ICS Security Archives

Iran-Linked Hackers Target Internet-Exposed PLCs to Disrupt U.S. Critical Infrastructure

April 8, 2026

Cybersecurity authorities have issued warnings about a surge in attacks by Iran-linked threat actors targeting operational technology systems in the United States. These attacks are focused on internet-accessible industrial devices, particularly programmable logic controllers (PLCs), which are widely used in critical infrastructure environments. According to alerts from the Federal Bureau of Investigation (FBI), these intrusions have […]

Iran-Linked Hackers Target Internet-Exposed PLCs to Disrupt U.S. Critical Infrastructure Read More »

Attackers Use Web Server Exploits and Mimikatz to Target Asian Critical Infrastructure

March 9, 2026

High profile organizations across South Asia, Southeast Asia, and East Asia are being targeted in an ongoing cyber campaign believed to be conducted by a Chinese linked threat group. The attacks have been running for several years and primarily focus on organizations that play a critical role in national infrastructure. Security researchers from Palo Alto Networks

Attackers Use Web Server Exploits and Mimikatz to Target Asian Critical Infrastructure Read More »

CISA Adds Critical Hikvision and Rockwell Automation CVSS 9.8 Vulnerabilities to KEV Catalog

March 6, 2026

The U.S. Cybersecurity and Infrastructure Security Agency has added two high severity vulnerabilities affecting Hikvision and Rockwell Automation products to its Known Exploited Vulnerabilities (KEV) catalog after confirming evidence that the flaws are being actively exploited. Both vulnerabilities carry a CVSS score of 9.8, indicating a critical level of risk for affected systems. Vulnerability Affecting Hikvision Devices The first vulnerability, tracked as CVE-2017-7921,

CISA Adds Critical Hikvision and Rockwell Automation CVSS 9.8 Vulnerabilities to KEV Catalog Read More »

Two Critical Red Lion RTU Flaws Rated CVSS 10.0 Could Give Hackers Full Industrial Control

October 15, 2025

Cybersecurity researchers have disclosed two severe vulnerabilities in Red Lion Sixnet remote terminal units, RTUs, that together can allow unauthenticated attackers to gain root level code execution on affected devices. The issues, tracked as CVE-2023-40151 and CVE-2023-42770, carry the maximum CVSS score, 10.0, highlighting the high risk to industrial control systems across energy, water, transportation,

Two Critical Red Lion RTU Flaws Rated CVSS 10.0 Could Give Hackers Full Industrial Control Read More »

Russian Hackers Exploit 7-Year-Old Cisco Flaw to Steal Industrial Configs

August 21, 2025

A Russian state-backed cyber espionage group known as Static Tundra has been exploiting a seven-year-old flaw in Cisco networking devices to steal sensitive configuration data and maintain hidden access across critical infrastructure networks. This group, tied to Russia’s Federal Security Service (FSB) Center 16, has been targeting outdated and unpatched devices since 2015. Their operations

Russian Hackers Exploit 7-Year-Old Cisco Flaw to Steal Industrial Configs Read More »

CISA Issues Four ICS Advisories on Vulnerabilities and Exploits

August 21, 2025

On August 19, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released four detailed Industrial Control Systems (ICS) advisories, warning of serious security flaws in critical infrastructure sectors such as energy and manufacturing. The reported issues carry CVSS severity scores between 5.8 and 9.8, highlighting the urgent need for action from administrators and security teams.

CISA Issues Four ICS Advisories on Vulnerabilities and Exploits Read More »