Daily OT Security News: July 11, 2026

Today’s threat landscape is defined by high-severity vulnerabilities across IoT and firmware layers, widening ransomware pressure on healthcare and OT supply chains, and the emergence of AI-driven autonomous attacks that accelerate reconnaissance and exploitation. Organizations operating connected devices and industrial control systems should note simultaneous risks from pre-boot firmware flaws, exposed service keys in consumer hubs, and expanding adversary tactics targeting OT and third-party suppliers.

Gardyn IoT Hub RCE: CVE-2026-13768 Scores CVSS 10

CISA published an advisory covering three vulnerabilities in the Gardyn IoT Hub, with the most severe, CVE-2026-13768, rated CVSS 10.0 for unauthenticated remote code execution. The root cause is hard-coded credentials exposing a privileged iothubowner key that can be used to call an Azure IoT Hub Registry Manager function, retrieve connection details for more than 138,000 registered devices, and execute arbitrary commands or pivot to other devices on the victim’s home network. Two additional flaws (CVE-2026-55726, CVSS 5.3; CVE-2026-54477, CVSS 5.4) expose device logs and weaken admin-panel security headers. Gardyn has patched its cloud infrastructure, devices update automatically over the internet, and CISA advises owners to keep devices behind a firewall and update the mobile app; no exploitation in the wild has been confirmed to date.

Source: SecurityOnline.info

New U-Boot Flaws Could Enable Stealthy Firmware Attacks

Firmware security firm Binarly disclosed six vulnerabilities (BRLY-2026-037 through 042) in U-Boot’s FIT signature-verification code that affect the widely used open-source bootloader. Two of the flaws permit arbitrary code execution during firmware verification, while four enable denial-of-service crashes; because exploitation occurs before the OS loads, attackers could disable firmware security features, install persistent malware, or modify the boot process undetected. The vulnerable code dates back to U-Boot 2013.07 and impacts more than 50 stable releases plus countless vendor forks and downstream builds. Binarly’s patches have been accepted upstream, but downstream vendors must integrate and ship fixes, and older or unsupported devices may never receive updates; on systems with BMCs, remote exploitation via crafted firmware images is a practical threat.

Source: BleepingComputer

Cybersecurity and Water System Risk: What City Leaders Should Know

A new analysis cautions municipal water utilities about rising cyber risk as SCADA and OT systems become more networked. The EPA reported in May 2024 that more than 70% of inspected community water systems failed to meet cybersecurity requirements under the Safe Drinking Water Act, and the October 2024 American Water incident demonstrated how an attack can disrupt billing and force system isolation. The article urges city and utility leaders to conduct OT/SCADA-focused assessments, enforce access controls, train staff on threat recognition, and adopt CISA and NIST frameworks. It also notes that AI-driven monitoring tools can improve visibility while simultaneously introducing new attack surfaces.

Source: LMC

Healthcare Ransomware Attacks Remain Resilient in H1 2026 as Extortion Groups Broaden Attacks Across Supply Chain

Ransomware activity targeting healthcare remained robust in H1 2026, with a median ransom demand of $310,000 and attackers increasingly focusing on OT environments and supply-chain partners. The number of attacks rose from 132 in Q1 2024 to 191 in Q4 2024, dipped afterward, and climbed again through 2026, reflecting a persistent threat trajectory. Extortion groups are now broadening tactics to include medical device manufacturers, pharmaceutical logistics, and third-party service providers that connect to OT systems managing physical clinical processes. The trend highlights the need for healthcare organizations to extend cybersecurity programs beyond traditional IT to encompass connected medical devices and operational infrastructure.

Source: Industrial Cyber

AI-Driven Attacks, Critical Exploits, and Global Breaches Define This Week in July 2026

This week’s roundup highlights the first confirmed ransomware attack conducted almost entirely by an autonomous AI agent: the JadePuffer ransomware, which exploited a Langflow vulnerability to perform reconnaissance, credential theft, and file encryption autonomously, a development with direct implications for OT/ICS environments where response windows are short. Additional notable items include CISA ordering immediate patching of a critical Adobe ColdFusion flaw (CVE-2026-48282) actively exploited against federal systems, the DHS confirming a breach of its Homeland Security Information Network (HSIN), and Google disrupting the NetNut botnet that had infected approximately two million Android devices. The coverage underscores accelerating attacker capabilities and the continued presence of high-impact active exploits. Security teams are advised to segment IoT devices onto separate networks and monitor for command-and-control traffic.

Source: eSecurityPlanet

Share this