Industrial Security


  • Three Steps to the Terminal: A Siemens ROX II Zero-Day Trilogy

    July 17, 2026

    Palo Alto Unit 42 conducted this research in close partnership with Siemens, reflecting their shared commitment to advancing the security and resilience of critical infrastructure. This report details a critical, chained exploit comprising three zero-day vulnerabilities (CVE-2025-40948, CVE-2025-40947, and CVE-2025-40949) discovered in Siemens ROX II operational technology (OT) switches. Successful exploitation of this chain would allow ...

  • Nissan says Oracle PeopleSoft break-in may have spilled payroll records, SSNs

    June 29, 2026

    Nissan has joined the growing list of Oracle customers cleaning up after a cyberattack, warning employees that payroll records, bank details, Social Security numbers, and other personal data may have been stolen. In a filing submitted to the California Attorney General on Friday, Nissan Americas said Oracle had informed it of “a cyber event” involving the personnel records ...

  • Russian hackers were behind $2.5B hack of Jaguar Land Rover

    June 26, 2026

    Last year, hackers attacked car giant Jaguar Land Rover (JPL), one of the U.K.’s biggest employers. The hack halted production for months and made a dent in the country’s economy. The damage was so severe that the U.K. government decided to bail out the company with a £1.5 billion (around $2 billion) payment, and estimates say the hack cost the British ...

  • Beware of the license manager: how a Schneider Electric software vulnerability puts industrial facilities at risk

    June 26, 2026

    The CVE-2024-2658 vulnerability was discovered in 2024 within the FlexNet Publisher component of the Schneider Electric Floating License Manager. This software handles license management across various Schneider Electric products used for comprehensive industrial automation ranging from PLC programming to centralized control room implementation. This vulnerability is a CWE-427: Uncontrolled Search Path Element issue. It stems from a system ...

  • Industrial robots targeted by malware, which could open them up to hacking

    May 25, 2026

    A critical command injection vulnerability has been discovered in Universal Robots PolyScope 5, the operating system whucg powers the company’s collaborative robots. The flaw, tracked as CVE-2026-8153, carries a CVSS score of 9.8 and affects all software versions prior to PolyScope 5.25.1. This vulnerability could lead to complete compromise of the robot controller, affecting the confidentiality, integrity, and availability ...

  • Ransomware hackers claim breach at Foxconn, a major electronics manufacturer for Apple, Google, and Nvidia

    May 13, 2026

    Electronics manufacturing giant Foxconn, which makes devices and components for Apple, Google, Nvidia, and Sony, among other tech giants, confirmed on Monday that it was hit by a cyberattack that may have affected some of its factories. In a statement sent to media outlets, Foxconn said that the cyberattack affected facilities in North America and that ...

  • Yarbo responds to robot flaws that could mow down their owners

    May 11, 2026

    A researcher found that Yarbo yard robots came with a host of vulnerabilities which, among others, allowed an attacker to harvest WiFi passwords. Security researcher Andreas Makris found he could remotely hijack thousands of Yarbo yard robots worldwide, and proved it by having his mower run him over. The root cause was a cluster of “legacy” design choices: ...

  • Poland says hackers breached water treatment plants, and the US is facing the same threat

    May 8, 2026

    Poland’s intelligence service said it detected attacks on five water treatment plants where hackers could have taken control of the industrial equipment inside, including, in the worst case, tampering with the safety of the water supply. The story is relevant beyond Poland’s borders: U.S. water infrastructure has faced similar threats in recent years. In 2021, a ...

  • CISA flags data-theft bug in NSA-built OT networking tool

    April 29, 2026

    The Cybersecurity and Infrastructure Security Agency (CISA) is warning anyone who uses GrassMarlin, a tool developed by the National Security Agency (NSA), about a new vulnerability that attackers can use to snoop on sensitive information. First reported by Grady DeRosa, senior industrial pentester at Dragos, the weak spot affects all versions of GrassMarlin, a tool developed ...

  • Adapting Zero Trust Principles to Operational Technology

    April 29, 2026

    Zero trust (ZT) offers a modern, adaptive approach to cybersecurity by eliminating implicit trust and continuously validating access based on identity, context, and risk. ZT principles assume a breach has already occurred and are designed to limit threat actor movement and potential damage. For operational technology (OT), applying ZT requires careful consideration because OT systems interact ...

  • Medtronic says ShinyHunters hackers stole around 9 million medical records in latest attack

    April 28, 2026

    Medtronic, one of the biggest medical device manufacturers in the world, has confirmed suffering a cyberattack in which crooks “accessed data in certain Medtronic corporate IT systems.” In a security notification published on its website, Medtronic said the attack does not affect its customers or products, and also stressed it will continue operating as usual, without ...

  • Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure

    April 7, 2026

    Iran-affiliated advanced persistent threat (APT) actors are conducting exploitation activity targeting internet-facing operational technology (OT) devices, including programmable logic controllers (PLCs) manufactured by Rockwell Automation/Allen-Bradley. This activity has led to PLC disruptions across several U.S. critical infrastructure sectors through malicious interactions with the project file and manipulation of data on human machine interface (HMI) and supervisory ...

  • UK manufacturers under cyber fire with 80% reporting attacks

    April 1, 2026

    Nearly 80 percent of British manufacturers say they’ve been hit by a cyber incident in the past year, as new research suggests disruption on the factory floor is no longer an exception but business as usual. According to security outfit ESET, 78 percent of UK manufacturers admit to suffering at least one cyber incident in the ...

  • Trio-Tech International hit by ransomware attack

    March 23, 2026

    Trio-Tech International initially shrugged off a ransomware attack at a Singapore subsidiary as immaterial, only to reverse course days later after discovering stolen data had been disclosed. The California-based semiconductor testing and burn-in services outfit said it detected a ransomware incident at a Singapore subsidiary on March 11, which led to the encryption of “certain files” ...

  • CISA warns max-severity n8n bug is being exploited in the wild

    March 12, 2026

    The US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that hackers are exploiting a max-severity remote code execution (RCE) vulnerability in workflow automation platform n8n. CISA urged all federal civilian executive branch (FCEB) agencies to patch CVE-2025-68613 at once because it carries a near-perfect 9.9 vulnerability score. The bug was first disclosed in December, and ...

  • Bring the Fight to the Edge: Turning Time Into an Advantage in OT Security

    February 24, 2026

    Industrial organizations are facing a growing paradox in cybersecurity. While operational technology (OT) environments are increasingly connected, most security strategies still assume threats will only materialize once attackers reach the plant floor. In reality, attacks that disrupt industrial operations rarely begin in OT environments. They originate upstream, progress over time and frequently exploit the persistent assumption ...

  • China remains embedded in US energy networks ‘for the purpose of taking it down’

    February 17, 2026

    Three new threat groups began targeting critical infrastructure last year, while a well-known Beijing-backed crew – Volt Typhoon – continued to compromise cellular gateways and routers, and then break into US electric, oil, and gas companies in 2025, according to Dragos’ annual threat report published on Tuesday. Dragos specializes in operational technology (OT) security, and as ...

  • Patch Tuesday – February 2026

    February 11, 2026

    Microsoft is publishing 55 vulnerabilities this February 2026 Patch Tuesday. Microsoft is aware of exploitation in the wild for six of today’s vulnerabilities, and notes public disclosure for three of those. Earlier in the month, All three of the publicly disclosed zero-day vulnerabilities published today are security feature bypasses, and Microsoft acknowledges the same cast of ...

  • Dynowiper: Destructive Malware Targeting Poland’s Energy Sector

    February 6, 2026

    The coordinated destructive campaign against critical energy infrastructure occurred on December 29, 2025, during a period of severe winter weather in Poland. According to CERT Polska’s report, the campaign targeted: 30+ wind and solar farms across Poland; A major CHP plant supplying heat to nearly half a million customers; A manufacturing sector company characterized as an ...

  • CVE-2026-21858: Maximum-severity n8n flaw lets randos run your automation server

    January 8, 2026

    A maximum-severity bug in the popular automation platform n8n has left an estimated 100,000 servers wide open to complete takeover, courtesy of a flaw so bad it doesn’t even require logging in. The vulnerability, uncovered by researchers at security outfit Cyera, carries a CVSS score of 10.0 and has been dubbed “ni8mare” for good reason. Tracked ...