The operational technology and IoT security landscape continues to deteriorate as state-sponsored actors expand botnet infrastructure, critical vulnerabilities emerge in widely deployed security tools, and supply chain threats intensify across industrial sectors. Today’s threat intelligence reveals a coordinated escalation in both reconnaissance activities and exploitation capabilities targeting OT environments globally, with particular pressure mounting in the Middle East and across interconnected supply chains.
China-Linked JDY Botnet Expands to 1,500+ Compromised IoT Devices for Reconnaissance
Researchers at Lumen’s Black Lotus Labs have documented a significant expansion of the JDY botnet, a covert network attributed to Chinese state-sponsored threat actors, which now controls over 1,500 compromised SOHO and IoT devices—more than double its previous size of 650 nodes. The botnet targets devices from manufacturers including Hikvision, Ubiquiti, Draytek, Linksys, Araknis, and Mimosa Networks, functioning as a high-performance scanner for discovering and mapping exposed services at scale. Leveraging Tor nodes for command-and-control management, the botnet rapidly weaponizes newly disclosed vulnerabilities in edge devices and feeds reconnaissance data into a larger scanning ecosystem for follow-on exploitation campaigns.
Source: SC World
Fortinet Releases Critical Patch for FortiSandbox Remote Code Execution Flaw
Fortinet has issued security updates addressing a critical OS command injection vulnerability (CVE-2026-25089, CVSS 9.8) in FortiSandbox products that allows remote, unauthenticated attackers to execute arbitrary commands via specially crafted HTTP requests. The flaw affects FortiSandbox versions 5.0.0–5.0.5 and 4.4.0–4.4.8, as well as FortiSandbox Cloud and PaaS deployments. While no in-the-wild exploitation has been reported to date, Fortinet has strongly recommended immediate patching, and the company also addressed two medium-severity vulnerabilities in FortiOS, FortiProxy, and FortiPortal products.
Source: Security Affairs
2026 Fortinet Report: OT Security Maturing While Intrusion Rates Surge
The 2026 Fortinet State of Operational Technology and Cybersecurity Report, based on surveys of over 700 OT professionals worldwide, indicates that while OT security practices are maturing, the threat landscape is intensifying significantly. Intrusion reports have escalated sharply, with 71% of respondents now reporting between 1–9 intrusions compared to 47% in 2025, while phishing remains the dominant attack vector at 76% and ransomware impacts 50% of organizations. Notably, only 24% of organizations reported joint IT and OT system compromises (down from 60%), suggesting improved network segmentation, though attacker dwell times spanning weeks or months have increased substantially.
Source: IT Brief UK
Middle East OT Infrastructure Faces Critical Threat from State-Sponsored and Ransomware Actors
Shieldworkz has assessed the Middle East’s operational technology threat environment as CRITICAL as of June 2026, identifying at least 19,000 internet-exposed ICS devices in global H1 2026 scans with a disproportionate concentration in the region. IRGC-affiliated groups, Russian-nexus threat actors, and RansomHub affiliates have all demonstrated confirmed OT-targeting capabilities, with living-off-the-land techniques observed in 77% of confirmed OT-impacting intrusions. The advisory profiles nine active threat actor groups conducting PLC and SCADA manipulation campaigns, including confirmed supply chain compromises of OT software update mechanisms.
Source: Shieldworkz
Supply Chain Alert Fatigue Crisis Undermines Industrial Cybersecurity Defenses
Supply chains remain the primary target for cybercriminals in 2026, with projected cybercrime costs rising from $10 trillion in 2025 to $16 trillion by 2029, yet security teams face overwhelming alert volumes that undermine effective threat response. Of over 48,000 CVEs recorded in 2025, only 58 (0.12%) were identified as genuine threats, yet AI-powered attacks continue to increase noise and alert fatigue across industrial environments. Third-party vendors and OT-connected supply chain partners represent the largest vulnerability surface, with machine learning emerging as the critical countermeasure for filtering false positives and identifying authentic threats in complex industrial ecosystems.
Source: Manufacturing Business Technology
Today’s threat intelligence underscores the urgent necessity for continuous OT and IoT security vigilance. Organizations must prioritize rapid patch deployment for critical vulnerabilities, implement robust network segmentation, maintain heightened awareness of supply chain risks, and invest in intelligent threat detection systems capable of distinguishing genuine threats from alert noise. The convergence of state-sponsored reconnaissance, expanding botnet infrastructure, and supply chain vulnerabilities demands a proactive, layered defense posture across all operational technology environments.
