Advertisement
CVE-2026-5387: AVEVA Pipeline Simulation Privilege Escalation
Unauthenticated attackers can exploit CVE-2026-5387 in AVEVA Pipeline Simulation <=2025_SP1_build_7.1.9497.6351 to modify critical ICS simulation parameters and training
ICS Patch Tuesday: 8 Industrial Giants Patch Critical Vulnerabilities
Analysis of new security advisories from Siemens, Schneider Electric, and others regarding critical infrastructure vulnerabilities and remediation steps.
Iranian Actors Target Rockwell PLCs: 4,000 US Devices Exposed
Iranian-linked cyber actors have identified nearly 4,000 exposed US industrial control systems, primarily Rockwell Automation PLCs, raising critical infrastructure
CVE-2025-13926: Critical Flaw in Contemporary Controls BASC 20T
CISA warns of a CVSS 9.8 vulnerability in Contemporary Controls BASControl20 3.1. Attackers can forge packets to reconfigure or delete PLC components.
Iran-Linked Cyber Attacks Persist Despite Israel-Hezbollah Ceasefire
Iran-affiliated threat actors maintain operational tempo against US critical infrastructure, disregarding kinetic pauses in Middle East regional conflicts.

Iranian Hackers Targeting U.S. Critical Infrastructure via PLCs
U.S. agencies warn of Iran-linked hackers disrupting critical infrastructure by exploiting internet-exposed PLCs to manipulate data and halt operations.
Mitsubishi Electric ICS Vulnerabilities Expose SQL Credentials
High-severity vulnerabilities (CVE-2025-14815, CVE-2025-14816) in Mitsubishi Electric ICS/SCADA products risk SQL credential exposure and data compromise.
Ivanti Connect Secure RCE: Internal Network Vulnerability Detection
Analyze the impact of Ivanti Connect Secure vulnerabilities and learn how to conduct internal network vulnerability scanning for Ivanti appliances to detect flaws.
Yokogawa CENTUM VP CVE-2025-7741 Hardcoded Password Patch Guidance
CISA identifies a hardcoded password in Yokogawa CENTUM VP (CVE-2025-7741). Learn how to secure the PROG account and apply the R7.01.10 patch now.
CVE-2026-3356: Anritsu Remote Spectrum Monitor Authentication Bypass
Critical CVE-2026-3356 allows authentication bypass in Anritsu Remote Spectrum Monitors. Attackers can alter settings, obtain sensitive data, and disrupt device
CVE-2026-3587: WAGO Switches CLI Escape Leads to Full Device Compromise
Critical flaw CVE-2026-3587 in WAGO Industrial Managed Switches allows unauthenticated remote attackers to fully compromise devices via CLI escape. Update firmware
Schneider Electric Plant iT/Brewmaxx RCE via Multiple Redis Vulnerabilities
Multiple critical and high-severity vulnerabilities in Schneider Electric Plant iT/Brewmaxx 9.60+ (Redis component) enable RCE and privilege escalation, affecting