Today’s threat landscape underscores an intensifying focus on operational technology (OT) and Internet of Things (IoT) assets by both state-sponsored and automated adversaries. Joint international warnings, multiple high‑severity device vulnerabilities, evidence of large credential exposures, and research showing AI agents autonomously exploiting IoT weaknesses together signal elevated risk to production networks, critical infrastructure, and supply chains. Security teams should prioritize immediate mitigations, patch management, and robust network segmentation to reduce rapid attack paths into OT environments.
US and Allies Issue Joint Warning on Russian FSB Hackers Targeting Critical Infrastructure Routers
On July 13, 2026, cybersecurity agencies from nine countries, including the NSA, FBI and CISA, issued a joint advisory attributing ongoing campaigns against critical‑infrastructure routers to Russian FSB Center 16 (aka Berserk Bear / Energetic Bear / Ghost Blizzard). The actors scan for routers using default or weak SNMP community strings, exfiltrate device configurations via TFTP, and have leveraged a known Cisco Smart Install vulnerability (CVE‑2018‑0171) to gain persistence. Target sectors include energy, communications, healthcare, financial services and defense; agencies recommend migrating to SNMPv3, disabling Cisco Smart Install, enforcing unique strong passwords, blocking TFTP/SNMP at perimeter firewalls, and replacing end‑of‑life devices.
Source: BleepingComputer
Critical WAGO ICS Field Device Vulnerability (CVE-2026-4769, CVSS 9.8) Allows Unauthenticated Full System Compromise
A critical vulnerability, CVE‑2026‑4769 (CVSS 9.8), has been disclosed in WAGO System I/O field devices that are common in industrial and building automation deployments. The flaw exposes an undocumented diagnostic interface during early boot that can be activated remotely without authentication, enabling full system control before normal security controls initialize; affected models include the WAGO 0765‑110x/0100‑0000 series. CERT@VDE reports no known in‑the‑wild exploitation to date, but WAGO has released firmware updates (1.2.1.100, 1.2.7.100, 1.2.7.103 and later) and organizations are urged to apply patches immediately and enforce strict network segmentation and access controls for OT field devices.
Source: Security Online
CYFIRMA: Nation-State Actors Intensifying Attacks on Manufacturing OT and ICS Environments
CYFIRMA’s latest intelligence indicates nation‑state actors are escalating targeted operations against manufacturing OT and ICS environments, with attackers increasingly focusing on operating systems and host‑level assets inside production networks. The report highlights a large credential exposure impacting roughly 73,000–74,000 FortiGate devices and the use of a custom Golang credential harvester to exploit the leak. The findings emphasize that IT/OT convergence and exposed edge devices are enlarging adversaries’ attack surface and enabling access paths that can lead to disruption or data exfiltration.
Source: Industrial Cyber
VEXAIoT: AI Agents Autonomously Exploit IoT Vulnerabilities with 95% Success Rate
Researchers at Tennessee Tech University developed VEXAIoT, a dual‑agent LLM‑powered framework that autonomously discovers and exploits vulnerabilities in IoT testbeds, achieving a reported 95% success rate across 260 attack executions. Tested against intentionally vulnerable environments (IoTGoat and Metasploitable2), the system achieved 100% success on several attack classes including remote code execution, developer backdoor access and PII extraction, and mapped attacks to nine of the ten OWASP IoT Top 10 categories. The work demonstrates how readily available AI tooling can automate complex reconnaissance and exploitation workflows against devices with weak credentials, outdated firmware or insecure defaults, accelerating adversary effectiveness.
Source: CyberPress
India Considers Expanding IoT Security Certification Framework Beyond CCTV Cameras
India is evaluating expansion of its STQC cybersecurity certification—which since April 2026 has covered internet‑enabled CCTV cameras—to encompass a broader set of IoT devices such as smart meters, home automation, industrial sensors, healthcare equipment and connected appliances. The move is driven by concerns over insecure imported devices and would establish a baseline requiring product testing, vulnerability assessment, software integrity verification and supply‑chain transparency prior to sale. Concurrently, Japan’s JC‑STAR scheme has tightened requirements for network devices and cameras and reached mutual recognition arrangements with Singapore and the UK, signaling a near‑term trend toward global regulatory convergence on IoT security standards.
Source: Economic Times
Key takeaways for security practitioners: prioritize immediate hardening of internet‑facing infrastructure (upgrade to SNMPv3, disable insecure management services, block TFTP/SNMP at the edge), accelerate patching of critical OT/field device firmware and apply compensating segmentation and allow‑listing, expand monitoring for credential theft and anomalous host activity inside OT networks, and assess the growing risk of AI‑driven automated exploitation when conducting threat modeling and red‑team exercises. Additionally, track emerging regulatory requirements for device certification and strengthen supply‑chain controls and procurement policies to reduce the risk posed by insecure IoT/OT products.