As operational technology (OT), industrial control systems (ICS), and IoT environments continue to interconnect globally, the security landscape remains highly dynamic and challenging. Today’s briefing highlights critical vulnerabilities, large-scale intrusion campaigns, and evolving threat actors shaping the OT/ICS cybersecurity domain in 2026.
Forescout Uncovers 22 BRIDGE:BREAK Vulnerabilities in Serial-to-IP Converters, Exposing ~20,000 Devices Online
Forescout Research Vedere Labs has disclosed 22 new vulnerabilities—collectively named BRIDGE:BREAK—in serial-to-IP converters from Lantronix and Silex. These flaws include remote code execution, authentication bypass, and device takeover, affecting nearly 20,000 devices publicly exposed online. Users are urged to apply patches, replace default credentials, and segment networks to mitigate risks.
Source: The Hacker News
Cato Networks Traces Large-Scale Modbus/TCP Campaign Targeting PLCs Across 70 Countries
Cato Networks researchers have identified a global campaign targeting internet-exposed programmable logic controllers (PLCs) via Modbus/TCP. Observed across 70 countries, the campaign involved scanning, denial-of-service attempts, and manipulative write operations, primarily impacting manufacturing sectors. Experts advise eliminating public exposure of Modbus devices and enforcing strict OT/IT network segmentation.
Source: Industrial Cyber
ZeroFox Q1 2026 Report: Manufacturing Absorbs Nearly One in Five Ransomware Attacks as Threat Volume Holds at Record Pace
The latest ZeroFox ransomware and digital extortion report reveals sustained high-volume attacks with manufacturing as the most targeted industry for the fifth consecutive year. Despite a slight decline, over 2,000 incidents occurred in Q1 2026, with prominent threat groups like Qilin, Akira, and the new “The Gentlemen” collective responsible for a significant share. North America continues to bear the brunt, alongside healthcare and professional services sectors.
Source: Industrial Cyber
NCSC, CISA, FBI, and International Partners Issue Joint Advisory on China-Linked Covert Networks Exploiting SOHO Routers and IoT Devices
A coalition of international cybersecurity agencies has issued a joint advisory warning of China-linked threat actors leveraging compromised SOHO routers and IoT devices to build covert espionage networks. The advisory highlights sophisticated techniques that evade traditional defenses, emphasizing the need for behavioral monitoring, multi-factor authentication, and zero trust frameworks to mitigate risks posed by rapidly evolving covert infrastructures.
Source: Industrial Cyber
Supply Chain Risk Takes Center Stage in OT Cyber Sovereignty as Hidden Dependencies and Long-Tail Vendors Come Under Scrutiny
A new feature explores how supply chain risks have escalated into critical national security concerns within OT cyber sovereignty. With vendor concentration and foreign-supplied legacy equipment posing systemic dangers, experts warn about the cascading effects of malicious vendor actions. Recommended defenses include enhanced asset visibility, network segmentation, anomaly detection, and strict remote access controls to safeguard critical infrastructure.
Source: Industrial Cyber
Staying informed and proactive is essential as adversaries refine their tactics in the OT/ICS landscape. Maintaining vigilance through timely patching, network segmentation, and comprehensive threat intelligence remains paramount for securing critical infrastructure.
