Today’s threat landscape highlights increasing risks to operational technology and industrial control systems across critical infrastructure sectors. Attackers continue to exploit exposed devices and vulnerabilities, emphasizing the urgent need for proactive visibility and defense in OT, ICS, and IoT environments.
CISA and Federal Partners Warn of 900+ Exposed Automatic Tank Gauge Systems at US Gas Stations
CISA, FBI, NSA, and the Department of Energy issued a joint advisory revealing that over 900 automatic tank gauge systems at US gas stations and critical infrastructure are internet-exposed and actively targeted. Attackers exploit hardcoded credentials, authentication bypasses, and command injection flaws to alter system settings, disable alerts, and increase risks of fuel leaks or equipment failures. The advisory follows reports linking Iranian threat actors to compromises manipulating fuel display readings.
Source: BleepingComputer
Polish Water Facilities Hit by Cyber Attacks Targeting OT Environments Connected to Five Treatment Plants
Industrial control systems at five Polish water-treatment plants suffered unauthorized access, with attackers reportedly modifying operational parameters in some cases. Authorities attribute the intrusions to groups linked to Russian and Belarusian interests, exploiting weak credentials and internet-accessible OT networks. These incidents highlight the growing intersection of cybersecurity and national security in protecting critical public infrastructure.
Source: Cyber Management Alliance
Industrial Ransomware Holds Steady at 1,020 Incidents in Q1 2026 — Manufacturing Bears 62% of Attacks
Dragos’ Q1 2026 report recorded 1,020 ransomware incidents impacting industrial sectors globally, with manufacturing accounting for 62% of cases across multiple sub-sectors. The threat group Qilin led with 198 incidents, while the RaaS operator ‘The Gentlemen’ increased activity significantly. Data theft has surpassed encryption as the primary extortion tactic, with 77% of attacks involving suspected exfiltration, challenging traditional backup-focused defenses.
Source: CyberSec Media / Dragos
Palo Alto Networks Confirms Active Exploitation of PAN-OS Authentication Bypass CVE-2026-0257 in GlobalProtect
Unit 42 researchers confirmed active exploitation of CVE-2026-0257, an authentication bypass vulnerability in PAN-OS GlobalProtect portal and gateway components. This flaw enables unauthorized attackers to bypass security controls and establish VPN connections. Added to CISA’s Known Exploited Vulnerabilities list recently, organizations—especially those in OT sectors—are urged to apply mitigations promptly and hunt for compromise indicators.
Source: Palo Alto Networks Unit 42
Cisco Catalyst SD-WAN Manager Hit by Unpatched Root-Level Command Injection Flaw CVE-2026-20245
Cisco disclosed CVE-2026-20245, a privilege escalation vulnerability in Catalyst SD-WAN Manager allowing authenticated users with netadmin rights to execute root commands via crafted file uploads. With no patch or workaround currently available, limited exploitation cases have resulted in unauthorized configuration changes on edge devices. OT operators using SD-WAN to connect industrial sites should audit logs and run diagnostic commands to detect compromises before applying future patches.
Source: Security Affairs
As these evolving threats demonstrate, maintaining comprehensive visibility and rapid response capabilities in OT and IoT environments is critical. Security teams should prioritize vulnerability management, network segmentation, and proactive threat hunting to mitigate risks and safeguard operational continuity.
