OT and IoT defenders face a volatile mix today: nation-state campaigns probing energy sector control systems, critical edge-device flaws added to CISA’s KEV, looming EU reporting mandates for connected products, vendors expanding security tooling for industrial operators, and a headline-grabbing manufacturing breach attributed to Russian actors. Teams should prioritize exposure reduction on internet-facing OT assets, fast-track patching on gateway and management consoles, and validate incident response playbooks for cross-domain IT/OT threats.
Iranian-Affiliated APT Actors Targeting U.S. Energy Sector OT and SCADA Systems
Joint U.S. advisories detail Iranian-linked groups, including IRGC-associated CyberAv3ngers, accessing Rockwell/Allen-Bradley PLCs across critical infrastructure to extract project files and manipulate HMI/SCADA data. Investigators note internet-exposed PLCs with default or weak credentials as common entry points, with CISA advisory AA26-097A tracking the ongoing campaign. With U.S.–Iran tensions elevated in June 2026, operators are urged to audit exposed OT assets, enforce strong credential hygiene, and use E-ISAC/CISA channels for rapid information sharing.
CISA Adds Four Critical Vulnerabilities to KEV — UniFi OS and Lantronix EDS5000 Among Affected OT Edge Devices
CISA added four exploited vulnerabilities to the KEV on June 23, 2026, setting a June 26 remediation deadline for U.S. federal agencies. Three UniFi OS flaws (CVE-2026-34908/34909/34910, CVSS 10.0) can be chained for unauthenticated RCE, while a Lantronix EDS5000 issue (CVE-2025-67038) enables root-level command injection on serial-to-IP gateways commonly bridging legacy OT. Reports of phantom “John Sim” super-admins on compromised UniFi consoles underscore active exploitation; patches include UniFi OS 5.0.8+ and Lantronix EDS5000 2.2.0.0R1+.
EU Cyber Resilience Act: September 2026 Vulnerability Reporting Deadline Looms for IoT/Connected Device Manufacturers
Manufacturers of connected products, including IoT devices already on the market, face a September 11, 2026 deadline to begin reporting actively exploited vulnerabilities and severe incidents to ENISA and national CSIRTs. The CRA mandates strict timelines—early warning within 24 hours, detailed notification within 72 hours, and a final report within 14 days (or one month for severe cases)—with full secure-by-design compliance and CE marking due by December 11, 2027. Noncompliance risks penalties up to €15 million or 2.5% of global turnover, prompting urgent investment in vulnerability and incident reporting infrastructure.
Honeywell Expands OT Cybersecurity Suite to Address Growing Industrial Threat Landscape
Honeywell has strengthened its OT Cybersecurity Suite with new capabilities, including a Secure Media Exchange portable scanner, Cyber Proactive Defense, GRC tooling, a data diode, and an OT SOC offering. The rollout targets sectors such as manufacturing, energy, and critical infrastructure at a time when WEF data shows only 32% of industrial organizations actively monitor OT and just 20% staff dedicated OT security teams. The expanded suite aims to help operators shift from reactive incident handling to proactive resilience and governance.
Russian Hackers Attributed to $2.5 Billion Jaguar Land Rover Cyberattack — Manufacturing Sector on High Alert
A cyberattack attributed to Russian nation-state actors reportedly inflicted $2.5 billion in financial and operational damage on Jaguar Land Rover, marking a major disruption for the automotive sector. The incident highlights escalating risks to manufacturing OT/CPS environments from well-resourced adversaries. Experts urge organizations to update incident response plans, run tabletop exercises for nation-state scenarios, and clarify ownership across IT/OT boundaries.