< ciso
brief />
Tag Banner

All news with #critical infrastructure tag

400 articles

UK unveils AI-driven national Cyber Shield

🔒 The UK’s NCSC and DSIT unveiled a blueprint called Cyber Shield to deploy autonomous AI agents that detect and neutralize cyberattacks at machine speed. The plan uses cooperating “red” and “blue” agents to identify weaknesses, detect threats and progressively automate remediation while operating under organizational control. The initiative emphasizes explainable and federated AI, industry partnerships, and a staged rollout beginning with government and critical sectors.
read more →

Ubiquiti patches max-severity UniFi OS flaws

🔒 Ubiquiti released updates addressing seven critical UniFi OS vulnerabilities, including a maximum-severity command injection flaw (CVE-2026-50746) in the UniFi Connect Application. The flaw affects versions 3.4.16 and earlier and could allow a network-based attacker to execute commands on the host. Users are advised to upgrade UniFi Connect to version 3.4.20 or later. Six additional critical issues across UniFi Talk, Access, Protect, UniFi OS Server, and multiple devices were also patched.
read more →

NCSC unveils Cyber Shield: agentic AI for defence

🔒 The UK National Cyber Security Centre (NCSC) has launched the Cyber Shield initiative to build a national cyber-defence capability powered by agentic AI. The project will use coordinated red and blue agents to discover and mitigate vulnerabilities at scale, enable national automated scanning, and support real-time intelligence sharing. The NCSC says success requires partnerships with government, critical infrastructure and frontier AI providers.
read more →

Over 900 Oracle E-Business instances exposed online

🔒 Over 900 Oracle E-Business Suite (EBS) instances were found exposed online amid active attacks exploiting a critical File Transmission flaw in Oracle Payments (CVE-2026-46817). The vulnerability permits unauthenticated HTTP takeover, and Oracle released patches in its May 2026 Critical Security Patch Update, urging immediate remediation. Threat intelligence firm Defused reported active exploitation observed on honeypots, while Shadowserver noted roughly 950 exposed instances and the extent of patching remains unclear.
read more →

Monthly security roundup — June 2026 highlights

🔍 ESET Chief Security Evangelist Tony Anscombe reviews key cybersecurity stories from June 2026, assessing implications for defenders. He covers new CISA vulnerability patching rules, attacks on Internet-exposed automatic tank gauge (ATG) systems, rising imposter-scam losses reported by the FTC, and proposed UK and Canada social media bans for under-16s. Tony outlines lessons for organizations beyond federal agencies and practical steps to reduce risk.
read more →

Practical Zero Trust Plan for OT: 90‑Day Roadmap

🔒 The article reframes zero trust for operational technology (OT) by focusing on practical, non‑disruptive steps that align with regulatory requirements and operational realities. It proposes a 90‑day plan: Days 1–30 prioritize mapping assets and identities at IT/OT boundaries; Days 31–60 contain vendor remote access to gain early wins; Days 61–90 build a simple maturity scorecard and narrative. The approach emphasizes targeted controls, governance alignment, and measurable progress rather than abstract architectures.
read more →

CISA warns of critical Ubiquiti and Lantronix flaws

🔒 CISA has added four high-severity vulnerabilities to its Known Exploited Vulnerabilities catalog, including three Ubiquiti UniFi OS flaws and a Lantronix EDS5000 command injection. The agency's BOD 26-04 requires federal agencies to apply fixes or mitigations within three days. Vendors have released patches and detection guidance, and researchers provided proof-of-concept chaining and a detection script to help defenders identify affected devices.
read more →

MPs Warn UK Museums Face Cybersecurity Shortfalls

🛡️ Parliament’s Public Accounts Committee has criticised the Department for Culture, Media and Sport for a reactive approach to cybersecurity, leaving national galleries and museums exposed. The PAC highlighted incidents including a ransomware attack on the British Library and thefts from the British Museum as evidence of systemic failings. It calls on DCMS to set out concrete actions, share lessons across the sector, and address skills shortages and legacy technology.
read more →

Executive Order Accelerates Post‑Quantum Readiness

🔒 The White House Executive Order signed June 22, 2026 mandates migration of federal systems to NIST‑approved post‑quantum cryptography, setting milestones for key establishment by 2030 and digital signatures by 2031. It extends urgency to critical infrastructure, federal contractors, and procurement, highlights "harvest now, decrypt later" risk, and calls for cryptographic bill of materials guidance to drive visibility and operational readiness.
read more →

NCSC: 75% of CNI Incidents Linked to Hostile States

🛡️ Richard Horne, CEO of the UK National Cyber Security Centre, told the RUSI Annual Security Lecture that three-quarters of cyber incidents affecting UK critical national infrastructure over the past year were traced to nation-state actors or hostile states. The NCSC handled around 200 incidents between June 2025 and May 2026, with threats described across three contested digital spaces: far, mid and near. Horne warned that AI and cloud supply-chain exploitation increase attacker scale and urged organisations to prioritise continuous defence, fix legacy vulnerabilities and close IT-OT knowledge gaps.
read more →

India’s Telegram Ban, BGP Fallout and Workarounds

📰 India blocked Telegram until June 22 after leaked exam materials circulated on the platform, prompting Telegram CEO Pavel Durov to allege BGP hijacking by Reliance that affected users as far as the UAE. The ban, and an additional restriction on message editing, prompted legal challenges and criticism from digital-rights groups calling the move disproportionate. Analysts confirmed a routing leak from AS18101 via FLAG Telecom but dispute claims of deliberate sabotage; MTProto proxies are recommended to restore access.
read more →

EU Cybersecurity Reserve Extended to Ukraine

🛡️ The Council of the EU approved Ukraine’s inclusion in the EU Cybersecurity Reserve on June 16, allowing the Ukrainian government to request emergency EU cyber support for large-scale incidents. Managed by ENISA, the reserve leverages 47 trusted private providers who passed an ownership control assessment. The initiative is funded under the Digital Europe Work Programme 2025–2027 and grounded in the EU Cyber Solidarity Act.
read more →

Protecting Legacy OT Systems From Modern Threats

🔒 Manufacturing facilities often rely on long-running operational technology (OT) that was built for stability, not security. As IT and OT converge, previously isolated systems face increased exposure to internet-borne attacks, ransomware, and supply-chain disruption. Effective defenses start with asset visibility, careful deployment choices, network protections for agentless devices, and long-term vendor support to mitigate risks without disrupting production.
read more →

Anubis Ransomware Targets Adriatic Port Authority

🔒 New analysis from Resecurity details a ransomware attack by the Anubis group that targeted the Adriatic Port Authority, operator of Ancona port. The breach, traced to December 11, 2025 and publicly claimed by Anubis in January 2026, reportedly affected about 2% of the authority's data while backups preserved most records. Resecurity says the incident disrupted operations, forced vessel rerouting, and involved a reported $10m Bitcoin ransom demand, with sensitive safety and security plans among the stolen files.
read more →

Short lapse in Section 702 surveillance affects US monitoring

🔍 Congress failed to extend Section 702 of the Foreign Intelligence Surveillance Act, creating a short pause in warrantless monitoring of foreign communications. The extension vote was rejected, leaving surveillance put on hold until the next possible vote on June 28, and creating uncertainty about immediate intelligence collection practices. CISOs should note potential impacts on cross-border communications and legal challenges ahead.
read more →

Japanese energy firm loses drive with 10.9M accounts

🔒 Kyushu Electric Power disclosed a physical security incident after an external backup drive containing private data for up to 10.9 million accounts went missing from a server room cabinet. The company said the drive was used on April 27 due to storage capacity limits and was found absent on May 26 when staff returned. The lost data reportedly includes customer names, addresses, usage data, phone numbers, and retail provider names, but not bank or credit card details. Authorities and Japan’s privacy commission have been notified, and an investigation and individual notifications are underway.
read more →

Critical IoT Platform Flaws Enable Device Takeover

🔒 CISA published an advisory on multiple critical vulnerabilities in the Naxclow IoT Platform that allow device impersonation, credential exposure, and fleet enumeration. A replayable onboarding flow and inadequate authorization let attackers reassign devices, while persistent, non-rotating relay credentials enable long-term access. Additional weaknesses include a hard-coded platform salt for request signing, predictable device identifiers, and cleartext Wi‑Fi secrets exposed via UART.
read more →

Ivanti patches critical Sentry gateway vulnerabilities

🔒 Ivanti patched two critical vulnerabilities in Ivanti Sentry, an in-line secure mobile gateway formerly called MobileIron Sentry, that could allow unauthenticated remote attackers to take full control of devices. One flaw, CVE-2026-10523, lets attackers bypass authentication to create administrative accounts and is rated 9.9/10. The second, CVE-2026-10520, is a command injection leading to root remote code execution and is rated 10/10. Customers should upgrade to versions 10.5.2, 10.6.2, or 10.7.1 immediately.
read more →

China-linked JDY botnet broadens US military focus

🛡️ JDY is a distributed reconnaissance botnet tied to China-nexus actors that has expanded from ~650 to over 1,500 compromised SOHO and IoT devices, with a heavy focus on U.S. military and associated networks. Researchers at Black Lotus Labs observed JDY rapidly scanning for newly disclosed vulnerabilities, collecting banners, TLS certificates, and protocol fingerprints. The botnet uses Tor-hidden services and a central Dispatch Service to receive scanning tasks and exfiltrate results, and supports TCP/SSL/UDP/ICMP scanning plus service fingerprinting.
read more →

Military used GPS to distribute cryptographic keys

🔍 Steven Murdoch uncovered that U.S. military satellites have been broadcasting hidden codes via public GPS for nearly two decades, effectively turning each satellite into a covert distribution channel. He identified synchronized transmissions across all 31 operational satellites on May 26, 2011, matching the rollout timeline of the military’s Over-the-Air Distribution (OTAD) and Over-the-Air Rekeying (OTAR) systems. This mechanism allowed remote rekeying of military GPS receivers, replacing manual key distribution.
read more →