Welcome to the Daily OT Security News for May 03, 2026. Today’s briefing focuses on critical developments in OT, ICS, and IoT cybersecurity, emphasizing the evolving strategies for industrial resilience, emerging vulnerabilities in widely used control systems, the persistent exposure of remote access services, geopolitical concerns over AI in critical infrastructure, and the latest insights into ransomware’s impact on manufacturing. Staying informed on these trends is essential for securing complex operational environments against increasingly sophisticated threats.
Cyber-Physical Resilience Reshaping Industrial Cybersecurity Beyond Perimeter Defense
Industrial cybersecurity experts advocate moving beyond perimeter-focused protections to securing the integrity of core industrial processes. Recent data shows that 21% of companies experience OT cyber attacks annually, with 40% causing business disruptions, while 78% of industrial control devices harbor unpatchable vulnerabilities. Specialists from Booz Allen Hamilton, Fortinet, and Cynalytica stress that true resilience requires full asset visibility, continuous anomaly monitoring, and rapid operational recovery within hours rather than weeks.
Source: Industrial Cyber
Chained Vulnerabilities in CODESYS Runtime Could Allow Root-Level Control of Industrial Devices, Nozomi Warns
Nozomi Networks Labs has revealed a chain of three vulnerabilities in the widely adopted CODESYS Control runtime that could enable an authenticated attacker with limited privileges to implant backdoors and gain root-level control over PLCs. The exploit abuses backup and restore functions to inject malicious code that executes with root access after device reboot. Given the widespread use of CODESYS PLCs in sectors such as manufacturing, energy, and water systems, this vulnerability poses significant risks to physical process integrity and safety.
Source: Industrial Cyber
Forescout Finds 3.4 Million RDP and VNC Servers Exposed, Raising Risks to OT and Enterprise Networks
Forescout’s Vedere Labs research identifies 1.8 million RDP and 1.6 million VNC servers exposed to the internet, including nearly 60,000 VNC servers with no authentication enabled. Over 670 of these unprotected VNC servers connect directly to OT and ICS control panels. Additionally, more than 19,000 RDP servers remain vulnerable to the BlueKeep exploit, while the REDHEBERG botnet has compromised nearly 40,000 exposed VNC assets since February. Threat actors and hacktivist groups are actively sharing tools to exploit these weaknesses, with some advertising access to exposed SCADA systems for sale.
Source: Industrial Cyber
U.S. Lawmakers Open Joint Inquiry into Cybersecurity Risks Posed by PRC-Origin AI Models in Critical Infrastructure
The U.S. House Committee on Homeland Security and the House Select Committee on China have initiated a joint investigation into potential national security risks from Chinese-developed AI models used in critical infrastructure and commercial products. Concerns focus on PRC providers repurposing U.S. frontier AI capabilities without adequate safety controls in models such as DeepSeek, Alibaba’s Qwen, Moonshot AI, and MiniMax. The inquiry has issued document requests to companies including Anysphere and Airbnb, with responses expected between May 13 and 20, 2026.
Source: Industrial Cyber
Resilience Report: Manufacturing Leads Global Cyberattack Targets as Ransomware Dominates Financial Losses
A new report from cyber insurer Resilience, analyzing nearly five years of claims, confirms manufacturing as the most targeted sector for cyberattacks, with ransomware causing over 90% of financial losses despite representing only 12% of claims. Misconfigured multi-factor authentication alone accounts for roughly 26% of losses. The report also warns that connected IoT devices in manufacturing will more than double by 2030, expanding the attack surface, and urges prioritizing MFA audits, vulnerability management, and robust IT/OT segmentation to mitigate ransomware risks.
Source: Industrial Cyber
As threats to OT and IoT environments continue to evolve, maintaining vigilance and proactive defense strategies is critical. Viakoo is here to help secure your operational infrastructure with comprehensive solutions that enhance visibility, resilience, and rapid incident response. Contact us today to strengthen your security posture and safeguard your industrial assets.
