Today’s operational technology (OT) security landscape remains highly dynamic and challenging, with new vulnerabilities, threat actor activities, and regulatory scrutiny emerging across critical infrastructure sectors. Recent research and incident reports underscore the urgent need for robust defenses, continuous monitoring, and proactive risk management to protect industrial control systems (ICS), IoT devices, and cyber-physical systems (CPS) from sophisticated adversaries.
Forescout Finds 3.4 Million RDP and VNC Servers Exposed, Raising Risks to OT and Enterprise Networks
Forescout’s Vedere Labs has identified 1.8 million RDP and 1.6 million VNC servers accessible on the internet, including nearly 60,000 VNC servers without authentication. Alarmingly, over 670 of these unauthenticated VNC servers connect directly to OT/ICS control panels, exposing critical infrastructure to remote compromise. The REDHEBERG botnet has already infected close to 40,000 vulnerable VNC assets since February 2026, while hacktivist groups actively scan and exploit these exposures using advanced SCADA scanning tools. Manufacturing, transportation, and utilities sectors are particularly impacted by these widespread vulnerabilities.
Chained Vulnerabilities in CODESYS Runtime Could Allow Root-Level Control of Industrial Devices, Nozomi Warns
Nozomi Networks Labs disclosed a critical chain of three vulnerabilities in the CODESYS Control runtime environment that could enable attackers to gain root-level control over PLCs. Exploiting these flaws requires authenticated service-level access, allowing adversaries to extract cryptographic keys, bypass code signing, inject malicious code into boot applications, and achieve persistent root execution. Given CODESYS’s widespread deployment in manufacturing, energy, water treatment, and building automation, asset owners are strongly urged to apply patches immediately to mitigate this severe risk.
Lawmakers Open Inquiry into Cybersecurity Risks Posed by PRC-Origin AI Models Deployed in Critical Infrastructure Systems
The U.S. House Committee on Homeland Security and the House Select Committee on China have initiated a joint investigation into national security concerns surrounding Chinese AI models used in critical infrastructure. Models such as DeepSeek, Alibaba Qwen, Moonshot AI, and MiniMax are under scrutiny for potential unauthorized model distillation, embedded ideological controls, and vulnerabilities that could expose sensitive operational data. Companies like Anysphere and Airbnb have been formally requested to provide documents and participate in briefings, highlighting growing legislative focus on supply chain and AI-related risks in OT environments.
Cyber-Physical Resilience Reshaping Industrial Cybersecurity Beyond Perimeter Defense to Protect Core Processes
Industrial Cyber’s latest analysis reveals that 21% of companies experience OT cyberattacks annually, with 40% causing business disruptions and 78% of industrial control devices harboring unpatchable vulnerabilities. KPMG reports an 87% year-over-year increase in attacks targeting industrial control infrastructure. Experts from Booz Allen Hamilton, Fortinet, and Cynalytica emphasize that traditional perimeter defenses are insufficient, advocating for continuous process-level visibility, robust network segmentation, and resilience strategies focused on rapid recovery and operational continuity.
FBI Links Cybercriminals to Sharp Surge in Cyber-Enabled Cargo Theft Attacks
The FBI has issued a warning to the transportation and logistics sector regarding a significant rise in cyber-enabled cargo theft, with losses reaching $725 million in 2025—a 60% increase over the previous year. Attackers exploit freight broker accounts via phishing, post fraudulent listings, and reroute shipments using stolen carrier credentials. The Diesel Vortex group has been identified as a key threat actor, operating 52 phishing domains since September 2025. The FBI recommends implementing multi-factor authentication, out-of-band shipment verification, and monitoring FMCSA registrations to mitigate these risks.
As these developments demonstrate, the OT and ICS security landscape demands constant vigilance and adaptive defense strategies. Organizations must prioritize timely patching, comprehensive monitoring, and resilience planning to safeguard critical infrastructure against increasingly sophisticated cyber threats.
