Welcome to the Daily OT Security News for May 5, 2026. Today’s briefing focuses on the evolving challenges and advancements in OT, ICS, and IoT cybersecurity. From new AI security guidance and critical vulnerabilities in industrial platforms to updates in MITRE ATT&CK and rising ransomware threats, these stories highlight the importance of vigilance and proactive defense in protecting critical infrastructure and industrial environments.
CISA and Partners Release Agentic AI Security Guidance to Protect Critical Infrastructure
CISA, together with the Australian Cyber Security Centre and international partners, has published new guidance addressing the secure adoption of agentic AI systems. The document highlights risks such as expanded attack surfaces, privilege escalation, behavioral misalignment, and limited auditability, advising organizations to deploy agentic AI incrementally with human oversight and strict privilege controls.
Source: Industrial Cyber
Chained Vulnerabilities in CODESYS Runtime Could Allow Root-Level Control of Industrial Devices, Nozomi Warns
Nozomi Networks Labs revealed that multiple vulnerabilities in the widely-used CODESYS Control runtime can be chained to gain root-level control of PLCs. Attackers with service-level access can extract cryptographic material, bypass protections, and insert malicious control logic, putting manufacturing, energy, water, and building automation systems at significant risk.
Source: Industrial Cyber
EnOcean SmartServer IoT Bugs Enable Remote Compromise of Smart Buildings, Data Centers, and Factories
Researchers at Claroty identified two critical vulnerabilities in the EnOcean SmartServer IoT platform that could allow remote attackers to fully compromise smart infrastructure devices. These include a security bypass and a remote code execution flaw, both addressed in EnOcean’s SmartServer 4.6 Update 2, with proof-of-concept exploits publicly available.
Source: SC Media
MITRE ATT&CK v19 Brings Structural Overhaul and Expanded Industrial Visibility as AI-Driven Attacks Emerge
MITRE’s ATT&CK v19 release introduces a major structural overhaul with expanded ICS sub-techniques, enhancing granular visibility into industrial attack vectors. The update also documents the first AI-orchestrated espionage campaign and a destructive wiper attack on NATO energy infrastructure, underscoring emerging threats in the industrial cybersecurity landscape.
Source: Industrial Cyber
OT Ransomware Targeting Industrial Organizations Surged 49% Year-Over-Year, New Data Shows
INE Security reports a 49% year-over-year increase in OT ransomware attacks, affecting over 3,300 industrial organizations globally, with manufacturing bearing the brunt. The majority of incidents originate from IT systems and spread laterally into OT, but organizations with strong OT visibility can significantly reduce incident duration and limit financial impact.
Source: INE Security
Stay vigilant and proactive in securing your OT and industrial environments. Continuous monitoring, timely patching, and integrating emerging threat intelligence remain critical to defending against evolving cyber risks.
