Today’s OT security landscape highlights growing concerns over critical vulnerabilities in widely deployed industrial control systems and escalating ransomware threats targeting manufacturing and critical infrastructure. Meanwhile, cyberattacks on water and energy sectors continue to intensify, prompting regulatory agencies to advance stricter incident reporting requirements.
CISA Issues Critical Advisory for OpenPLC v3: CVSS 9.9 RCE Vulnerability in Industrial Control Systems
CISA released ICS Advisory ICSA-26-190-01 on July 9, 2026, warning of a critical vulnerability (CVE-2026-14480, CVSS 9.9) in OpenPLC v3, an open-source programmable logic controller platform widely used across critical manufacturing, energy, transportation, and water/wastewater sectors. The flaw allows an authenticated attacker to write arbitrary files to the filesystem and escalate privileges to achieve remote code execution through the normal OpenPLC program compilation process. Because OpenPLC v3 is end-of-life and will receive no further patches, CISA urges all users to upgrade immediately to OpenPLC v4.
Source: CISA ICS Advisory ICSA-26-190-01
Schneider Electric PowerChute Serial Shutdown Vulnerabilities Expose Energy and Healthcare Infrastructure
CISA published Advisory ICSA-26-190-02 detailing multiple vulnerabilities in Schneider Electric’s PowerChute Serial Shutdown software (versions 1.4 and prior), affecting critical infrastructure sectors including energy, healthcare, communications, and transportation systems worldwide. The flaws include path traversal, CRLF injection, brute-force authentication bypass, denial-of-service, and sensitive information exposure — any of which could allow attackers to overwrite critical files, forge log data, or gain unauthorized access to UPS management systems. Schneider Electric has released version 1.5 to address all identified vulnerabilities.
Source: CISA ICS Advisory ICSA-26-190-02
ZeroFox Q2 2026 Report: Manufacturing Remains Ransomware’s Most Targeted Sector as Qilin Dominates
ZeroFox’s Q2 2026 ransomware wrap-up confirms that manufacturing has retained its position as the most targeted industry for ransomware and digital extortion attacks, driven by attackers’ exploitation of the sector’s reliance on continuous OT operations and low tolerance for production downtime. The Qilin ransomware group maintained a 12-month streak as the most active threat actor, primarily targeting high-value organizations across North America through double-extortion attacks spanning manufacturing, healthcare, and professional services. The report underscores that organizations with complex IT/OT environments and interconnected industrial systems face the highest sustained risk.
Source: ZeroFox Q2 2026 Ransomware Report via Industrial Cyber
Hackers Increasingly Target Water Systems and Energy Grids in Europe and the U.S., TechCrunch Reports
A wave of cyberattacks against civilian energy and water infrastructure has intensified in 2026, with incidents targeting Poland’s water treatment plants, a Swedish thermal plant, a Norwegian dam, and now warnings that Iranian-linked hackers are actively targeting privately owned U.S. water utilities. These attacks — many attributed to Russian and Iranian state-sponsored actors — have caused real-world operational disruptions, including forced manual operations and physical damage, highlighting the acute vulnerability of water and energy OT systems that often lack basic cybersecurity protections. CISA has repeatedly warned that drinking water and wastewater systems remain soft targets due to resource constraints and aging control hardware.
Source: TechCrunch
CIRCIA Final Rule Expected September 2026: Critical Infrastructure Operators Face 72-Hour Incident Reporting Mandate
The Cybersecurity and Infrastructure Security Agency is on track to finalize the long-awaited Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) rule in September 2026, according to the updated federal regulatory agenda. Once enacted, the rule will require covered entities across all 16 critical infrastructure sectors — including electric utilities, water systems, hospitals, and chemical facilities — to report cyber incidents to CISA within 72 hours and ransomware payments within 24 hours. The regulation, which could apply to an estimated 300,000 entities, is expected to be one of the most far-reaching U.S. cybersecurity mandates ever implemented.
Source: Federal News Network
As cyber threats against OT and critical infrastructure continue to evolve rapidly, staying informed and proactive is essential. Maintain vigilance and ensure your security measures keep pace with emerging risks.