Daily OT Security News: July 01, 2026
Concise daily briefing for OT, IoT, CPS, and ICS security professionals — five developments from the past 24 hours that affect asset owners, operators, and security teams. Each item highlights operational impact and immediate actions for defenders.
CISA: FUXA SCADA/HMI Authentication Bypass (CVE-2026-13207)
CISA warns that Frangoteam FUXA SCADA/HMI versions 1.3.1 and earlier expose user accounts and role assignments via a REST API dot‑segment path normalization authentication bypass, with a CVSS 3.1 score of 7.5 (High). Operators should assume opportunistic scanning and prioritize updating to FUXA 1.3.2 or later, verify exposed endpoints, and review access controls on HMI/SCADA web interfaces.
Source: WindowsForum
DOE/CESER Expands Cyber Supply Chain Defenses for Energy Infrastructure
The DOE Office of Cybersecurity, Energy Security, and Emergency Response (CESER) is scaling programs that extend supply chain risk management beyond software to include hardware, firmware, and third‑party services via initiatives such as CyTRICS, cyber‑informed engineering, and the Clean Energy Cybersecurity Accelerator. Energy operators should accelerate vendor testing, increase firmware/asset transparency, and embed cyber requirements into procurement and engineering specifications to reduce systemic exposure from COTS components.
Source: Industrial Cyber
OMB M-26-14 and CISA BOD 26-04 Bring OT/IoT Into Federal Compliance Scope
New federal mandates explicitly bring OT and IoT assets into scope: OMB M‑26‑14 mandates purpose‑driven logging and retention, while CISA BOD 26‑04 replaces uniform patch deadlines with a four‑variable risk‑weighted prioritization framework (Asset Exposure, KEV Status, Exploit Automation, Technical Impact). Federal and contracted OT/IoT owners must accelerate asset inventories, implement logging and retention controls, and adopt risk‑weighted remediation workflows ahead of full enforcement in December 2026.
Source: Nozomi Networks
BlueHammer (CVE-2026-33825) Now Observed in Ransomware Campaigns
CISA reports that BlueHammer (CVE‑2026‑33825), a Microsoft Defender vulnerability disclosed in April and patched by Microsoft on April 14, has been leveraged in ransomware attacks and was exploited as a zero‑day prior to patch availability. OT environments should verify patch status on Windows HMI and engineering workstations, apply compensating controls for unpatchable systems, and hunt for indicators of post‑exploitation lateral movement tied to this privilege escalation bug.
Source: SecurityWeek
Singapore Cyber Landscape 2025/2026: IoT Botnets and Telecom Intrusions Surge
Singapore’s CSA reports a 142% increase in infected infrastructure driven by IoT botnets and weak consumer device security, while APT UNC3886 targeted major telcos and authorities launched Operation CYBER GUARDIAN in response. Network operators and enterprises should enforce router and device baseline hardening, accelerate deployment of secure‑by‑design supplier criteria (including labelling requirements), and improve segmentation and telemetry to detect botnet and AI‑enabled attack activity.