As operational technology (OT), industrial control systems (ICS), and Internet of Things (IoT) devices continue to integrate more deeply into critical infrastructure, the security landscape grows increasingly complex and high-risk. Attackers are exploiting both legacy vulnerabilities and emerging supply chain weaknesses, emphasizing the need for vigilant defense and rapid response.
Palo Alto PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Added to CISA KEV
A critical authentication bypass vulnerability in Palo Alto Networks PAN-OS GlobalProtect (CVE-2026-0257, CVSS 9.8) has been actively exploited since May 17, 2026. Rapid7 confirmed multiple successful intrusions where attackers forged valid VPN session cookies due to shared certificates, enabling full internal network access. CISA added the vulnerability to its Known Exploited Vulnerabilities catalog on May 29, 2026, with a federal remediation deadline set for June 10, 2026.
Source: ThreatAft
CISA Adds Three Software Supply Chain Vulnerabilities to Known Exploited Vulnerabilities Catalog
On May 27, 2026, CISA included three actively exploited supply chain vulnerabilities targeting Daemon Tools Lite, the TanStack npm ecosystem, and Nx Console developer tooling. Attackers leveraged trusted distribution channels—including digitally signed installers, official npm registries, and IDE extension marketplaces—to deliver malicious code. These incidents highlight a growing trend of compromising upstream software pipelines rather than attacking exposed services directly.
Source: Integrity360 Insights
IoT Device with Hardcoded Credentials Exposes Industrial Networks: CVE-2026-7786 in USR-W610 RS232/485 Converter
A critical vulnerability (CVE-2026-7786) has been disclosed in the USR-W610 RS232/485 to Wi-Fi/Ethernet converter, widely used to connect legacy industrial equipment to IP networks. The device firmware contains plaintext administrative credentials, extractable through analysis and usable for remote authentication. This persistent CWE-798 weakness enables attackers to maintain unauthorized access to industrial bridging devices, posing significant risks to OT environments.
Source: The Hacker Wire
Ubiquiti Patches Three Maximum-Severity (CVSS 10.0) Flaws in UniFi OS Affecting Network Infrastructure
Ubiquiti has released a critical advisory fixing five vulnerabilities in UniFi OS, including three rated with the maximum CVSS score of 10.0. These flaws enable unauthenticated, network-adjacent attackers to perform unauthorized system modifications, directory traversal, and arbitrary command execution. Given UniFi OS’s widespread deployment in enterprise security and industrial settings, these patches are crucial for securing OT and IoT-adjacent infrastructure.
Source: SANS NewsBites
State-Sponsored Threat Actors Increasingly Targeting OT Systems Directly as IT/OT Convergence Expands Attack Surface
A May 2026 analysis reveals that state-sponsored actors now prioritize industrial control systems—including PLCs, SCADA, and HMIs—as primary targets rather than collateral victims. The blending of IT and OT networks through remote monitoring and ERP integration has reduced traditional air-gap protections. Experts warn that over-permissioned and seldom audited vendor remote access accounts represent a critical and underaddressed vulnerability in OT cybersecurity.
Source: MetroTechs
Stay vigilant and proactive—securing OT environments demands continuous monitoring and timely patching to combat evolving threats in the converged IT/OT landscape.
