Advertisement
ABB AWIN Gateways Authentication Bypass and DoS Vulnerabilities
Critical vulnerabilities in ABB AWIN GW100 and GW120 gateways could allow unauthenticated attackers to reboot devices or extract sensitive configuration data.
NSA GRASSMARLIN XXE Vulnerability CVE-2026-6807 — Mitigation Guide
CISA warns of a Medium-severity XXE vulnerability in NSA GRASSMARLIN. With the tool reaching end-of-life, defenders must address CVE-2026-6807 via decommissioning.
CVE-2025-65856: Authentication Bypass in Xiongmai XM530 IP Cameras
Critical authentication bypass (CVE-2025-65856) in Xiongmai XM530 IP Camera firmware allows unauthenticated remote access to video streams and sensitive data.
CVE-2026-27668: Privilege Escalation in Siemens RUGGEDCOM CROSSBOW
Authenticated User Administrators can escalate privileges in Siemens RUGGEDCOM CROSSBOW SAM-P versions prior to 5.8. Update to mitigate CVE-2026-27668 risks.
Silex SD-330AC and AMC Manager RCE via CVE-2026-32956 — Patch Now
Silex Technology devices face critical RCE and DoS risks via 13 vulnerabilities. Critical infrastructure defenders must update to firmware Ver 1.50 immediately.
Securing Serial-to-IP Devices: Mitigating Thousands of OT Bugs
Industrial serial-to-IP converters are riddled with thousands of vulnerabilities, posing a significant risk to legacy infrastructure and OT environments.
CVE-2026-5387: AVEVA Pipeline Simulation Privilege Escalation
Unauthenticated attackers can exploit CVE-2026-5387 in AVEVA Pipeline Simulation <=2025_SP1_build_7.1.9497.6351 to modify critical ICS simulation parameters and training
ICS Patch Tuesday: 8 Industrial Giants Patch Critical Vulnerabilities
Analysis of new security advisories from Siemens, Schneider Electric, and others regarding critical infrastructure vulnerabilities and remediation steps.
Iranian Actors Target Rockwell PLCs: 4,000 US Devices Exposed
Iranian-linked cyber actors have identified nearly 4,000 exposed US industrial control systems, primarily Rockwell Automation PLCs, raising critical infrastructure
CVE-2025-13926: Critical Flaw in Contemporary Controls BASC 20T
CISA warns of a CVSS 9.8 vulnerability in Contemporary Controls BASControl20 3.1. Attackers can forge packets to reconfigure or delete PLC components.
Iran-Linked Cyber Attacks Persist Despite Israel-Hezbollah Ceasefire
Iran-affiliated threat actors maintain operational tempo against US critical infrastructure, disregarding kinetic pauses in Middle East regional conflicts.
Iranian Hackers Targeting U.S. Critical Infrastructure via PLCs
U.S. agencies warn of Iran-linked hackers disrupting critical infrastructure by exploiting internet-exposed PLCs to manipulate data and halt operations.