ICS security Archives • Daily CyberSecurity

Critical Eppendorf Bioreactor Security Flaw Disclosed

Do Son June 1, 2026

An urgent industrial control security warning has been issued for laboratory facilities. Specifically, researchers discovered a critical...

The Global Surge in Modbus/TCP Probes Targeting Our Physical World Modbus Exploitation ICS Security

The Global Surge in Modbus/TCP Probes Targeting Our Physical World

Do Son April 24, 2026

Between September and November 2025, a massive wave of suspicious activity targeted industrial control systems worldwide, proving...

Critical 9.3 Flaw Lets Outsiders Hijack AVEVA Pipeline Simulations AVEVA Pipeline Simulation Flaw CVE-2026-5387

Critical 9.3 Flaw Lets Outsiders Hijack AVEVA Pipeline Simulations

Do Son April 18, 2026

Industrial software giant AVEVA has issued a critical security advisory for its Pipeline Simulation platform, warning of...

Altium Enterprise Server Vulnerability CVE-2026-9129 Path Traversal Patreon OAuth Vulnerability Identity Collision DRC INSIGHT Vulnerability Exam Data Hijacking Horner Automation PLC Industrial Brute Force Honeywell IQ4x Vulnerability CVE-2026-3611 DJI Romo vacuum security flaw Python Cryptography Vulnerability CVE-2026-26007 Open5GS Vulnerability CVE-2026-0622 Vivotek IP7137 Vulnerabilities CVE-2025-66049 Forcepoint DLP Vulnerability CVE-2025-14026 Cellopoint Secure Email Gateway - CVE-2024-9043

Critical 9.1 CVSS Flaw in Horner Automation PLCs Invites Industrial Takeovers

Do Son April 17, 2026

A security flaw has been identified in industrial control systems manufactured by Horner Automation, posing a significant...

Critical Alert: Iranian-Affiliated Actors Target U.S. Infrastructure via Industrial Control Systems Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

Harvester APT Linux Backdoor OT Cyberattack Iranian APT Operation Olalampo MuddyWater APT Prince of Persia APT, Tonnerre v50 Patchwork APT, DLL Sideloading Subtle Snail, cyber espionage ShadowSilk, cyber espionage Volt Typhoon APT Group - Chinese Cybersecurity Firm

Critical Alert: Iranian-Affiliated Actors Target U.S. Infrastructure via Industrial Control Systems

Do Son April 8, 2026

In a major joint advisory released on April 7, 2026, a coalition of U.S. federal agencies—including the...

Critical RCE and SQLi Flaws Shatter mbCONNECT24 Industrial Security mbCONNECT24 Vulnerabilities Industrial RCE

Critical RCE and SQLi Flaws Shatter mbCONNECT24 Industrial Security

Do Son April 6, 2026

In a significant alert for the industrial automation sector, CERT@VDE has disclosed a series of high-severity vulnerabilities...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Critical 9.8 CVSS Flaw in Pharos Mosaic Controllers Grants Root Access to Unauthenticated Attackers

Do Son March 27, 2026

A security advisory has been issued by CISA regarding a critical vulnerability discovered in Pharos Controls’ Mosaic...

Bridge or Backdoor? Critical 9.8 RCE Flaw Threatens Helmholz Industrial Networks Helmholz myREX24V2 Industrial RCE

Bridge or Backdoor? Critical 9.8 RCE Flaw Threatens Helmholz Industrial Networks

Do Son March 24, 2026

Industrial connectivity specialist Helmholz GmbH & Co. KG has issued an urgent security advisory regarding multiple vulnerabilities...

The Default Danger: Maximum 10.0 CVSS Vulnerability Leaves Honeywell IQ4x Controllers Wide Open

Do Son March 11, 2026

A critical security flaw has been uncovered in the Honeywell IQ4x Building Management System (BMS) Controller family,...

Industrial Alert: Critical Stored XSS Vulnerability Discovered in Siemens SIMATIC S7-1500 Siemens SIMATIC Vulnerability CVE-2025-40943 CVE-2024-47901 - Siemens InterMesh system CVE-2025-40804 Siemens SIVaaS

Siemens SIMATIC Vulnerability CVE-2025-40943 CVE-2024-47901 - Siemens InterMesh system CVE-2025-40804 Siemens SIVaaS

Industrial Alert: Critical Stored XSS Vulnerability Discovered in Siemens SIMATIC S7-1500

Do Son March 11, 2026

A high-severity security flaw has been uncovered in the Siemens SIMATIC S7-1500 CPU family, a cornerstone of...

Critical RCE Vulnerabilities Uncovered in Janitza and Weidmueller Energy Meters Energy Meter RCE CVE-2025-41709 ICS Exposure, Power Grid Security CVE-2025-1393 & CVE-2024-23943

Energy Meter RCE CVE-2025-41709 ICS Exposure, Power Grid Security CVE-2025-1393 & CVE-2024-23943

Critical RCE Vulnerabilities Uncovered in Janitza and Weidmueller Energy Meters

Do Son March 11, 2026

Energy management systems are under the microscope following a security advisory from CERT@VDE, which reveals multiple critical...

Critical 9.8 CVSS Flaws Expose SICK Lector Scanners to Hijacking SICK Lector Vulnerability CVE-2026-2331 CVE-2022-0778 and CVE-2025-0867

Critical 9.8 CVSS Flaws Expose SICK Lector Scanners to Hijacking

Do Son March 10, 2026

In a significant update for the industrial automation sector, SICK PSIRT has issued a high-priority security advisory...

Critical Infrastructure Alert: Unauthenticated Flaw in Labkotec Ice Detectors Could Freeze Operations Labkotec LID-3300IP CVE-2026-1775 ASUSTOR ADM Vulnerability CVE-2026-3179 Russian Cyberattacks - Security Operations Center

Labkotec LID-3300IP CVE-2026-1775 ASUSTOR ADM Vulnerability CVE-2026-3179 Russian Cyberattacks - Security Operations Center

Critical Infrastructure Alert: Unauthenticated Flaw in Labkotec Ice Detectors Could Freeze Operations

Do Son March 5, 2026

Cybersecurity authorities have issued a stark warning regarding a critical vulnerability in Labkotec’s LID-3300IP, a widely deployed...

Industrial Sabotage Risk: Critical Airleader Flaw (CVSS 9.8) Exposed

Do Son February 16, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert regarding a critical security vulnerability...

Critical ZLAN5143D Flaws (CVSS 9.8) Allow Total Takeover, No Patch Available

Do Son February 16, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding high-severity vulnerabilities in industrial connectivity...

Factory Flaw: Critical WAGO Switch Vulnerabilities (CVSS 9.8) Allow Remote Takeover

Do Son February 11, 2026

A cluster of critical vulnerabilities has been discovered in WAGO’s 852 series Industrial Managed Switches, leaving operational...

Industrial Alert: Critical Auth Bypass (CVSS 9.2) Hits Moxa Switches Moxa Linux kernel vulnerabilities Moxa Vulnerability CVE-2024-12297 Moxa OpenSSH Vulnerability CVE-2023-38408 CVE-2023-5961 - CVE-2024-9138 and CVE-2024-9140

Moxa Linux kernel vulnerabilities Moxa Vulnerability CVE-2024-12297 Moxa OpenSSH Vulnerability CVE-2023-38408 CVE-2023-5961 - CVE-2024-9138 and CVE-2024-9140

Industrial Alert: Critical Auth Bypass (CVSS 9.2) Hits Moxa Switches

Do Son February 5, 2026

Industrial networking giant Moxa has issued a high-severity security advisory urging customers to patch a wide range...

New Offensive OT Framework Targeting Energy Infrastructure Emerges on Dark Web ICS Offensive Framework APT IRAN

New Offensive OT Framework Targeting Energy Infrastructure Emerges on Dark Web

Do Son February 2, 2026

A new threat to industrial control systems (ICS) has surfaced on the dark web, signaling a potential...

Smart Buildings at Risk: Critical Johnson Controls Flaw (CVSS 10) Allows Remote SQL Injection

Do Son January 30, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a maximum-severity vulnerability affecting Johnson...

Siemens Issues Critical Alert for Maximum 10.0 Vulnerability in Industrial Systems Siemens Edge Vulnerability CVE-2025-40805 CVE-2024-32741 - CVE-2025-27494 Siemens, Industrial Edge, CVE-2024-54092

Siemens Edge Vulnerability CVE-2025-40805 CVE-2024-32741 - CVE-2025-27494 Siemens, Industrial Edge, CVE-2024-54092

Siemens Issues Critical Alert for Maximum 10.0 Vulnerability in Industrial Systems

Do Son January 14, 2026

Siemens has issued an urgent security warning for operators of its Industrial Edge ecosystem, disclosing a critical...

Critical Alert 1 Active Exploit Detected Today