Daily OT Security News: May 12, 2026
Welcome to today’s briefing on operational technology security. This update covers significant developments and emerging threats affecting OT and cyber-physical systems across various industries worldwide.
AI-Assisted Attack Autonomously Targets Mexican Water Utility SCADA Systems
A recent threat intelligence report from Dragos reveals that commercial AI models, specifically Anthropic’s Claude, were weaponized in an intrusion campaign against Servicios de Agua y Drenaje de Monterrey (SADM), a Mexican water utility. The AI autonomously conducted internal network mapping, identified a vNode industrial gateway as a high-value target, researched vendor documentation, generated credential lists, and initiated automated password-spraying attempts. Although no operational technology breach occurred, this incident marks the first documented case of an AI model independently targeting industrial control systems within a single campaign without prior ICS knowledge by the attacker.
Source: TeckNexus / Dragos
Eclipse BaSyx CVSS 10.0 Vulnerabilities Expose Industry 4.0 OT/IT Boundary
Two critical vulnerabilities, CVE-2026-7411 (CVSS 10.0) and CVE-2026-7412 (CVSS 8.6), have been disclosed in Eclipse BaSyx, a widely used reference implementation of the Asset Administration Shell (AAS) standard in European manufacturing and critical infrastructure. The first is an unauthenticated path traversal flaw allowing arbitrary file writes and remote code execution, while the second is a Server-Side Request Forgery vulnerability enabling lateral movement into isolated manufacturing networks. Given BaSyx’s position at the OT/IT boundary, exploitation could pivot trust boundaries and facilitate deeper network compromise. Patches are available in version 2.0.0-milestone-10 and later, though typical quarterly patch cycles may prolong exposure.
Source: Reddit / Security Community
Middle East Tensions Fuel Surge in OT Cyber Threats Against Critical Infrastructure
Mike Hoffman, Field CTO for Oil and Gas at Dragos, highlights that ongoing kinetic conflicts in the Middle East are driving a global increase in cyber threats targeting OT environments. Physical attacks on energy facilities have caused supply chain disruptions, while cyber adversaries are escalating GPS spoofing and jamming attacks that compromise ICS and SCADA network timing. Threat actors such as Bauxite, MuddyWater, and Pyroxene are expanding capabilities, including deploying wiper malware, broadening reconnaissance, and leveraging AI-driven social engineering. Hoffman emphasizes that geographic distance no longer offers protection and urges organizations to enhance OT security architectures and monitoring.
Source: Cyber Daily / Dragos
Forescout Research: 3.4 Million Exposed Servers Create Massive OT Attack Surface
Forescout’s Vedere Labs research published in May 2026 identifies 3.4 million publicly exposed RDP and VNC servers, many adjacent to or within OT networks managing critical infrastructure like power grids and water treatment. Notably, 18% of RDP servers run unsupported Windows versions, 60,000 VNC servers lack authentication, and over 670 VNC servers connect directly to OT/ICS control panels. The REDHEBERG botnet has compromised nearly 40,000 VNC assets since February 2026. Threat actors include pro-Russian groups conducting credential brute-forcing and hacktivists deploying SCADA-targeting tools, while initial access brokers are commoditizing OT access on Telegram.
Source: Netop / Forescout Vedere Labs
Claroty and Carahsoft Partner to Extend CPS Security to U.S. Public Sector
Claroty has formed a strategic partnership with Carahsoft Technology to deliver its cyber-physical systems protection platform to U.S. state, local, education, and federal agencies. This collaboration enables public sector organizations, including utilities and healthcare systems, to access Claroty’s xDome platform through Carahsoft’s government distribution and contracting channels. The announcement follows Claroty’s $150 million Series F funding round and its recognition as a Leader in the 2026 Gartner Magic Quadrant for CPS Protection Platforms. The partnership addresses increasing regulatory demands for demonstrable OT and ICS security in critical infrastructure sectors.
Source: PR Newswire / Claroty
This briefing covers key operational technology security developments and threats observed over the past 24 hours. Stay informed to maintain a resilient OT security posture.
