IT / OT Security News

OT and ICS systems indeed hold the crown jewels of critical infrastructure organizations, but unmonitored data sprawl is proving to be pure gold for increasingly brazen nation-state threat actors like Volt Typhoon, Pearce argues.

The European Union’s cybersecurity agency ENISA has published its 2025 Threat Landscape report, which shows that a significant percentage of the attacks aimed at the EU over the past year targeted operational technology (OT) systems.

NIST has published a new guide designed to help organizations reduce cybersecurity risks associated with the use of removable media devices in operational technology (OT) environments.

Cybersecurity agencies in several countries have teamed up to create new guidance for operational technology (OT) organizations, specifically for building and maintaining a definitive view of their architecture.

Some of the industrial cameras made by Cognex are affected by potentially serious vulnerabilities, but they will not receive a patch.

Jaguar Land Rover said Tuesday that its production lines, shut down after a cyberattack in August, will remain at a halt until at least Oct. 1.

Some of the industrial control system (ICS) products made by Taiwan-based Novakon are affected by serious vulnerabilities, and the vendor does not appear to have released any patches.

New research exposes vulnerabilities, talent gaps, and regulatory challenges threatening Canada’s OT resilience

Britain's largest carmaker, Jaguar Land Rover, said a pause in production due to a cyber attack would now stretch to September 24, extending the stoppage at its British plants to more than three weeks.

Threat actors are exploiting a critical-severity vulnerability in DELMIA Apriso factory software, the US cybersecurity agency CISA warns.

Several industrial control systems (ICS) giants have published new security advisories this Patch Tuesday, including Rockwell Automation, Siemens, Schneider Electric, and Phoenix Contact.

The US Department of State this week announced rewards of up to $10 million for information on three Russian Federal Security Service (FSB) officers.

Tire manufacturer launches a comprehensive investigation after a limited cyber incident affects operations at multiple plants.

Jaguar Land Rover’s manufacturing and retailing activities have been “severely disrupted” by a cyber incident, forcing it to shut down its systems.

Following its March analysis of the Lab Dookhtegan cyberattack on Iranian oil tankers, Cydome released its ‘Second Wave Findings’ in August, a follow-up that filled in the missing details.

The interconnected nature of organizational systems has made it more complicated to identify and protect industrial crown jewels, especially as nation-state hackers and state-sponsored adversaries attempt to breach such environments.

The China-linked cyberespionage group known as Salt Typhoon has been compromising backbone and edge routers globally for persistent access to networks across multiple industries, government agencies in the US and allied countries warn.

Hackers associated with some of Russia’s most prolific cyber espionage units have over the last year been leveraging a vulnerability in older Cisco software to target thousands of networking devices associated with critical infrastructure IT systems, the FBI and Cisco said on Wednesday.

Growing use of social engineering capabilities by cyber adversaries across OT (operational technology) environments is driving a new class of high-consequence threats that threaten the stability of critical systems.

Russian hackers are likely behind suspected sabotage at a dam in Norway in April that affected water flows, police officials told Norwegian media on Wednesday.

An Erlang/OTP vulnerability whose existence came to light in mid-April has been exploited in the wild, with many attacks apparently targeting operational technology (OT) networks.

Researchers demonstrated that smart buses, the transportation vehicles that incorporate various systems to improve safety, efficiency, and passenger experience, can be remotely hacked.

Black Hat Four countries have now tested anti-satellite missiles (the US, China, Russia, and India), but it's much easier and cheaper just to hack them.

Digital surveillance is the cornerstone of modern facilities security, with video system deployments guarding enterprises, airports, schools, and government agencies.

Bitdefender researchers have uncovered critical security flaws in Dahua’s Hero C1 (DH-H4C) smart camera series.

Deep dive into UNC2891’s multi‑stage bank intrusion: Raspberry Pi ATM implant, bind mount evasion, Dynamic DNS C2, and a CAKETAP move toward HSM manipulation.

LG Innotek LNV5110R security cameras are affected by a vulnerability that can be exploited for unauthenticated remote code execution.

The ongoing momentum towards becoming and staying compliant would transform industrial cybersecurity, moving operators out of reactive checklists and into continual, systematic change.

Singapore said on Friday that it was responding to cyberattacks on its critical infrastructure by an espionage group alleged by security experts to be linked to China.

Security teams aren't patching firmware promptly, no one's vetting the endpoints before purchase, and visibility into potential dangers is limited — despite more and more cyberattackers targeting printers as a matter of course.

A vulnerability affecting systems named End-of-Train and Head-of-Train can be exploited by hackers to cause trains to brake.

​

​

​

The US government is again warning about potential Iranian cyberattacks as researchers find that hackers’ favorite ICS targets remain exposed.

​

Especially in APAC, the fallout from cyber extortion and related threats is too severe for organizations to rely on reactive strategies.

The U.S. Food and Drug Administration (FDA) is urging medical device manufacturers to ensure the security of connected operational technologies due to the increasing threat to manufacturing supply chains.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released two industrial control systems (ICS) advisories highlighting hardware vulnerabilities in Mitsubishi Electric and TrendMakers equipment.

Rapid7 has found several serious vulnerabilities affecting over 700 printer models from Brother and other vendors.

Unidentified hackers have breached the systems of a Norwegian dam and opened its water valve at full capacity in an incident this April.

Israeli officials are urging citizens to disconnect internet-connected security cameras, warning that Iran may be exploiting them to gather real-time intelligence and adjust missile targeting.

A new report from Virtual Routes highlights that many critical infrastructure entities across Europe remain ill-prepared to defend against cyber threats.

Cyfirma researchers this week profiled MISSION2025, a Chinese state-sponsored threat group tied to APT41.

It’s time for enterprises to stop treating unmanaged devices as an edge case and start securing them as part of a unified Zero Trust strategy.

Industrial solutions providers Siemens, Schneider Electric and Aveva have released June 2025 Patch Tuesday ICS security advisories.

Bitsight has identified over 40,000 security cameras that can be easily hacked for spying or other types of malicious activity.

Manufacturers are increasingly vulnerable to attacks amid a lack of specialized employee training and poor infrastructure, experts say.

Censys researchers follow some clues and find hundreds of control-room dashboards for US water utilities on the public internet.

Researchers from Forescout have analyzed the prevalence of internet-exposed solar power devices and shared a list of the top vendors and devices.

Manufacturing organizations have been subjected to cyber intrusions from 71% more threat actors in 2024, compared with the previous year

A critical command execution vulnerability has been found by a researcher in Instantel Micromate monitoring units.

New research from Claroty’s Team82 uncovered critical security vulnerabilities in the Allen-Bradley (Rockwell Automation) PowerMonitor 1000

Hackers working for Russian military intelligence targeted Western technology and logistics companies involved in shipping assistance to Ukraine

More than 100 AutomationDirect MB-Gateway devices may be vulnerable to attacks from the internet due to CVE-2025-36535.

Industrial giants Siemens, Schneider Electric and Phoenix Contact have released ICS security advisories on the May 2025 Patch Tuesday.

U.S. energy officials are reassessing the risk posed by Chinese-made devices that play a critical role in renewable energy infrastructure after unexplained communication equipment was found inside some of them, two people familiar with the matter said.

Amid intensifying AI-boosted threats, industrial enterprises can review the following checklists to strengthen cybersecurity, ensure business continuity, and maintain cyber resilience.

Senior government officials have “concerns” about the robustness of cyber defences at small and medium-sized power facilities, notably solar and wind farms...

Following a recent widespread blackout, Spain's cybersecurity agency is investigating the cyber defenses of smaller electricity generators, particularly renewable energy facilities.

Agencies say the attacks leverage basic intrusion techniques, but poor cyber hygiene within critical infrastructure organizations could lead to disruptions and damage.

An Iranian state-sponsored threat group has been attributed to a long-term cyber intrusion aimed at a critical national infrastructure (CNI) in the Middle East that lasted nearly two years.

Nova Scotia Power and Emera are responding to a cybersecurity incident that impacted IT systems and networks.

Aigües de Mataró, a Spanish water supplier responsible for both drinking water and sewage systems, announced on Wednesday that its corporate computer systems and website were hit by a cyberattack.

Russian state-sponsored hackers have attempted to sabotage Dutch critical infrastructure in attacks this year and last

Lantronix’s XPort device is affected by a critical vulnerability that can be used for takeover and disruption, including in the energy sector.

Frenos, a company specializing in autonomous OT security assessment platforms, has alerted OT (operational technology) security professionals to a major new vulnerability discovered in 2025.

Countries around the world are preparing for greater digital conflict as increasing global tensions.

As a continuation of its earlier research report, Resecurity released new threat intelligence research highlighting threat actors targeting energy installations in North America, Asia, and the European Union, including nuclear facilities and related research entities.

Despite their hacktivist front, CyberAv3ngers is a rare state-sponsored hacker group bent on putting industrial infrastructure at risk—and has already caused global disruption.

City officials have disabled crosswalk voice announcement features, for now.

In a secret meeting between Chinese and US officials, the former confirmed conducting cyberattacks on US infrastructure.

Industrial giants Siemens, Rockwell, Schneider and ABB have released their March 2025 Patch Tuesday ICS security advisories.

Microsoft’s offensive security team warned Canon about a critical code execution vulnerability in printer drivers.

Analysis found that 99% of healthcare organizations are vulnerable to publicly available exploits.

Forescout has found dozens of vulnerabilities in solar power systems from Sungrow, Growatt and SMA.

A sophisticated Linux-based backdoor dubbed “OrpaCrab” has emerged as a significant threat to operational technology (OT) systems.

Production line monitoring cameras made by Inaba can be hacked for surveillance and sabotage, but they remain unpatched.

Researchers at QiAnXin XLab have uncovered a sophisticated Linux-based backdoor dubbed OrpaCrab

Threats themselves change very little, but the tactics used are continually revised to maximize the criminals’ return on investment and effort.

ICS/OT security firm Dragos on Wednesday published a case study describing an intrusion attributed to the notorious Chinese threat actor Volt Typhoon into the US electric grid.

Cyber-physical systems security company TXOne Networks has published its 2024 Annual OT/ICS Cybersecurity Report.

In this article, our team details how Akira was able to compromise an unsecured webcam in order to circumvent an Endpoint Detection and Response (EDR) tool and deploy ransomware.

The SANS Institute and OPSWAT on Tuesday published the 2025 ICS/OT Cybersecurity Budget Report.

Direct attacks on critical infrastructure get a lot of attention, but the bigger danger often lies in something less visible: The poor cybersecurity practices of the businesses that keep these systems running.

Cybersecurity company Nozomi Networks has released its latest OT and IoT security report, OT/IoT Cybersecurity Trends and Insights, February 2025.

Industrial cybersecurity company Dragos on Tuesday published its 2025 OT/ICS Cybersecurity Report, which provides insights on the threat activity and trends observed last year.

A subgroup of the Russia-linked Seashell Blizzard is tasked with broad initial access operations to sustain long-term persistence.

Traditionally, chief information security officers (CISOs) concentrated on protecting digital data, corporate networks and IT environments. Meanwhile, operational technology (OT) systems — found in critical sectors such as manufacturing, energy and transportation — operated in isolation, prioritizing stability and continuity over cybersecurity.

The Contec CMS8000 patient monitors do not contain a malicious backdoor but are plagued by an insecure and vulnerable design.

The US Cybersecurity and Infrastructure Security Agency (CISA) is warning that Contec CMS8000 devices, a widely used healthcare patient monitoring device, include a backdoor that quietly sends patient data to a remote IP address and downloads and executes files on the device.

Industrial automation protocols continue to be the most targeted in OT attacks, but building automation systems have been increasingly targeted.

Why does ICS/OT need specific controls and its own cybersecurity budget today? Because treating ICS/OT security with an IT security playbook isn't just ineffective—it's high risk.

Schneider Electric, Siemens, CISA, and Phoenix Contact have released January 2025 Patch Tuesday ICS security advisories.

CISA and other Western security agencies have shared guidance for OT owners and operators when procuring products.

As we enter 2025, the frequency and sophistication of cyberattacks on critical national infrastructure (CNI) in the US are rising at an alarming rate.