Today’s OT, ICS, and IoT security landscape continues to reflect escalating risks from sophisticated threat actors exploiting converged IT/OT environments, unpatched vulnerabilities, and emerging technologies such as AI. Critical infrastructure sectors face intensified ransomware campaigns and targeted intrusions that leverage weaknesses in legacy systems and smart devices, while government directives push for accelerated modernization to defend national security systems. Industrial organizations must remain vigilant as adversaries refine tactics to gain deeper operational control and prolong dwell times.
Iran-Linked Handala Group Breaches California Water Service, Exposing IT/OT Pathways
The Iran-linked Handala threat group has claimed responsibility for breaching California Water Service, one of the largest water utilities in the U.S. The group released a 5 GB data dump containing customer billing data, PII, and administrative credentials tied to an internal GPS correction network (RTKBase). Analysts warn that the vulnerable GPS network’s unauthenticated HTTP access likely served as an initial access vector or lateral movement pathway, highlighting critical IT/OT convergence risks in water infrastructure.
Source: Industrial Cyber
CISA Warns of 7 Critical Naxclow IoT Vulnerabilities Enabling Full Device Takeover — No Patch Available
CISA disclosed seven severe vulnerabilities in Naxclow smart doorbells and cameras, including a critical CVE-2026-28742 flaw involving a hard-coded cryptographic salt that allows attackers to forge valid requests across all devices. Other flaws enable silent device reassignment, credential theft, fleet enumeration, and WiFi credential exposure. The vendor failed to respond to CISA’s disclosure, leaving the entire fleet—including Smart Doorbell X3 and V720 models—fully exposed with no available patches.
Source: Security Online / CISA
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20262 Actively Exploited; CISA Adds to KEV Catalog
Cisco has issued a patch for CVE-2026-20262, an actively exploited zero-day in Catalyst SD-WAN Manager that allows authenticated low-privilege attackers to write arbitrary files and escalate to root. This marks the eighth Cisco SD-WAN vulnerability exploited in 2026. CISA added the flaw to its Known Exploited Vulnerabilities catalog, mandating remediation by June 29 for federal agencies. The ongoing targeting of SD-WAN infrastructure underscores the growing threat to IT/OT network bridges.
Source: SecurityWeek
White House Issues Presidential Memo with ‘Aggressive’ Timelines to Secure National Security Systems Against AI-Driven Threats
President Trump signed a Presidential Memorandum re-establishing the Committee on National Security Systems and setting stringent deadlines to modernize cybersecurity across military and intelligence systems. The memo enforces baseline NIST-level security standards, formalizes NSA’s role as national manager, and stipulates timelines including 60 days for a national security roadmap and 90 days to update cloud security guidance. These measures respond to growing concerns about AI-accelerated cyber threats targeting U.S. critical infrastructure.
Source: Federal News Network
Dragos 2026 OT/ICS Report: 119 Ransomware Groups Hit Industrial Organizations, 42-Day Average OT Dwell Time
Dragos’s 2026 OT/ICS Year in Review reports a 49% increase in ransomware groups targeting industrial organizations in 2025, reaching 119 groups impacting over 3,300 victims—primarily in manufacturing. The average OT ransomware dwell time remains high at 42 days, with adversaries now mapping control loops to deepen operational disruption. The report highlights a convergence of state actors, hacktivists, and ransomware operators that has elevated the U.S. cyber threat level to “High.”
Source: VECTR-CAST / Dragos 2026 OT/ICS Year in Review
As threat actors continue to exploit complex IT/OT intersections and emerging technologies, organizations across critical sectors must prioritize proactive vulnerability management, network segmentation, and collaboration with government initiatives to strengthen resilience against increasingly sophisticated cyberattacks.
