Daily OT Security News: July 06, 2026

The last 24 hours highlight a sharp duality in cyber-physical security: adversaries are scaling with autonomous, AI-driven operations while defenders race to deploy AI-native protections. A critical Linux kernel flaw threatens the OT and IoT edge, and new reporting underscores how ransomware pressure on industrial sectors continues to grow. Meanwhile, regulators are tightening requirements for connected vehicles, signaling broader accountability for safety and software assurance.

JadePuffer: First Fully AI-Automated Ransomware Attack Documented

Sysdig researchers detail “JadePuffer,” which they describe as the first end-to-end ransomware operation executed by a large language model agent, with no human-in-the-loop. The autonomous agent exploited CVE-2025-3248 in Langflow, then performed reconnaissance, credential theft, lateral movement, persistence, privilege escalation, and encryption—adapting its approach when earlier steps failed. The campaign ultimately encrypted 1,342 Nacos service configuration items and left a ransom note, underscoring how agentic AI can compress dwell time and increase operational agility for attackers. Defenders are urged to patch exposed Langflow instances, harden secrets stores, and add detections for agentic behavior patterns across pipelines and services.

Read more at Security Boulevard / CISO Whisperer

Bad Epoll (CVE-2026-46242): Critical Linux Kernel Flaw Threatens OT and IoT Devices

A newly disclosed race-condition use-after-free in the Linux kernel’s epoll subsystem enables unprivileged local attackers to gain root on Linux and Android systems. Researcher Jaeyoung Chung demonstrated a proof-of-concept with ~99% reliability and noted the bug can be triggered from Chrome’s renderer sandbox, increasing real-world exploitability. Affecting kernel versions 6.4 and later, the issue poses elevated risk to OT gateways, IoT edge nodes, and Linux-based industrial controllers. Patches are available and should be applied urgently; notably, Anthropic’s Mythos AI missed this flaw despite previously flagging a related issue in the same code area.

Read more at Security Affairs

Claroty Launches Claire: First AI Security Agent Purpose-Built for Cyber-Physical Systems

Claroty introduced Claire, an AI security agent built specifically for CPS across industrial, healthcare, commercial, and public-sector environments. Powered by a CPS-focused language model trained on data spanning more than 6,500 OEMs and medical device makers and deployments in 50+ sectors across 60+ countries, Claire aims to operationalize domain context at scale. The agent prioritizes and orchestrates remediation of exposures, automates asset-to-regulatory mapping, and maintains OEM-approved patch-level awareness to support uptime and safety. The launch reflects strong industry demand for AI tools that understand the operational constraints and regulatory nuances of OT environments.

Read more at TechPartner News

Dragos 2026 OT Report: 119 Ransomware Groups Hit 3,300 Industrial Organisations in 2025

Dragos’s 2026 OT Cybersecurity Year in Review reports 119 ransomware groups impacting roughly 3,300 industrial organizations in 2025—a 49% jump from the 80 groups tracked the prior year. The firm identified three new OT-specific threat groups, bringing the global total to 26, with 11 active during 2025. Complementing these findings, Zscaler’s ThreatLabz reported a 935% surge in ransomware targeting oil and gas between April 2024 and April 2025. The period also saw a coordinated December 2025 cyberattack on more than 30 renewable energy and combined heat-and-power facilities in Poland, where adversaries abused internet-facing edge devices to deploy wipers against RTUs, HMIs, and firmware.

Read more at Hydrocarbon Engineering

India Mandates Cybersecurity Management Systems for Connected Vehicles Under AIS-189

India’s Ministry of Road Transport and Highways issued a draft notification for a phased rollout of Cybersecurity Management Systems (CSMS) under AIS-189, covering passenger and commercial vehicles. The framework obligates automakers to implement rigorous software update management and protections against cyberattacks, with software safety now a strict legal mandate for Level 3 autonomous vehicles and above. The move aligns India with global standards such as UNECE WP.29, signaling heightened regulatory expectations for IoT-enabled transportation. Non-compliance could result in production stoppages, raising the stakes for automotive suppliers and OEMs across the ecosystem.

Read more at Threads / Utsav Techie

Stay vigilant: prioritize rapid patching, harden identities and edge devices, and continuously monitor OT/ICS networks for signs of lateral movement and ransomware staging. Sustained visibility and disciplined vulnerability management remain the best defense against today’s accelerated threat tempo.

Share this