OT/ICS/IoT Cybersecurity Daily Briefing – June 14, 2026

Welcome to today’s OT cybersecurity news briefing, where we cover the latest developments impacting operational technology, industrial control systems, and IoT security. Stay informed with critical updates that matter to security professionals managing critical infrastructure and connected environments.

Iranian Handala Group Claims Breach of California Water Utilities

On June 12, 2026, the Iranian-linked cyber group Handala claimed responsibility for breaching customer billing systems at water utilities in Bakersfield, Visalia, and Chico, California, asserting the exfiltration of 5GB of data. Independent analysis confirmed the breach was confined to a GPS correction server and billing database, with no compromise detected in OT or ICS systems. California Water Service Company reported no impact on water production or delivery, highlighting the ongoing reputational threats posed by nation-state actors targeting critical infrastructure.

Source: San Joaquin Valley Water

June 2026 ICS Patch Tuesday: Critical Vulnerabilities in Siemens, Schneider Electric, and Phoenix Contact

The June 2026 ICS Patch Tuesday cycle addressed critical vulnerabilities across major industrial control system vendors. Siemens patched issues including authenticated command execution and privilege escalation in Sinec INS and Siprotec 5 relays. Schneider Electric mitigated credential exposure in EasyLogic T150 and Saitel DP RTUs, while Phoenix Contact disclosed a vulnerability in CHARX SEC-3xxx EV charging controllers. CISA additionally released advisories for Inductive Automation, ICONICS, and Mitsubishi Electric products deployed in manufacturing and energy sectors.

Source: SecurityWeek

CISA Advisory: Brickcom IP Cameras Expose Live Feeds and Admin Control via Default Credentials

CISA’s advisory ICSA-26-162-03 highlights vulnerabilities in Brickcom Cube, Dome, Bullet, and Box cameras running firmware 3.2.3.5.6, allowing unauthenticated access to live video streams and administrative controls. These devices, common in commercial, healthcare, manufacturing, and financial environments, lack proper authentication and rely on default credentials. With no immediate patch available, CISA recommends isolating affected devices from the internet, enforcing credential changes, and implementing network segmentation to reduce risk.

Source: Windows Forum

CISA Issues CVSS 9.8 Advisories for Yarbo IoT Robots and Naxclow Smart Home Devices

On June 11, 2026, CISA released critical advisories for the Yarbo robotic platform and Naxclow IoT smart home devices, each rated with CVSS 9.8 severity. The Yarbo advisory revealed hardcoded MQTT broker credentials in the mobile app, enabling attackers to control robot fleets globally. Naxclow devices suffer from a flawed onboarding workflow susceptible to replay attacks, along with hardcoded encryption keys affecting multiple smart home products including doorbells and cameras.

Source: DevSecLab on Note.com

Microsoft’s Record June 2026 Patch Tuesday: 206 CVEs Including Wormable Windows Flaws

Microsoft’s June 2026 Patch Tuesday addressed a record 206 vulnerabilities, including 32 critical flaws and three publicly disclosed zero-day exploits, fueled by AI-accelerated vulnerability discovery. Notable fixes include a wormable remote code execution in Windows HTTP.sys and a critical DHCP Client service flaw affecting virtually all Windows endpoints. Security experts caution that AI-driven exploit development is drastically shortening the window for vulnerability remediation in enterprise and OT environments.

Source: Dark Reading

As threat actors continue to evolve tactics and AI accelerates exploit discovery, maintaining vigilance and timely patching remains paramount for protecting OT and IoT environments. Stay informed and proactive to defend critical infrastructure assets.