🚨 CRITICAL (CVSS 10.0): CVE-2026-25632 in WaterFutures EPyT-Flow (<0.16.1) — attacker-controlled JSON allows OS command execution via unsafe deserialization. Upgrade to 0.16.1+ ASAP. Monitor for suspicious activity. https://radar.offseq.com/threat/cve-2026-25632-cwe-502-deserialization-of-untruste-d8f5be65 #OffSeq #CVE202625632 #infosec #OTsecurity

Conpet has confirmed a cyberattack that disrupted IT systems and web services, while stating that OT, SCADA, and pipeline transport operations were not impacted.

The Qilin ransomware group has claimed responsibility, alleging large-scale data theft. The incident reinforces a recurring pattern: ransomware groups targeting IT environments in energy and utility sectors, potentially setting the stage for follow-on pressure through data leaks rather than operational sabotage.

💬 What controls actually matter most in IT–OT separation during ransomware incidents?

🔔 Follow @technadu for continuous critical infrastructure threat coverage

#Ransomware #OTSecurity #SCADA #CriticalInfrastructure #EnergySector #ThreatIntelligence #TechNadu #InfoSecCommunity

🔴 Wake-up call for critical infrastructure security:

CERT Polska’s recent report on an energy sector cyber incident is a stark reminder that modern attacks on critical infrastructure are no longer just about data — it's about disruption and destruction.

https://cert.pl/uploads/docs/CERT_Polska_Energy_Sector_Incident_Report_2025.pdf

#OTSecurity #ICS #CriticalInfrastructure #CyberResilience #IndustrialSecurity

ICS[AP] Dashboards are updated with the 10 CISA Advisories released on 2/5/26:

TP-Link Systems Inc.: 1 New
Mitsubishi Electric: 1 New | 1 Update
o6 Automation GmbH: 1 New
Ilevia: 1 New
Hitachi Energy: 2 New | 1 Update
D-Link, Sparsh Securitech, Securus CCTV: 1 Update
KiloView: 1 Update

www.icsadvisoryproject.com
#icssecurity
#otsecurity
#vulnerabilitymanagement

ICS[AP] Dashboards are updated with the 10 CISA Advisories released on 2/3/26:

Mitsubishi Electric: 1 New | 1 Update
Avation: 1 New
RISS SRL: 1 New
Synectix: 1 New
Hitachi Energy: 2 Update
Rockwell Automation: 1 Update
Schneider Electric: 1 Update
Ubia: 1 Update

www.icsadvisoryproject.com
#icssecurity
#otsecurity
#vulnerabilitymanagement

30 Jahre alt und läuft noch – bei Schuhen vielleicht charmant, bei Betriebssystemen eher… sagen wir: sportlich. Windows 95, Windows 3.11, DOS‑Disketten im täglichen Einsatz: Die Beispiele aus Bahn, Metro, Behörden und sogar Geldausgabeautomaten zeigen eindrucksvoll, dass Legacy‑Systeme nicht nur in Kellern stehen, sondern mitten im operativen Herzschlag großer Organisationen. #CyberSecurity #LegacySysteme #Windows95 #OTSecurity #EOL

🏭 USB over IP for Industrial Automation and PLC Programming

Industrial automation teams often rely on USB PLC programmers, USB-to-Serial adapters, and FTDI devices that are locked to specific sites. USB over IP removes this limitation by enabling secure remote access for PLC programming, diagnostics, firmware updates, and maintenance.

Learn more 👉️https://usbmanager.net/usb-over-ip-for-industrial-automation-and-plc-programming/

#USBoverIP #IndustrialAutomation #PLCProgramming #OTSecurity #RemoteMaintenance #SmartFactory

CERT.PL's report on the coordinated attacks against Polish infrastructure. Adversaries used all manner of destructive techniques: firmware corruption, wipers, SSH commands, FTP deletes, factory resets, even booted Tiny Core Linux on KVM to DD-wipe servers.

They targeted a grid connection point, CHP plant, and a manufacturing site. The forensic reconstruction and malware analysis is excellent. Worth a read for the technical depth.

https://cert.pl/en/posts/2026/01/incident-report-energy-sector-2025/

#ICS #OTSecurity

ICS[AP] Dashboards are updated with the 6 CISA Advisories released on 1/29/26:

KiloView: 1 New
Rockwell Automation: 2 New
BrightSign: 1 Update
Mitsubishi Electric Iconics Digital Solutions: 1 Update
Mitsubishi Electric: 1 Update

www.icsadvisoryproject.com
#icssecurity
#otsecurity
#vulnerabilitymanagement

Dragos reports a cyberattack affecting OT control and communications at ~30 distributed energy facilities tied to Poland’s power grid.

No transmission impact or outages occurred, but adversaries reportedly accessed operational systems and disabled some equipment. The case highlights growing risk across decentralized energy assets that depend heavily on remote access and often receive limited OT security investment.

Source: https://therecord.media/poland-electrical-grid-cyberattack-30-facilities-affected

What controls matter most for distributed grid resilience?

Share insights and follow @technadu

#OTSecurity #ICS #CriticalInfrastructure #EnergyCyber #ThreatActors #GridSecurity #CyberDefense

ICS[AP] Dashboards are updated with the 4 CISA Advisories released on 1/27/26:

iba Systems: 1 New
Festo Didactic SE: 1 New | 1 KEV Match - CVE-2019-11043
Schneider Electric: 1 New
Johnson Controls Inc.: 1 New

www.icsadvisoryproject.com
#icssecurity
#otsecurity
#vulnerabilitymanagement

This is the first known attack on DERs. Attackers compromised RTUs at 30 different sites. The report has an overview, defensive guidance, and a comparison to past ELECTRUM ops.
Hats off to CERT Polska for leading the charge, and kudos to our Intel team for the hard work.

https://hubs.la/Q040Bwpg0

#ICS #otsecurity

ICS[AP] Dashboards are updated with the 10 CISA Advisories released on 1/22/26:

Schneider Electric: 1 New
AutomationDirect: 1 New
Rockwell Automation: 1 New
Johnson Controls Inc.: 1 New
Weintek : 1 New
Hubitat: 1 New
Delta Electronics: 1 New
EVMAPA: 1 New
Axis Communications: 1 Update
Hitachi Energy: 1 Update

www.icsadvisoryproject.com
#icssecurity
#otsecurity
#vulnerabilitymanagement

Are you like other 🇺🇸 #Federal agencies concerned about budget and delaying critical #OTsecurity projects?

You can address the key first step in #OT and CPS security with comprehensive and accurate #AssetDiscovery in minutes with Claroty Edge.

🚫 New hardware
🚫 Switch upgrades

ℹ️ Learn more: https://claroty.com/platform/edge

📁 Download the 'Guardians of Government, Vol. 2: Fortifying the Cyber-Physical Frontier' report: https://claroty.com/resources/reports/guardians-of-government-vol-2-fortifying-the-cyber-physical-frontier

Securing the decentralized energy grid is one of the most urgent—and overlooked—cybersecurity challenges of our time.

Wind turbines, solar installations, battery storage systems: thousands of distributed assets, thousands of potential entry points, often with no technical staff on-site.

In this Brand Story, we sit down with Rafael Narezzi, Co-Founder and CEO of Cyber Energia, to explore:
→ Why asset owners are now personally liable under regulations like NIS 2.0
→ How a single cyber incident could cost a 98MW wind site $1.9 million in just one week
→ Why the industry built infrastructure at the speed of capital, not security maturity
→ How Cyber Energia translates technical risk into the financial language executives need

"A CEO before the attack is a different CEO after the attack."

🎬 Watch: https://youtu.be/nXulWSlwjl0

🎧 Listen: https://itspmagazine.simplecast.com/episodes/securing-the-decentralized-energy-grid-a-brand-story-conversation-with-rafael-narezzi-of-cyber-energia

__________________________________
This Brand Story was hosted by Sean Martin, CISSP and produced by Studio C60—strategic brand storytelling for cybersecurity and #technology companies.

🔗 studioC60.com

#Cybersecurity #OTSecurity #RenewableEnergy #CriticalInfrastructure #NIS2 #GridSecurity #EnergyTransition #CISO Paula Averley, Origin Communications

⚙️ OT Security When Cyber Hits the Physical World
Cyber incidents can disrupt industrial operations and critical infrastructure. Protect OT with segmentation, access control, and monitoring. 🔒⚡

#CyberSecurity #OTSecurity #InfosecK2K

ICS[AP] Dashboards are updated with the 6 CISA Advisories released on 1/20/26:

Schneider Electric: 2 New | 2 Updates
Rockwell Automation: 1 New
Mitsubishi Electric: 1 Update

www.icsadvisoryproject.com
#icssecurity
#otsecurity
#vulnerabilitymanagement

ICS[AP] Dashboards are updated with the 15 CISA Advisories released on 1/15/26:

Siemens: 9 New
Schneider Electric: 1 New
Festo: 1 New
AVEVA: 1 New
Axis Communications: 1 Update
Mitsubishi Electric Iconics Digital Solutions, Mitsubishi Electric: 2 Updates

www.icsadvisoryproject.com
#icssecurity
#otsecurity
#vulnerabilitymanagement

It's been a busy 24 hours in the cyber world with significant updates on recent breaches, major cybercrime infrastructure takedowns, a raft of critical vulnerabilities, and ongoing discussions around AI's impact on security and privacy. Let's dive in:

Recent Cyber Attacks and Breaches ⚠️

- South Korean conglomerate Kyowon Group has confirmed a ransomware attack that disrupted operations and led to the exfiltration of customer data, potentially impacting over 9.6 million accounts.
- In the UK, West Midlands Police are investigating a data breach at a GP surgery in Walsall, with a staff member accused of theft and released on bail.
- These incidents highlight the persistent threat of ransomware and insider threats, even for organisations with significant customer bases or sensitive data.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/south-korean-giant-kyowon-confirms-data-theft-in-ransomware-attack/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/15/woman_bailed_following_doctors_office/

Cybercrime-as-a-Service Disrupted: RedVDS Takedown 🚨

- Microsoft, in a coordinated international effort with Europol and German authorities, has disrupted RedVDS, a massive cybercrime-as-a-service platform.
- RedVDS offered disposable virtual Windows cloud servers for as little as $24 a month, enabling criminals to conduct mass phishing, BEC schemes, and account takeovers, leading to an estimated $40 million in US fraud losses since March 2025.
- The operation involved civil lawsuits in the US and UK, seizing malicious infrastructure and taking RedVDS's marketplace offline, revealing that its customers often leveraged AI tools like ChatGPT to craft more convincing phishing lures and impersonations.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/microsoft-seizes-servers-disrupts-massive-redvds-cybercrime-platform/
📰 The Hacker News | https://thehackernews.com/2026/01/microsoft-legal-action-disrupts-redvds.html
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/15/microsoft_uk_courts_redvds/

AI Prompt Injection Risks in Anthropic's Cowork 🧠

- PromptArmor researchers have demonstrated that Anthropic's new Cowork productivity AI is vulnerable to a Files API exfiltration attack chain, a prompt injection risk previously reported and acknowledged but not fully fixed by Anthropic for Claude Code.
- The attack allows Cowork to be tricked into transmitting sensitive files from connected local folders to an attacker's Anthropic account without additional user approval.
- Anthropic acknowledges prompt injection as an industry-wide issue and advises users to avoid connecting Cowork to sensitive documents, limit its Chrome extension to trusted sites, and monitor for suspicious actions, placing the onus on users to manage this complex risk.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/15/anthropics_claude_bug_cowork/

Critical Vulnerabilities and Active Exploitation 🛡️

- **Modular DS WordPress Plugin:** A maximum severity flaw (CVE-2026-23550) in Modular DS (versions 2.5.1 and older), used by over 40,000 WordPress sites, is being actively exploited to bypass authentication and gain admin-level privileges. Users should update to version 2.5.2 immediately.
- **AWS CodeBuild Misconfiguration:** A critical misconfiguration (dubbed CodeBreach) in AWS CodeBuild's webhook filters allowed researchers to take over AWS's own GitHub repositories, including the JavaScript SDK, by bypassing ACTOR_ID filters due to unanchored regex patterns. AWS has since fixed the issue, confirming no customer impact.
- **Google Fast Pair Protocol:** A critical vulnerability (CVE-2025-36911, WhisperPair) in Google's Fast Pair protocol affects hundreds of millions of Bluetooth audio devices, allowing unauthenticated attackers to forcibly pair, track users via Google's Find Hub, and eavesdrop on conversations. Firmware updates from manufacturers are the only defence.
- **Palo Alto Networks PAN-OS DoS:** Palo Alto Networks patched a high-severity DoS vulnerability (CVE-2026-0227) affecting PAN-OS 10.1+ and Prisma Access when GlobalProtect is enabled, allowing unauthenticated attackers to disable firewall protections. While not actively exploited yet, immediate patching is advised given past active exploitation of similar flaws.
- **Delta Industrial PLCs:** Researchers found three critical (CVSS 9.1-9.8) and one high-severity vulnerability in Delta Electronics DVP-12SE11T PLCs, popular in Asian industrial sites, which could allow authentication bypass, password information leakage, or device freezing. Patching is crucial, though challenging in OT environments.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/hackers-exploit-modular-ds-wordpress-plugin-flaw-for-admin-access/
📰 The Hacker News | https://thehackernews.com/2026/01/aws-codebuild-misconfiguration-exposed.html
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/15/codebuild_flaw_aws/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/critical-flaw-lets-hackers-track-eavesdrop-via-bluetooth-audio-devices/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/palo-alto-networks-warns-of-dos-bug-letting-hackers-disable-firewalls/
💡 Dark Reading | https://www.darkreading.com/ics-ot-security/critical-bugs-delta-industrial-plcs

Threat Landscape Commentary 📊

- **Oceania's Shifting Targets:** New data from Cyble indicates a shift in attacker focus in Australia and New Zealand from critical infrastructure to non-critical sectors like retail, professional services, and construction, driven by the efficiency of targeting less secure, data-rich environments. Initial access brokers and major ransomware groups like INC, Qilin, Lynx, Akira, and Dragonforce are capitalising on these softer targets.
- **AI Normalises Foreign Influence:** A report from the Foundation for Defense of Democracies highlights how AI, particularly LLMs, inadvertently normalises foreign propaganda by prioritising readily available state-aligned media in citations, as credible independent news sources are often behind paywalls or block AI scraping. This creates a structural issue where users seeking unbiased information are directed towards state-controlled narratives.
- **Vulnerability Reporting Surge:** 2025 saw a record 48,177 CVEs assigned, marking the ninth consecutive year of increase. This surge is attributed more to a healthier, expanding vulnerability reporting ecosystem (especially from WordPress security firms and the Linux Kernel CNA) and the use of LLMs by novice researchers, rather than a direct increase in cyber risk. However, data quality issues in the NVD persist, complicating patching efforts.

💡 Dark Reading | https://www.darkreading.com/cybersecurity-analytics/retail-services-industries-oceania
🤫 CyberScoop | https://cyberscoop.com/the-quiet-way-ai-normalizes-foreign-influence/
💡 Dark Reading | https://www.darkreading.com/cybersecurity-analytics/vulnerabilities-surge-messy-reporting-blurs-picture

Data Privacy and Regulatory Action 🔒

- **GM Banned from Selling Driver Data:** The US Federal Trade Commission (FTC) has finalised an order banning General Motors (GM) and its subsidiary OnStar from selling drivers' precise location and driving behaviour data to consumer reporting agencies for five years. This follows allegations that GM collected data without consent via its "Smart Driver" feature, leading to higher insurance rates.
- **Google Settles Children's Privacy Lawsuit:** Google has agreed to pay $8.25 million to settle a class-action lawsuit alleging it illegally collected data from children under 13 via Android Play Store apps using its AdMob SDK, despite developers pledging COPPA compliance. This follows a separate $30 million settlement regarding YouTube's collection of children's data.

🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/ftc-bans-general-motors-from-selling-drivers-location-data-for-five-years/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/15/ftc_gm_tracking_ban/
🗞️ The Record | https://therecord.media/google-youtube-lawsuit-settle

Regulatory Scrutiny on X and AI Content ⚖️

- Ofcom, the UK communications regulator, is continuing its formal investigation into X (formerly Twitter) despite the platform's announcement that it has implemented measures to block its AI chatbot, Grok, from generating non-consensual sexualised images of people.
- X's changes include technological blocks on "nudifying" images and geoblocking the creation of images of real people in revealing clothing in jurisdictions where it's illegal, applying to all users, including paid subscribers, after initial attempts to limit it to paid users drew strong criticism.
- California's Attorney General has also opened an investigation into X over the issue, highlighting growing international pressure on AI platforms to address the creation and dissemination of non-consensual intimate images.

🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/15/ofcom_grok_probe/
🗞️ The Record | https://therecord.media/musk-x-grok-block-sexual

Government Cyber Strategy and Leadership 🏛️

- **Germany-Israel Cyber Cooperation:** Germany and Israel have signed a cyber and security cooperation agreement to counter cyber threats and bolster critical infrastructure protection. Germany aims to build its own "cyber dome" based on Israel's semi-automated real-time cyber defence system, exchanging expertise and jointly developing new tools.
- **NSA/Cyber Command Nominee:** Army Lt. Gen. Joshua Rudd, the Trump administration's nominee to lead both US Cyber Command and the National Security Agency, defended his record during a Senate hearing, addressing concerns about his lack of direct digital warfare and intelligence experience by emphasising his leadership background and reliance on the organisations' talent.

🗞️ The Record | https://therecord.media/germany-cyber-dome-israel
🗞️ The Record | https://therecord.media/nsa-cyber-command-nom-joshua-rudd-senate-hearing

#CyberSecurity #ThreatIntelligence #Ransomware #Vulnerabilities #ZeroDay #SupplyChainAttack #AI #PromptInjection #DataPrivacy #RegulatoryCompliance #Cybercrime #InfoSec #IncidentResponse #OTSecurity #ICS

Angriffsphasen verstehen: Cyber-Kill-Chain in Unternehmens-IT und Industrieanlagen

Cyberangriffe folgen einem erkennbaren Muster, das sich systematisch in Phasen unterteilen lässt. Das etablierte Kill-Chain-Modell bietet Sicherheitsverantwortlichen einen Rahmen zur Analyse und Verteidigung.

https://www.all-about-security.de/angriffsphasen-verstehen-cyber-kill-chain-in-unternehmens-it-und-industrieanlagen/

#CyberKillChain #Cyberangriffe #cybersecurity #OTsecurity