Skip to main content
System Status
Critical 10
|
High 38
|
Medium 1
|
Feed Online
UPDATED: 2026-06-11 00:00 UTC

FrostyGoop: The ICS Malware That Weaponised Modbus TCP Against Energy Infrastructure

FrostyGoop (BUSTLEBERM) is the first publicly documented ICS-specific malware to directly communicate with industrial devices via Modbus TCP. Its January 2024 deployment against a Ukrainian district heating company — disrupting heat for 600 buildings in winter — demonstrates the operational impact of OT-native attack tools.

GhostLock CVE-2026-43499: Advisory for OT Environments Running Linux-Based Historian and SCADA Systems

The GhostLock Linux kernel vulnerability (CVE-2026-43499) enables local privilege escalation to root in approximately five seconds with 97% reliability. OT environments running Linux-based historian servers, OPC-UA gateways, and SCADA platforms are directly affected. Patching and mitigation guidance for industrial operators.

Maritime Port and Shipping OT Cybersecurity: IMO Compliance and Sector Threats 2026

Cyberattacks targeting maritime infrastructure surged 103% in 2025. This briefing covers port OT architecture, threat actors, attack vectors against vessel control systems and terminal management, and the IMO and IACS regulatory requirements now in force.

IEC 61850 Substation Automation Security: Attack Surface and Hardening for Power Grid Operators

IEC 61850 is the dominant protocol for digital substation automation — and it was designed for operational reliability, not security. GOOSE messages carry no authentication. MMS sessions use optional TLS that most deployments skip. This analysis covers the threat model and practical hardening for utilities and grid operators.

Data Center OT Security: BMS, EPMS, and Cooling System Vulnerabilities

AI infrastructure buildout has made data centers a critical OT environment that receives less security scrutiny than industrial facilities. Building Management Systems, Electrical Power Management Systems, and cooling controllers run on the same unpatched, internet-exposed architectures as manufacturing OT — with similar consequences when compromised.

Chemical Sector OT Security: Safety Systems, Process Control, and Attack Paths in High-Consequence Environments

The chemical sector operates Safety Instrumented Systems alongside distributed control networks in environments where a cyber-physical incident can cause mass casualties. Triton/TRISIS set the benchmark for targeted SIS attacks in 2017; the threat has evolved but the fundamental exposure remains. This briefing covers the chemical sector OT threat landscape, SIS attack paths, and applicable compliance frameworks.

OT Incident Response: The First 48 Hours

When a cyber incident hits an operational technology environment, the first 48 hours determine whether a brief outage becomes a prolonged shutdown. This playbook covers the critical decisions, sequencing, and OT-specific considerations that IR teams need to get right from the first alert.

Siemens S7comm Protocol: Attack Surface, Unauthenticated Access, and OT Network Detection

S7comm is Siemens' proprietary PLC communication protocol. Legacy S7comm lacks authentication and encryption, enabling unauthenticated read/write access to process data and PLC control commands. This guide covers the attack surface, documented exploit techniques, and detection approaches for OT defenders.

CISA June 2026 ICS Advisories: Siemens WinCC and Rockwell RSLinx RCE

CISA released a batch of 10 ICS advisories on June 23, 2026, including critical vulnerabilities in Siemens WinCC Certificate Manager and SIPROTEC 5. Separately, ICSA-26-167-02 documents an unauthenticated stack-based buffer overflow in Rockwell Automation RSLinx Classic enabling remote code execution.

EV Charging Infrastructure Cybersecurity: OCPP Vulnerabilities, Grid Attack Surfaces, and Operator Obligations

The rapid buildout of EV charging infrastructure has created a new OT attack surface at the intersection of transportation, energy, and consumer technology. This briefing covers OCPP protocol vulnerabilities, documented attack incidents, the grid stability risk from coordinated charging manipulation, and what operators need to implement to meet emerging regulatory standards.

Securing OT Remote Access: VPN, ZTNA, and Jump Server Architecture for Industrial Networks

Remote access to operational technology environments expanded dramatically during 2020-2022 and was never fully locked down. This guide covers the specific risks of each remote access pattern — vendor VPNs, site VPNs, jump servers, and ZTNA — and the hardening steps that reduce the attack surface without breaking the maintenance workflows OT teams depend on.

Railway and Transport SCADA Cybersecurity: Attack Surfaces, Nation-State Threats, and TSA Directives

Railway and mass transit systems operate a complex mix of operational technology — signalling, SCADA, ETCS, and passenger information systems — across environments that were designed for availability and safety, not cyber resilience. This briefing covers the attack surface, documented threat actor targeting, and current regulatory requirements under TSA's rail cybersecurity directives.

NERC CIP in 2026: Where Compliance Ends and Real OT Security Begins

NERC CIP is the compliance baseline for US bulk electric system cybersecurity — not a security ceiling. This briefing examines where NERC CIP requirements leave real gaps: low-impact assets, supply chain enforcement, operational technology visibility, and the delta between checkbox compliance and defensible OT security posture.

Food and Agriculture OT Security: A Sector Facing Escalating Cyber Threats

Ransomware disruptions to JBS, NEW Cooperative, Crystal Valley, and Dole demonstrated that food and agriculture OT is a material critical infrastructure target. As FDA traceability requirements add digital connectivity to previously isolated systems, the attack surface is expanding while security maturity lags.

Solar Inverter OT Security 2026: Solarman, Deye, and 195GW of Grid Attack Surface

Bitdefender researchers disclosed critical vulnerabilities in Solarman and Deye solar inverter management platforms in 2024-2025, covering 195GW of installed capacity. OAuth token endpoint flaws, JWT reuse attacks, and hard-coded credentials created paths from the internet to grid-connected OT equipment. This article covers the vulnerability classes, the attack surface, and what energy sector operators need to assess.

Oil and Gas Pipeline Cybersecurity: TSA Directives, OT Threat Landscape, and Compliance Requirements in 2026

The TSA's pipeline cybersecurity directives have fundamentally changed the compliance environment for US pipeline operators. This analysis covers the directive requirements, the OT threat actors specifically targeting oil and gas infrastructure, and the technical controls that actually move the needle.

CISA ICS Advisory Roundup: Inductive Automation Ignition, ICONICS GENESIS64, and Mitsubishi Electric Vulnerabilities June 2026

CISA released nine ICS advisories in June 2026 covering critical and high-severity vulnerabilities in Inductive Automation Ignition, ICONICS/Mitsubishi GENESIS64, and Axis network cameras used in OT environments. This roundup covers the operational risk and remediation priorities.

Building Automation System Security: BACnet, BMS Hardening, and the OT-IT Convergence Risk

Building automation systems control HVAC, lighting, access control, and fire suppression across commercial and industrial facilities. As BAS deployments converge with IP networks, legacy protocols like BACnet and Modbus are now internet-adjacent — with predictable results for attack surface.

CISA Advisory: Automatic Tank Gauge Systems Under Active Attack — What OT Operators Need to Do Now

CISA, FBI, NSA, and five other US federal agencies issued a joint advisory in June 2026 warning of active malicious cyber activity targeting internet-exposed automatic tank gauge (ATG) systems across the energy, water, transportation, and critical infrastructure sectors. Attackers are exploiting authentication bypass and command execution flaws to modify pump controls and disable safety alerts.

Maritime OT Security 2026: ECDIS Vulnerabilities, AIS Spoofing, and the Threat to Port Systems

Maritime operational technology spans navigation systems, ship management platforms, and port infrastructure — all increasingly networked, poorly patched, and targeted by both state and criminal actors. This sector briefing covers the current maritime threat landscape, key vulnerability classes in ECDIS and AIS, GPS/GNSS spoofing in contested regions, and the IMO and DNV frameworks guiding the sector's security response.

OPC UA Security: Attack Surface Analysis and Hardening Recommendations for Industrial Environments

OPC Unified Architecture has become the dominant interoperability standard for industrial communication — and a consistent target in ICS-focused threat campaigns. This analysis covers the OPC UA threat model, documented vulnerability classes from recent CVEs, known exploitation by nation-state actors, and the hardening steps that reduce exposure without breaking operational continuity.

Advantech WebAccess/SCADA: Multiple High-Severity Vulnerabilities Enable Remote Code Execution

Advisories covering Advantech WebAccess/SCADA document path traversal, unrestricted file upload, and SQL injection vulnerabilities rated up to CVSS 8.8. WebAccess/SCADA is deployed across manufacturing, energy, and water treatment facilities globally. This analysis covers the vulnerability classes, exploitation paths, and immediate mitigations for OT operators.

Record 508 ICS Advisories in 2025: What the Vulnerability Surge Means for OT Defenders

Forescout's analysis of 2025 ICS security advisories identifies a record 508 advisories covering 2,155 vulnerabilities — with 82% rated high or critical. Field controllers, PLCs, and SCADA systems are the primary targets, and the growing share of advisories with no available patch creates an unresolvable exposure category that demands compensating controls.

CISA's Zero Trust Roadmap for OT: What the April 2026 Joint Guidance Means for Industrial Operators

CISA's April 2026 joint guidance 'Adapting Zero Trust Principles to Operational Technology' lays out a practical roadmap for applying zero trust in environments where the standard IT playbook doesn't work — legacy protocols, uptime requirements, and safety constraints included.

Schneider Electric EcoStruxure Vulnerability Roundup: Critical Advisories Affecting Energy, Manufacturing, and Data Centre Operations

Schneider Electric has issued multiple CISA-coordinated advisories in 2026 covering critical vulnerabilities across the EcoStruxure platform suite -- including a CVSS 9.8 deserialization flaw in the Foxboro DCS Advisor, hard-coded credentials in Data Center Expert, and local RCE in Power Monitoring Expert.

IEC 62443: The OT Security Standard Your Procurement Team Needs to Understand

IEC 62443 is the international standard series for industrial cybersecurity. This explainer covers the structure of the standard, what Security Levels mean in practice, the zones and conduits model, and how to reference 62443 in vendor contracts to actually improve your security posture.

Four-Faith Routers Under Active Attack, Iranian Threat Actors Hit US Fuel Systems

Mass exploitation of two vulnerabilities in Four-Faith industrial routers began May 12 with 139 attacking IPs observed against 15,800 exposed devices. Meanwhile, Iranian-linked threat actors continue automated attacks against Automatic Tank Gauge systems at US petrol stations.

OT Threat Landscape 2026: New Dragos Groups, Shrinking Exploit Windows, and the Visibility Crisis

Dragos's 2026 OT cybersecurity year-in-review identifies 26 threat groups specifically targeting operational technology -- including three newly tracked groups -- as exploit timelines compress to 24 days and fewer than one in ten OT networks have active monitoring. A practical analysis for OT security practitioners.