As operational technology (OT), industrial control systems (ICS), and Internet of Things (IoT) environments continue to evolve and integrate advanced technologies, the cybersecurity landscape grows increasingly complex. Threat actors are leveraging sophisticated tools and tactics, targeting critical infrastructure and manufacturing sectors worldwide, demanding heightened vigilance and proactive defense measures.
Lotus Wiper Malware Targets Venezuelan Energy Firms and Utilities
Kaspersky Lab has analyzed a destructive cyberattack against Venezuela’s energy and utilities sector, including the state oil company PDVSA. The attack employed a novel wiper malware called “Lotus Wiper,” which used living-off-the-land techniques and batch scripts to erase critical data, overwrite drives, and disable recovery options, rendering systems unrecoverable. The attackers remained dormant for months before launching the destructive phase, with the malware compiled in September 2025 and the attack occurring in December 2025.
Source: Dark Reading
Resilience Report: Manufacturing Leads Global Cyberattack Targets, Ransomware Dominates Losses
A new report from cyber insurance firm Resilience reveals manufacturing as the most targeted industry for cyberattacks globally. Analyzing nearly five years of claims data, the report finds ransomware causes over 90% of financial losses despite only 12% of claims, with misconfigured multi-factor authentication responsible for 26% of these losses. Additionally, the number of connected IoT devices in manufacturing is projected to more than double between 2025 and 2030, expanding the attack surface significantly.
Source: Industrial Cyber
MITRE Flags Rising Cybersecurity Risks as Medical Devices Adopt AI, Cloud, and Post-Quantum Technologies
MITRE’s latest analysis warns that the integration of AI/ML, cloud computing, and post-quantum cryptography in medical devices is creating new cybersecurity risks. The report highlights that compromises of a single cloud service can affect hundreds of healthcare facilities simultaneously, as seen in the ransomware attack on Elekta’s cloud services impacting cancer treatment at over 170 sites. MITRE calls for embedding cybersecurity and threat modeling early in medical device development to address these emerging threats.
Source: Industrial Cyber
CISA Issues ICS Advisory for Hangzhou Xiongmai IP Camera Authentication Bypass Vulnerability
CISA has issued an ICS advisory warning of a critical authentication bypass vulnerability (CVE-2025-65856) in the Hangzhou Xiongmai XM530 IP Camera firmware used globally in commercial settings. Exploiting this flaw allows attackers to bypass authentication and access sensitive device information remotely. CISA recommends reducing network exposure, deploying devices behind firewalls, and using VPNs for remote access to mitigate risk.
Source: CISA
Europol IOCTA 2026: Cybercrime Industrializes with AI, Ransomware-as-a-Service, and Hybrid Threat Actors
Europol’s 2026 IOCTA report details a fundamental shift in cybercrime, with over 120 active ransomware brands in 2025 and growing industrialization of operations through AI-powered tools and Ransomware-as-a-Service platforms. Hybrid threat actors, including nation-state proxies, increasingly leverage cybercriminal networks for disruptive attacks on critical infrastructure. A new alliance formed between DragonForce, LockBit, and Qilin ransomware groups late in 2025 underscores deeper collaboration within the criminal ecosystem.
Source: Industrial Cyber
As cyber threats targeting OT, ICS, and IoT environments continue to advance, maintaining robust security practices and staying informed on emerging risks remain essential. Vigilance and proactive defense are critical to safeguarding critical infrastructure and connected systems.
