Welcome to today’s OT security news briefing, providing critical updates on vulnerabilities, threat actor activities, and industry initiatives shaping the operational technology cybersecurity landscape. Stay informed on the latest developments impacting industrial control systems and critical infrastructure.
CISA Publishes Nine ICS Advisories Including CVSS 10.0 Flaw in Rockwell Automation Adapter
On July 16, 2026, CISA released nine ICS advisories highlighting a critical CVSS 10.0 vulnerability (CVE-2026-10577) in Rockwell Automation’s 1715-AENTR EtherNet/IP Adapter. This flaw exposes an unauthenticated debug CLI port, enabling attackers with network access to manipulate plant floor systems, including valves and actuators. Energy, water/wastewater, and critical manufacturing sectors are urged to update affected firmware versions promptly.
Source: TechTimes / CISA
UK NCSC and 12-Nation Alliance Warn of Russian FSB Targeting Critical Infrastructure via Router Vulnerabilities
The UK National Cyber Security Centre, together with CISA and partners from 12 countries, issued a joint advisory on July 13, 2026 identifying Russia’s FSB Centre 16 (Berserk Bear/Dragonfly) as actively exploiting routers and network edge devices worldwide. The group targets devices with weak credentials and outdated firmware to maintain persistent access, threatening vital sectors like energy, water, transport, and healthcare. The advisory attributes the December 2025 Poland energy grid attack to this adversary.
Source: NCSC UK
Coca-Cola Suspends US Fairlife Production Following Ransomware Attack on Production Systems
Coca-Cola revealed in an SEC filing that its Fairlife dairy subsidiary suffered a ransomware attack affecting production systems, leading to a temporary halt of US manufacturing operations. Incident response is ongoing, with law enforcement involved and external cybersecurity experts engaged to evaluate the incident’s full impact. Product safety remains unaffected, though financial effects are under review.
Source: SecurityWeek
‘The Gentlemen’ Ransomware-as-a-Service Group Emerges as Top Threat to Industrial and Manufacturing Sectors
Since emerging in mid-2025, the Russian-speaking ransomware group ‘The Gentlemen’ has escalated to a major global threat, claiming over 1,570 compromised networks and 580 confirmed victims by July 2026. With a highly industrialized attack model and lucrative affiliate revenue shares, this group predominantly targets manufacturing, healthcare, and critical infrastructure sectors. Their impact includes direct cyber-physical disruptions, as seen in the attack on Australia’s Mackay Sugar.
Source: InCyber / Unit 42
NIST NCCoE Launches New OT Asset Management Project to Improve Visibility and Cyber Resilience
On July 17, 2026, NIST’s National Cybersecurity Center of Excellence announced a new initiative soliciting public input to develop practical guidelines for OT asset management and visibility. This project recognizes the essential role of comprehensive device inventories in building effective cybersecurity risk management frameworks. The effort supports the expanding OT security market, which is projected to grow significantly through 2033.
Source: NIST NCCoE / Industrial Cyber
Thank you for following today’s briefing. As threat vectors continue to evolve, maintaining vigilance and proactive risk management remains imperative for all OT security stakeholders.