS computers encountering malicious objects in Q1 2026 - a significant drop of 1.4 times from Q2 2023. However, beneath the calm surface, localized spikes of threats persist, warranting close attention.

Analyst 207
Brightly lit industrial facility server room with computer workstations and equipment.

Schneider Electric Software Vulnerability Exposes Industrial Facilities to Risk

A newly discovered vulnerability in Schneider Electric's Floating License Manager could put industrial facilities at risk, allowing attackers to exploit a weakness in the FlexNet Publisher component. This security gap stems from a hardcoded OpenSSL configuration path that can be manipulated to load malicious DLLs.

Analyst 207
Industrial control systems and server equipment in a brightly-lit manufacturing setting.

CISA Flags Exploited PTC Windchill Flaw Amid Web Shell Attacks

PTC has confirmed that attackers are exploiting a high-severity flaw, CVE-2026-12569, in its Windchill software to drop malicious web shells on vulnerable systems, allowing them to execute arbitrary code remotely. The company has reported heightened threat activity, urging users to take immediate action to protect themselves.

Analyst 207
CISA Warns of Active Exploitation of Lantronix EDS5000 Flaw

CISA Warns of Active Exploitation of Lantronix EDS5000 Flaw

A critical code-injection flaw, CVE-2025-67038, has been discovered in Lantronix EDS5000 Series devices, allowing attackers to inject arbitrary OS commands with root privileges due to a lack of input sanitization in the HTTP RPC module. This vulnerability has a CVSS score of 9.8, indicating a high severity level.

Analyst 207
Rows of equipment racks and networking gear in a brightly-lit server room.

FortiBleed Exposes 73,000 Fortinet VPN Credentials Worldwide

A massive security breach has exposed a whopping 73,000 Fortinet VPN credentials worldwide, putting tens of thousands of firewall endpoints at risk, including those of major companies like Chevron, Samsung, and Mercedes-Benz. The alarming leak, discovered by security researcher Bob Diachenko, contains sensitive information like usernames, email addresses, and plaintext passwords.

Analyst 207
Water treatment plant interior showing operational equipment and controls.

Experts Cast Doubt on Handala's US Water Hacking Claims

Experts are debunking Handala's claims of being able to shut off water in US cities, with no evidence to back up the group's bold assertions. According to Sean Malone, Chief Information Security Officer at BeyondTrust, the breach appears to be limited to non-critical systems, with no impact on water treatment or distribution.

Analyst 207
Internet-exposed automatic tank gauge system at a gas station with pumps and convenience store in the background.

US Gas Station Tank Gauge Systems Vulnerable to Ongoing Attacks

US gas stations are under cyberattack, with hackers exploiting vulnerable tank gauge systems to gain control and wreak havoc. A joint advisory from top US agencies is urging critical infrastructure organizations to secure their internet-exposed systems ASAP.

Analyst 207
Industrial setting with fuel storage tanks and an automatic tank gauge system.

Hackers Target Fuel Tank Monitoring Systems with Cyberattacks

Cyber attackers are launching targeted strikes on internet-exposed fuel tank monitoring systems, allowing them to modify and manipulate critical infrastructure. These compromised systems, known as automatic tank gauges, remotely track fuel levels, temperatures, and leaks, making them a prime target for malicious actors.

Analyst 207
Research facility computer workstation with simulation software on a blurred monitor.

Fast16 Malware Targeted Nuclear Weapons Simulations Pre-Stuxnet

Meet the fast16 malware, a highly targeted threat that sabotaged nuclear weapons simulations by corrupting results in popular engineering tools LS-DYNA and AUTODYN, but only when conditions reached explosive intensities. Its creators fine-tuned it to strike with surgical precision.

Analyst 207
Control room with exposed management panels and industrial equipment on a neutral-colored wall.

Russia Targets Polish Water Utilities in Hybrid Warfare Campaign

Poland's Internal Security Agency has uncovered a concerning trend: five cyber intrusions into water utilities have been linked to a pro-Russian hybrid campaign, part of a broader Kremlin strategy to target NATO's eastern flank.

Analyst 207
Water utility industrial setting with computer systems in background.

UK Water Utility Exposed: Hackers Hid Undetected for 20 Months

In a shocking revelation, hackers secretly lurked on South Staffordshire Water's corporate network for 20 months, evading detection until a performance issue sparked an investigation in July 2022. The stealthy attackers gained unauthorized access via a September 2020 phishing attack, harvesting credentials and even attempting to deploy ransomware before being finally uncovered.

Analyst 207
Industrial control systems and pipes at a municipal water utility under ordinary lighting, with subtle hints of a potential…

Dragos Warns of AI-Powered Cyber-Attack on Mexican Water Utility

A recent cyber attack on a Mexican water utility highlights the growing threat of AI-powered attacks, with commercial AI tools used to identify and breach operational technology infrastructure. The attack, detected by Dragos, shows how easily an adversary can target critical infrastructure with the help of advanced AI tools.

Analyst 207
Researchers Uncover Fast16 Malware's Stealthy Industrial Sabotage Role

Researchers Uncover Fast16 Malware's Stealthy Industrial Sabotage Role

Researchers have uncovered a highly sophisticated malware, Fast16, designed to secretly sabotage industrial operations by subtly manipulating critical calculations, leading to potentially catastrophic failures. This stealthy threat can silently spread across networks, altering results in high-precision applications and causing damage to real-world equipment.

Analyst 207
Smart meter on a utility pole with blurred details set against a calm daytime city backdrop.

Medtronic, Itron Disclose Breaches by Digital Intruders

Itron sprang into action after detecting an unauthorized break-in on April 13, swiftly notifying law enforcement, and working with cybersecurity experts to investigate and remediate the breach. The company has since confirmed that it has prevented any further unauthorized activity within its corporate systems.

Analyst 207
Stealthy cyber attack scene on a laptop screen in a lab setting.

Fast16 Malware Exposes Pre-Stuxnet Cyber Warfare Roots

Meet fast16, a sneaky malware framework that's been around since 2005 - five years before the infamous Stuxnet - and is designed to quietly sabotage high-precision software by subtly altering numerical results. This stealthy approach can cause systems to fail, wear out faster, or produce false conclusions, making it a chilling precursor to modern cyber warfare.

Analyst 207
Secure facility entrance with subtle tech infrastructure in background.

Itron Discloses Cyberbreach, Launches Investigation

Itron has launched a swift investigation into a recent cyber security breach, taking immediate action to assess, mitigate, and contain the incident with the help of external advisors and law enforcement. The company currently believes the breach will not have a significant impact on its operations.

Analyst 207
Researcher working on computer in laboratory setting with technical equipment.

Researchers Uncover Fast16 Malware That Preceded Stuxnet

Meet fast16.sys, a sneaky kernel driver that intercepts and modifies executable code as it's read from disk, giving its creators unprecedented control over the storage stack and filesystem. This boot-start filesystem component was a game-changer in its time, and researchers are still unraveling its secrets.

Analyst 207
Rows of computer servers and equipment in a calm, professional data center.

Itron Breach Exposes Internal IT Network Vulnerability

Itron recently disclosed that its internal IT network was breached by an unauthorized third party, prompting swift action to contain and mitigate the incident. The company quickly activated its cybersecurity response plan and notified law enforcement, successfully blocking the unauthorized activity with no reported follow-up attempts.

Analyst 207
Industrial control system interface on a computer screen with blurred machinery in the background.

Researchers Uncover 'fast16' Malware Targeting Engineering Software Years Before Stuxnet

Researchers have uncovered a long-forgotten malware, fast16, that was designed to sabotage engineering software, beating even the infamous Stuxnet by at least five years. This ancient cyber threat, dating back to 2005, was engineered to spread rapidly and produce inaccurate calculations across entire facilities.

Analyst 207
Control room of a water treatment plant with a computer workstation in the foreground and blurred equipment in the…

New Malware ZionSiphon Targets Water Plants, Falls Flat

A new piece of malware called ZionSiphon, reportedly targeting Israeli water facilities, has been found to be surprisingly inept, with experts describing it as broken and showing little understanding of its supposed targets. The malware's code includes strings referencing the Israeli water sector and politically charged messaging, but its overall incompetence has downplayed initial alarm.

Analyst 207
Exposed serial-to-IP converter on a worn workbench surrounded by tangled wires and broken machinery under a flickering…

Vulnerabilities Expose 20,000 Serial-to-IP Converters to Hijacking Risk

A shocking 20,000 serial-to-IP converters are at risk of being hijacked due to newly discovered vulnerabilities, putting countless systems and data in jeopardy. Cybersecurity experts at Forescout Research Vedere Labs have uncovered 22 flaws in popular models from leading manufacturers Lantronix and Silex.

Analyst 207
Dimly lit control room with computer screens and machinery, eerie shadows cast by flickering fluorescent light.

ZionSiphon Malware Targets Water Infrastructure Systems becomes ZionSiphon Malware Infiltrates Water Infrastructure Systems

Imagine malware that's not just a data thief, but a menacing force that can map and disrupt the very plumbing of a city - that's the alarming reality of ZionSiphon, a malicious tool targeting water infrastructure systems with sabotage and scanning capabilities. This sinister malware can scan, disrupt, and wreak havoc on operational-technology water systems, posing a significant threat to public safety.

Analyst 207
Dripping faucet over cracked earth with dimly lit control room and devices in background.

Malware Targets Israeli Water Systems with Precision Attacks

A newly discovered malware strain called ZionSiphon is threatening Israeli water systems with precision attacks, leaving experts concerned about the vulnerability of critical infrastructure. This sophisticated code can infiltrate and manipulate the machines that control pumps and filters, putting a city's taps at risk.

Analyst 207