IT / OT Security News
Headlines: 2026
24 May 2026
The War Between Wars: How an IRGC Cyber Front Runs Destructive OT and IT Attacks Under Cover of a Ceasefire
On a May afternoon, refrigeration engineers were called to a food-production plant. The cold rooms and freezers were warming up, and the product inside them was fresh. The engineers expected what they usually find: a failed compressor, a leaking valve, a tripped protection. They arrived ready to fix a machine.
20 May 2026
Real-World ICS Security Tales From the Trenches
Industrial control systems (ICS) and operational technology (OT) environments are often described as quiet, highly controlled worlds. In reality, they contain a range of risks, unexpected configurations, and operational complexities that are difficult to fully uncover through standard penetration testing or conventional risk assessments.
17 May 2026
State-backed ransomware activity raises new concerns over escalating threats to OT, critical infrastructure operations
Ransomware groups are increasingly being used as proxy weapons in geopolitical cyber warfare, enabling nation-states to exert pressure on their adversaries while maintaining plausible deniability.
8 May 2026
Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants
Poland’s Internal Security Agency (ABW) has documented a significant escalation in cyberattacks targeting industrial control systems (ICS) and other operational technology (OT) infrastructure during 2024 and 2025, with state-sponsored threat actors increasingly shifting focus toward the physical disruption of critical services.
7 May 2026
Claude AI Guided Hackers Toward OT Assets During Water Utility Intrusion
Cybersecurity firm Dragos has released a threat intelligence report detailing an intrusion into a municipal water and drainage utility in Monterrey, Mexico, in which an unidentified threat actor made extensive use of AI tools to assist its operation.
15 April 2026
$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks
The scale of infection among high-value targets proved particularly concerning. Of the hosts observed, 324 belonged to sensitive networks, including 221 universities and colleges, 41 operational technology (OT) networks, 35 government entities, and three healthcare organizations.
7 April 2026
Russian Hackers Exploiting Home and Small-office Routers in Massive DNS hijacking Attack
A large-scale campaign by Forest Blizzard, a Russian military-linked threat actor, targeting home and small-office routers to hijack DNS traffic and intercept encrypted communications with over 200 organizations and 5,000 consumer devices already compromised.
30 March 2026
Team Cymru warns exposed ICS and OT devices targeted by nation-state actors raise industrial, critical infrastructure risks
Following last month’s post highlighting its capabilities for protecting ICS (industrial control systems) and OT (operational technology) environments, Team Cymru published new research examining three case studies that reveal the extent of exposed ICS and OT devices known to be targeted by hostile nation-state actors. The findings underscore a critical concern: many of these systems remain directly exposed and vulnerable to exploitation.
24 March 2026
Iran Built a Vast Camera Network to Control Dissent. Israel Turned It Into a Targeting Tool
The role of Israel’s hijacking of Iran’s street cameras in the killing of the country’s supreme leader underscores how surveillance systems are increasingly being targeted by adversaries in wartime.
12 February 2026
CISA issues new OT security guidance to overcome cost and complexity barriers in critical infrastructure
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released new guidance aimed at closing long-standing gaps in OT (operational technology) security across critical infrastructure sectors, including water and wastewater, transportation, chemical, energy, and food and agriculture.
9 February 2026
Leaked technical documents show China rehearsing cyberattacks on neighbors’ critical infrastructure
China appears to be using a secret training platform to rehearse cyberattacks against the critical infrastructure of its closest neighbors, according to a cache of leaked technical documents reviewed by Recorded Future News.
30 January 2026
ICS Devices Bricked Following Russia-Linked Intrusion Into Polish Power Grid
The recent attack on Poland’s power grid, believed to have been conducted by Russian threat actors, targeted communication and control systems across roughly 30 sites and in some cases resulted in permanent industrial control system (ICS) damage, according to industrial cybersecurity firm Dragos.
26 January 2026
Poland repels data-wiping malware attack on energy systems
According to information shared by the Polish government earlier this month, the attacks happened on 29 and 30 December 2025, and targeted two combined heat and power (CHP) plants and a system enabling the management of electricity generated from wind turbines and photovoltaic farms.
15 January 2026
Chinese hackers targeting ‘high value’ North American critical infrastructure, Cisco says
Chinese hackers successfully breached multiple critical infrastructure organizations in North America over the last year using a combination of compromised credentials and exploitable servers, researchers at Cisco Talos found.