Today’s cybersecurity briefing highlights escalating threats and strategic responses within the IoT, OT, ICS, and CPS domains. Key themes include targeted attacks on critical infrastructure, active exploitation of high-severity vulnerabilities, a significant rise in ransomware incidents affecting industrial environments, and government-led initiatives to enhance operational resilience.
Iranian Hackers Target US Fuel Tank Monitoring Systems
Multiple automatic tank gauge (ATG) systems at gas stations across several US states were breached, with Iranian-linked threat actors suspected. Attackers exploited exposed systems lacking password protection to alter fuel level displays, potentially masking leaks or triggering false alarms. A joint advisory from CISA, FBI, NSA, and DC3 warns of ongoing risks to critical infrastructure from these cyber operations.
Source: The Statesman
Cisco SD-WAN Zero-Day CVE-2026-20182 Actively Exploited
A critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager (CVE-2026-20182) is under active exploitation by a persistent threat group known as UAT-8616. With a CVSS score of 10.0, the flaw allows attackers to gain administrative access by impersonating trusted network routers. Cisco released a patch on May 15, and CISA has mandated federal remediation by May 17, emphasizing the severity of this threat to network infrastructure.
Source: CyberScoop
NCC Group Report Reveals Surge in OT Ransomware Attacks
NCC Group’s latest report documents 2,073 ransomware attacks on industrial organizations over the past year, making the sector the most targeted for ransomware monthly. Capital goods, machinery, and construction sectors were particularly impacted. The report underscores the critical importance of securing OT environments, as disruptions can halt production and endanger lives beyond mere data loss.
Source: Automation.com / NCC Group
Foxconn Confirms Ransomware Attack on North American Factories
Foxconn Technology Group is recovering from a ransomware incident linked to the Nitrogen group that affected several North American factories. The attackers claim to have exfiltrated 8 terabytes of data, including over 11 million files. As a major electronics contract manufacturer for leading tech companies, this breach highlights the increasing risks to manufacturing supply chains connected to OT systems.
Source: Milwaukee Journal Sentinel
CISA Launches CI Fortify Initiative to Enhance OT Isolation and Recovery
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) introduced the CI Fortify initiative to strengthen cyber defense for critical infrastructure. The program emphasizes isolating OT systems during degraded communications to maintain operational continuity and improving recovery plans through backups and contingency strategies. This initiative addresses the growing threat landscape and aims to ensure critical infrastructure can operate independently for extended periods amid conflict scenarios.
Source: MLO Online / CISA
These developments reinforce the urgent need for OT and IoT security teams to prioritize comprehensive vulnerability management, network segmentation, and incident response preparedness. As threat actors increasingly target operational environments, adopting proactive defense measures and aligning with initiatives like CI Fortify will be critical to safeguarding industrial and critical infrastructure systems.
