Today’s OT threat landscape is marked by high-severity IoT/edge device advisories, an unpatchable energy inverter disclosure, a continued surge in industrial ransomware, and renewed regulatory attention on incident reporting. Practitioners should prioritize discovery and network controls for exposed devices, accelerate compensating mitigations where patches are unavailable, and ensure readiness for faster mandatory reporting windows.
CISA Advisory: Critical Flaws in Naxclow IoT Platform (CVSS 9.8)
CISA published an advisory for the Naxclow IoT platform—impacting Smart Doorbell X3, X Smart Home, V720 and ix cam families—detailing multiple high-severity issues (authorization bypass, hard-coded crypto keys, predictable identifiers and credential exposure) with a combined CVSS v3 score of 9.8. Exploitation could enable large-scale credential harvesting, device impersonation, and interception or manipulation of device communications; devices are deployed globally across commercial facilities. Organizations should inventory affected endpoints, remove internet exposure, and apply network-level compensations until vendor updates are available.
Source: CISA
CISA Advisory: Brickcom Camera Vulnerabilities Allow Remote Live-Feed Access
CISA issued an advisory for specific Brickcom camera firmware (version 3.2.3.5.6) citing Missing Authentication and the use of default credentials that carry a CVSS v3 score of 7.7. Successful attacks can provide unauthenticated remote access to live video, exposure of sensitive visual information, and administrative takeover—affecting commercial, manufacturing, financial and healthcare environments. Immediate remediation includes removing public access, rotating credentials, and deploying network segmentation and monitoring.
Source: CISA
Siemens KACO Blueplanet Inverters: Hard-Coded Credential and SQLi — No Patch Planned
CISA-disclosed flaws in 30+ Siemens KACO Blueplanet inverter models include a hard-coded credential (CRC16-based weakness) and an SQL injection; the vendor has confirmed no software fix is planned. These inverters are control points for energy generation, and the low-skill nature of the attacks combined with the lack of patching elevates the operational risk—potentially triggering NERC CIP and other regulatory obligations. Operators must implement immediate compensating controls: strict network segmentation, deny-listing, access controls, enhanced logging and expedited hardware replacement planning where feasible.
Source: TechJack Solutions
Ransomware Attacks Jump 48% YoY; Industrial Manufacturing Sees Sharp Rise
Check Point Research data reported 698 ransomware incidents in May 2026—a 48% year-over-year increase—with industrial manufacturing victims rising 50%. The ransomware ecosystem remains fragmented but more industrialized, with 61 active groups observed and Qilin the most active actor; North America accounted for nearly half of reported incidents. OT teams should strengthen backups, test recovery procedures, and assume ransomware actors will target OT pathways and supply-chain dependencies.
Source: Industrial Cyber
CISA Revives CIRCIA Engagements — Faster Mandatory Incident and Ransom Reporting Expected
CISA has restarted public engagement on the long-delayed CIRCIA incident reporting rules that would require covered critical infrastructure entities to report cyber incidents within 72 hours and ransomware payments within 24 hours. The rule set—covering 16 sectors and potentially tens of thousands of organizations—will demand changes to detection, triage and legal workflows; CISA is hosting virtual town halls to gather feedback. Organizations should review their reporting pipelines, evidence preservation practices, and legal/comms playbooks now to meet substantially accelerated timelines.
Source: Federal News Network
Key takeaways: prioritize discovery and isolation of vulnerable IoT and camera fleets, enforce strict segmentation and access controls for OT networks, apply compensating controls where patches are unavailable (notably in energy inverters), accelerate ransomware resilience exercises, and validate incident reporting and evidence-handling processes to meet evolving regulatory timeframes. Brief senior executives now and translate these risks into funded remediation and replacement plans.
