As operational technology (OT), industrial control systems (ICS), and Internet of Things (IoT) environments continue to expand, the security landscape grows increasingly complex. Threat actors are developing more sophisticated tools targeting critical infrastructure, emphasizing the urgent need for vigilance and proactive defense strategies.
ZionSiphon Malware Targets ICS in Israeli Water Facilities
Darktrace researchers have uncovered ZionSiphon, a politically motivated malware aimed at sabotaging Israeli water treatment and desalination systems. The malware exploits OT protocols such as Modbus, DNP3, and S7 to manipulate hydraulic pressure and chlorine levels, spreading via USB media and using PowerShell for privilege escalation. Although a logic flaw currently limits its full impact, ZionSiphon signals a worrying rise in nation-state-grade OT malware targeting critical infrastructure.
Source: Security Affairs
CISA Adds Apache ActiveMQ RCE Flaw (CVE-2026-34197) to Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has listed CVE-2026-34197, a critical remote code execution vulnerability in Apache ActiveMQ, in its Known Exploited Vulnerabilities catalog. The flaw allows authenticated attackers to execute arbitrary code through the Jolokia JMX-HTTP bridge, posing risks to enterprise messaging systems widely used in OT and ICS environments. Federal agencies must patch the vulnerability by April 30, 2026, while private organizations are strongly urged to remediate immediately.
Source: Security Affairs / CISA
Emerson and OPSWAT Partner to Embed OT Patch Management into Ovation Platform
Emerson and OPSWAT have formed a global strategic partnership to integrate OPSWAT’s MetaDefender Endpoint and My OPSWAT Central Management On-Premises into Emerson’s Ovation Automation Platform. This collaboration aims to enhance OT patch management for over 800 power and water utility sites, addressing the increasing threat of nation-state and ransomware attacks. Emerson highlights the necessity for cybersecurity solutions specifically designed for OT environments rather than adapted IT tools.
Source: Industrial Cyber
Delta Electronics ASDA-Soft Engineering Software Hit by Critical Buffer Overflow (CVE-2026-5726)
Delta Electronics has disclosed a stack-based buffer overflow vulnerability (CVE-2026-5726) in its ASDA-Soft servo drive engineering software that allows arbitrary code execution via malformed .par files. CISA advises immediate upgrading to ASDA-Soft version 7.2.6.0 or later. This flaw underscores the persistent risk posed by engineering workstations bridging IT and OT networks, which remain vulnerable to attacks through email, USB, or vendor service channels.
Source: Windows Forum / CISA
Ransomware Hits ‘New Normal’ as Manufacturing Absorbs Surge and Machine Identities Emerge as Hidden Risk
A GuidePoint Security report reveals that ransomware attacks have stabilized at a high ‘new normal’ level in Q1 2026, with manufacturing remaining the hardest-hit sector and construction rapidly increasing. Meanwhile, Barracuda Networks highlights that poorly managed machine identities—such as certificates and embedded credentials used by IoT and OT devices—are a growing attack vector exploited by ransomware groups. Legacy systems and third-party vendor integrations further expose industrial networks to persistent threats.
Source: Barracuda Networks / Industrial Cyber
Staying informed and proactive is critical as the OT/IoT security landscape evolves. Organizations must prioritize robust defenses and continuous vigilance to protect vital infrastructure from emerging threats.
