As operational technology (OT), industrial control systems (ICS), and Internet of Things (IoT) environments become increasingly interconnected, the cyber threat landscape continues to evolve with growing complexity and sophistication. Today’s briefing highlights critical developments affecting water infrastructure, industrial PLC exposures, ransomware trends, military OT cybersecurity initiatives, and a severe vulnerability in a popular IoT platform.
ZionSiphon OT Malware Targets Israeli Water Treatment and Desalination Systems
Darktrace has revealed an advanced OT-focused malware named ZionSiphon, engineered to infiltrate and manipulate Israeli water treatment and desalination facilities. By exploiting industrial control system protocols, this malware poses a significant threat to critical water infrastructure, signaling an alarming escalation in cyberattacks against operational technology environments.
Source: Darktrace
CISA Advisory AA26-097A: Iran-Linked Actors Exploit 5,200+ Exposed Industrial PLCs Across U.S. Infrastructure
Network Threat Detection reports over 5,200 industrial programmable logic controllers (PLCs) are publicly exposed online, with nearly three-quarters located in the U.S., predominantly affecting government, water, and energy sectors. CISA’s April 7 advisory warns of active exploitation by Iran-linked actors who probe critical OT ports and use legitimate vendor tools to evade detection and gain unauthorized access.
Source: National Today
GuidePoint Q1 2026 Report: Ransomware Settles Into Elevated ‘New Normal,’ Manufacturing Remains Top Target
GuidePoint Security’s Q1 2026 report reveals ransomware attacks have stabilized at a higher baseline, with the United States accounting for over half of all incidents. Manufacturing continues to be the most affected sector, and new ransomware-as-a-service groups like “The Gentlemen” are rapidly expanding. Additionally, threat actors are increasingly favoring data theft and extortion-only tactics over traditional encryption-based attacks.
Source: Industrial Cyber
U.S. Air Force Launches First Military OT Cybersecurity Office (CROCS) to Secure Critical Base Infrastructure
The U.S. Air Force has inaugurated the Cyber Resiliency Office for Control Systems (CROCS), its first dedicated OT cybersecurity office. Operational since 2024, CROCS centralizes OT security efforts, including assessments, mitigation, and training for base infrastructure systems such as HVAC, fuel depots, and access controls. It also secured OT security funding within the Department of Defense’s five-year budget planning.
Source: DataBreaches Today
Critical CVSS 10 Vulnerability (CVE-2026-39842) in OpenRemote IoT Platform Enables Full Server Takeover
Researchers disclosed CVE-2026-39842, a critical expression injection vulnerability in OpenRemote’s IoT management platform that allows users with “write:rules” permissions to execute arbitrary code and fully compromise servers. Due to the lack of sandboxing in the rules engine, this flaw enables attackers to control all connected IoT devices. Immediate upgrade to version 1.22.0 is strongly recommended to mitigate this high-severity threat.
Source: Security Online
As OT, ICS, and IoT environments face increasingly sophisticated threats, maintaining vigilance through proactive security measures and timely patching remains essential to safeguarding critical infrastructure and connected assets.
