Skip to main content
System Status
Critical 10
|
High 38
|
Medium 1
|
Feed Online
UPDATED: 2026-06-11 00:00 UTC

FrostyGoop: The ICS Malware That Weaponised Modbus TCP Against Energy Infrastructure

FrostyGoop (BUSTLEBERM) is the first publicly documented ICS-specific malware to directly communicate with industrial devices via Modbus TCP. Its January 2024 deployment against a Ukrainian district heating company — disrupting heat for 600 buildings in winter — demonstrates the operational impact of OT-native attack tools.

GhostLock CVE-2026-43499: Advisory for OT Environments Running Linux-Based Historian and SCADA Systems

The GhostLock Linux kernel vulnerability (CVE-2026-43499) enables local privilege escalation to root in approximately five seconds with 97% reliability. OT environments running Linux-based historian servers, OPC-UA gateways, and SCADA platforms are directly affected. Patching and mitigation guidance for industrial operators.

Modbus Protocol Security: Attack Surface, Exploitation, and OT Network Hardening

Modbus is the most widely deployed industrial protocol in the world — and one of the least secure. This guide covers the Modbus attack surface, documented exploitation techniques used against OT environments, and practical hardening measures for energy, water, and manufacturing defenders.

OT Incident Response: The First 48 Hours

When a cyber incident hits an operational technology environment, the first 48 hours determine whether a brief outage becomes a prolonged shutdown. This playbook covers the critical decisions, sequencing, and OT-specific considerations that IR teams need to get right from the first alert.

Siemens S7comm Protocol: Attack Surface, Unauthenticated Access, and OT Network Detection

S7comm is Siemens' proprietary PLC communication protocol. Legacy S7comm lacks authentication and encryption, enabling unauthenticated read/write access to process data and PLC control commands. This guide covers the attack surface, documented exploit techniques, and detection approaches for OT defenders.

Securing OT Remote Access: VPN, ZTNA, and Jump Server Architecture for Industrial Networks

Remote access to operational technology environments expanded dramatically during 2020-2022 and was never fully locked down. This guide covers the specific risks of each remote access pattern — vendor VPNs, site VPNs, jump servers, and ZTNA — and the hardening steps that reduce the attack surface without breaking the maintenance workflows OT teams depend on.

PIPEDREAM and COSMICENERGY: The ICS Malware Frameworks Built for Grid Disruption

PIPEDREAM (disclosed April 2022) and COSMICENERGY (May 2023) are the two most sophisticated ICS-targeting malware frameworks to emerge since TRITON. Both target industrial protocols used in power and energy infrastructure. This analysis covers their architecture, capabilities, and what they mean for defenders.

DNP3 Protocol Security: Authentication, Attack Vectors, and Hardening for Energy and Water Utilities

DNP3 is the dominant SCADA communication protocol for energy and water utilities in North America. This guide covers its security architecture, known attack vectors, DNP3 Secure Authentication v5, and practical hardening for operational environments.

Ransomware in OT Environments: How Manufacturing and Energy Operators Are Being Hit in 2026

Ransomware groups are no longer stopping at IT systems. This sector briefing covers how operators in manufacturing, energy, and water treatment are being targeted in 2026 — the specific OT attack vectors, operational impact patterns, and the defensive controls that matter most.

ICS Patch Tuesday June 2026: Critical Vulnerabilities in Siemens, Honeywell, and Mitsubishi Electric Products

The June 2026 ICS Patch Tuesday cycle brings critical and high-severity advisories affecting Siemens industrial networks, Honeywell building and process control systems, and Mitsubishi Electric PLCs. OT security teams should prioritise triage and remediation planning for affected assets.

CISA Advisory: Automatic Tank Gauge Systems Under Active Attack — What OT Operators Need to Do Now

CISA, FBI, NSA, and five other US federal agencies issued a joint advisory in June 2026 warning of active malicious cyber activity targeting internet-exposed automatic tank gauge (ATG) systems across the energy, water, transportation, and critical infrastructure sectors. Attackers are exploiting authentication bypass and command execution flaws to modify pump controls and disable safety alerts.

OPC UA Security: Attack Surface Analysis and Hardening Recommendations for Industrial Environments

OPC Unified Architecture has become the dominant interoperability standard for industrial communication — and a consistent target in ICS-focused threat campaigns. This analysis covers the OPC UA threat model, documented vulnerability classes from recent CVEs, known exploitation by nation-state actors, and the hardening steps that reduce exposure without breaking operational continuity.

Advantech WebAccess/SCADA: Multiple High-Severity Vulnerabilities Enable Remote Code Execution

Advisories covering Advantech WebAccess/SCADA document path traversal, unrestricted file upload, and SQL injection vulnerabilities rated up to CVSS 8.8. WebAccess/SCADA is deployed across manufacturing, energy, and water treatment facilities globally. This analysis covers the vulnerability classes, exploitation paths, and immediate mitigations for OT operators.

Record 508 ICS Advisories in 2025: What the Vulnerability Surge Means for OT Defenders

Forescout's analysis of 2025 ICS security advisories identifies a record 508 advisories covering 2,155 vulnerabilities — with 82% rated high or critical. Field controllers, PLCs, and SCADA systems are the primary targets, and the growing share of advisories with no available patch creates an unresolvable exposure category that demands compensating controls.

CISA's Zero Trust Roadmap for OT: What the April 2026 Joint Guidance Means for Industrial Operators

CISA's April 2026 joint guidance 'Adapting Zero Trust Principles to Operational Technology' lays out a practical roadmap for applying zero trust in environments where the standard IT playbook doesn't work — legacy protocols, uptime requirements, and safety constraints included.

Iranian APT Groups Escalate Attacks on Internet-Exposed PLCs: Water, Energy and Government Under Threat

Since March 2026, Iranian-affiliated APT actors have been conducting disruptive attacks on internet-exposed programmable logic controllers across US critical infrastructure — particularly water/wastewater, energy, and government services. A joint advisory from CISA, FBI, NSA and US Cyber Command details the campaign and recommended mitigations.

CISA CI Fortify: What the New OT Isolation Guidance Means for Operational Technology Operators

CISA's CI Fortify initiative moves beyond standard patching guidance to address a harder problem: how critical infrastructure OT environments maintain operational continuity when internet, cloud, and telecom connectivity is severed during a geopolitical cyber crisis.

IEC 62443: The OT Security Standard Your Procurement Team Needs to Understand

IEC 62443 is the international standard series for industrial cybersecurity. This explainer covers the structure of the standard, what Security Levels mean in practice, the zones and conduits model, and how to reference 62443 in vendor contracts to actually improve your security posture.

OT Threat Landscape 2026: New Dragos Groups, Shrinking Exploit Windows, and the Visibility Crisis

Dragos's 2026 OT cybersecurity year-in-review identifies 26 threat groups specifically targeting operational technology -- including three newly tracked groups -- as exploit timelines compress to 24 days and fewer than one in ten OT networks have active monitoring. A practical analysis for OT security practitioners.

Default Credentials, Internet-Exposed PLCs, and the Unsophisticated Actor Problem

CISA's April 2026 joint advisory warns of Iranian-affiliated actors targeting internet-facing PLCs with basic techniques. The Poland energy attack demonstrated the real-world consequences. This analysis covers the threat, affected protocols, and what operators must do now.

Water Sector Cyber Threats 2026 -- From Oldsmar to Nation-State Pre-Positioning

Water and wastewater systems face a growing and diverse cyber threat -- from opportunistic attacks exploiting internet-exposed HMIs to sophisticated nation-state pre-positioning campaigns. This briefing covers the current threat landscape, attack vectors, and sector-specific defensive priorities.

NIS2 OT Compliance: What the 2026 Enforcement Wave Means for Industrial Operators

EU member states are now issuing the first formal NIS2 enforcement actions against operators of essential services. Industrial operators — energy utilities, water authorities, manufacturing firms, and transport operators — face binding cybersecurity obligations, supply chain security requirements, and 24-hour incident reporting duties that the prior NIS1 regime did not meaningfully enforce. What actually changed and what OT teams need to do.

CISA Advisory: ABB AC500 PLC Remote Code Execution in Manufacturing and Process Control

CISA has issued an advisory covering a critical remote code execution vulnerability in ABB's AC500 PLC series, one of the most widely deployed programmable logic controller families in European manufacturing, paper and pulp, food processing, and water infrastructure. The flaw affects the Modbus TCP server component and requires no authentication to exploit.

Claroty 2026 State of XIoT Security: OT Vulnerability Disclosures Hit New High

Claroty's annual State of XIoT Security report documents record-high vulnerability disclosures across operational technology, IoT, and connected medical devices. OT vulnerabilities now account for the majority of disclosed flaws, with critical infrastructure sectors facing compounded exposure from legacy device lifecycles and the accelerating advisory pace.

Volt Typhoon Pre-Positioning in US and UK OT Networks

China-nexus threat actor Volt Typhoon has systematically infiltrated operational technology networks across US and UK critical infrastructure sectors, establishing persistent footholds in energy, water, and communications systems for potential future disruption.

OT Network Segmentation: Purdue Model, DMZ Design, and Historian Isolation

A practical guide to network segmentation in OT environments, covering the Purdue Reference Model, industrial DMZ architecture, data historian isolation, and the tradeoffs between operational access and security posture.

Modbus and DNP3: Inherent Security Weaknesses in Legacy Industrial Protocols

Modbus and DNP3 were designed for reliability and interoperability, not security. An analysis of the structural security weaknesses in both protocols -- unauthenticated commands, lack of encryption, spoofing, and replay attacks -- and the compensating controls available to practitioners.

The OT Asset Inventory Problem: Visibility Gaps, Passive Discovery, and Unmanaged Devices

Most industrial operators cannot accurately enumerate the devices on their OT networks. This visibility gap is the foundational barrier to OT security -- you cannot protect what you cannot see. A practical look at passive discovery tools, the limits of vendor inventories, and strategies for building actionable asset visibility.