Daily OT Security News: July 08, 2026

Welcome to Viakoo’s daily OT/ICS/IoT cybersecurity briefing. Today, we cover critical vulnerabilities, emerging threat trends, and urgent patching directives affecting industrial and operational technology environments worldwide.

CERT/CC Warns of Unpatched Hidden Backdoor in Tenda Router Firmware (CVE-2026-11405)

CERT/CC disclosed a hidden authentication backdoor in multiple Tenda router firmware versions that grants attackers full administrative access by bypassing user credentials. The backdoor resides in the login() function of the /bin/httpd binary and uses a secret password stored in device configuration. No patches are available, and Tenda has not responded since the initial May disclosure; users are urged to disable remote web management immediately.

Source: Bleeping Computer

GhostLock (CVE-2026-43499): 15-Year-Old Linux Kernel Flaw Enables Root Takeover and Container Escape

Researchers revealed GhostLock, a 15-year-old use-after-free vulnerability in Linux kernel futex code that allows privilege escalation to root and container escapes without special permissions. Present in nearly all Linux distributions since 2011, the flaw has a publicly available exploit with 97% success rate. While patches are being released, many long-term support distributions remain vulnerable.

Source: The Hacker News

Kaspersky ICS CERT: Q1 2026 Sees Surge in Cyberattacks on Manufacturing Sector

Kaspersky’s Q1 2026 ICS report highlights a 19.6% global rate of malicious object detections on industrial control systems, with manufacturing targeted heavily across Europe and Asia. Southeast Asia experienced the highest attacks at 23.21%, driven by legacy OT vulnerabilities and expanding supply chain risks. Ransomware losses in manufacturing exceeded $18 billion in 2025 alone.

Source: ITWeb

CISA Issues Emergency Directive: Patch ColdFusion, Langflow, and Joomla Flaws by July 10

CISA added four actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog, mandating federal agencies to patch by July 10. Included are a remote code execution ColdFusion flaw (CVE-2026-48282), a critical Langflow IDOR (CVE-2026-55255), and two unauthenticated Joomla extension RCE bugs with CVSS scores of 10. Threat actors have exploited Joomla flaws to implant backdoors and hidden admin accounts.

Source: SecurityWeek

Iranian Cyber Actors Escalate Targeting of Utility OT Environments, CISA Joint Advisory Warns

A joint advisory from CISA warns that Iranian-linked threat actors are exploiting internet-facing OT devices in U.S. water, energy, and municipal utilities, manipulating HMI/SCADA displays and disrupting PLC operations. Approximately 3,900 Rockwell Automation PLCs are internet-exposed in the U.S., raising significant operational and financial risks. Experts emphasize the growing threat due to exposed OT assets and Iran’s advancing cyber capabilities.

Source: Burns McDonnell 1898 Blog

Stay vigilant and prioritize timely patching and asset exposure mitigation to protect your OT and IoT environments from evolving threats.

Share this