Today’s cybersecurity landscape for operational technology (OT), industrial control systems (ICS), and critical infrastructure highlights escalating risks from exposed remote access servers, sophisticated multi-stage vulnerabilities, and emerging threats linked to AI supply chains. Efforts by U.S. agencies to release advisories and guidance on Zero Trust adoption underscore the urgency for comprehensive defenses in environments constrained by legacy systems and mission-critical uptime requirements. Meanwhile, legislative scrutiny intensifies around the integration of foreign-developed AI models in sensitive infrastructure, reflecting growing concerns about supply chain security and geopolitical risk.
Forescout Finds 3.4 Million RDP and VNC Servers Exposed, Raising Risks to OT and Enterprise Networks
Forescout Technologies’ latest research identifies over 3.4 million Remote Desktop Protocol (RDP) and Virtual Network Computing (VNC) servers exposed to the internet, significantly expanding the attack surface for OT and ICS networks. Notably, more than 19,000 RDP servers remain vulnerable to the critical BlueKeep exploit, while nearly 60,000 VNC servers operate without authentication, including over 670 connected directly to OT control panels. The report highlights China as a major source of exposure, accounting for 22% of RDP and 70% of VNC servers. Forescout’s Vedere Labs stresses that secure remote access must evolve beyond simple connections to controlled workflows with real-time asset visibility to protect cyber-physical systems.
Source: Industrial Cyber
Chained Vulnerabilities in CODESYS Runtime Could Allow Root-Level Control of Industrial Devices
Nozomi Networks Labs disclosed a critical chain of three vulnerabilities in the widely used CODESYS Control runtime that enables authenticated attackers with service-level access to implant backdoors and gain root privileges on affected PLCs. The exploit targets the backup and restore functionality, bypassing code signing and encryption by extracting cryptographic keys to tamper with boot applications. This attack vector threatens PLCs deployed across manufacturing, energy, and water sectors. Patches and mandatory code signing have been released to mitigate these vulnerabilities, which align with MITRE ATT&CK ICS techniques related to firmware manipulation and operational information theft.
Source: Industrial Cyber
CISA Releases Eight ICS Advisories Covering ABB and Mitsubishi Electric Systems
On April 30, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued eight advisories addressing critical vulnerabilities in ABB and Mitsubishi Electric industrial control products widely used in water, energy, and manufacturing sectors. The advisories cover multiple ABB systems including System 800xA, PCM600, and Ability OPTIMAX, as well as Mitsubishi Electric’s FA products and MELSEC iQ-F Series modules. CISA urges immediate review and mitigation to prevent exploitation. Alongside these alerts, CISA and federal partners released guidance to support Zero Trust adoption within OT environments.
Source: CISA
CISA and Federal Partners Release Zero Trust Guidance for Operational Technology Environments
CISA, in collaboration with federal partners, published a new guide focused on adapting Zero Trust principles to OT environments, which often contend with legacy constraints, limited visibility, and strict uptime demands. The guidance emphasizes comprehensive asset visibility, enhanced identity and access management, and proactive supply chain risk mitigation. It addresses contemporary threats such as Volt Typhoon and living-off-the-land tactics, aligning with the NIST Cybersecurity Framework 2.0. The document underscores the necessity of coordinated efforts between IT, OT, and security teams, advocating layered defenses including network segmentation and rigorous vulnerability management to safeguard mission-critical operations.
Source: Industrial Cyber
U.S. Lawmakers Launch Inquiry into Cybersecurity Risks of PRC-Origin AI Models in Critical Infrastructure
The U.S. House Committees on Homeland Security and China have initiated a joint investigation into cybersecurity and national security risks posed by AI models developed in China and deployed within American critical infrastructure and defense systems. The inquiry targets models such as DeepSeek, Alibaba Qwen, Moonshot AI, and MiniMax, raising concerns about unauthorized model distillation, data exposure to PRC-linked servers, and insufficient safety controls. Letters have been sent to companies including Anysphere and Airbnb, requesting responses and briefings by mid-May 2026. This investigation highlights increasing scrutiny of AI supply chain vulnerabilities in OT and critical infrastructure sectors.
Source: Industrial Cyber
