Daily OT Security News: July 3, 2026

Welcome to the daily OT/IoT/ICS cybersecurity briefing for July 3, 2026. Today’s highlights include critical advisories from the FBI and CISA, significant vulnerabilities impacting IoT ecosystems, and new frameworks to enhance public-private collaboration in critical infrastructure security.

FBI Issues FLASH Warning on TeamPCP: Large-Scale Software Supply Chain Campaign Targets Developer Tools

On July 2, 2026, the FBI released a FLASH advisory on the cybercriminal group TeamPCP, which has compromised widely-used developer and security tools such as Trivy, Checkmarx KICS, LiteLLM, and the Telnyx Python SDK. This campaign involves trojanized software supply chain attacks that enable lateral movement through CI/CD pipelines by stealing cloud access tokens, SSH keys, and Kubernetes secrets. TeamPCP has also attempted extortion by publicly leaking victim names across platforms including GitHub Actions, Docker Hub, npm, PyPI, and the VS Code Marketplace.

Source: Read more

CISA Issues Critical Advisory on Gardyn IoT Hub: Hard-Coded Credentials Allow Full Device Takeover

On July 2, 2026, CISA published advisory ICSA-26-183-03 highlighting critical vulnerabilities (CVSS 10.0) in the Gardyn IoT Hub affecting firmware and cloud API versions prior to 2.12.2026. The most severe flaw (CVE-2026-13768) exposes a privileged key enabling unauthenticated attackers to perform IoTHub Registry Manager functions and execute arbitrary commands on connected devices. Additional issues include publicly accessible Azure Blob Storage containing device logs and an administrative panel missing standard security headers.

Source: Read more

CISA Advisory: ST Engineering iDirect Satellite Terminals Expose Authentication Keys Without Credentials

CISA’s advisory ICSA-26-183-01, released July 2, 2026, reports two high-severity vulnerabilities (CVSS 8.1) in ST Engineering iDirect iQ-Series satellite terminals. One vulnerability allows attackers to obtain sensitive device info, including private keys and firmware versions, via exposed REST APIs without authentication. Another enables cross-site request forgery attacks that can reboot devices, causing loss of satellite links potentially affecting multiple critical sectors worldwide.

Source: Read more

Seven FatFs Vulnerabilities Discovered via AI-Assisted Research Threaten Broad IoT and Industrial Device Ecosystem

Researchers at runZero disclosed seven vulnerabilities impacting FatFs, a widely embedded filesystem library used in platforms such as Espressif ESP-IDF, STM32Cube, Zephyr RTOS, MicroPython, ArduPilot, and Samsung TizenRT. The lead vulnerability (CVE-2026-6682) involves an integer overflow causing heap or stack overflows and potential code execution when processing crafted FAT media. Due to vendor-specific modifications and lack of upstream response, organizations are urged to audit their implementations.

Source: Read more

CISA Launches ANCHOR-CI Framework to Formalize Public-Private Coordination on Critical Infrastructure Security

CISA has established ANCHOR-CI, the Alliance of National Councils for Homeland Operational Resilience – Critical Infrastructure, replacing the previous CIPAC framework. This new structure introduces four types of councils to enhance timely coordination on emerging threats and risks across all 16 critical infrastructure sectors. DHS Secretary Markwayne Mullin called ANCHOR-CI a ‘game changer,’ while CISA Acting Director Nick Andersen emphasized its role in elevating stakeholder voices in critical infrastructure security.

Source: Read more

Thank you for reading today’s briefing. Stay vigilant and ensure your operational technology and IoT assets are well-protected against evolving cyber threats.

Share this