< ciso
brief />
Tag Banner

All news with #critical infrastructure tag

400 articles · page 2 of 20

French government messaging platform breached by hijack

🔐 DINUM warned that a hijacked user account was used to breach Tchap, the French government's encrypted messaging platform. Developed with ANSSI in 2018 on the Matrix protocol, Tchap serves the French public sector and has grown rapidly since its mandated adoption in August 2025. DINUM and CNIL were alerted after ANSSI detected the intrusion and the compromised account was promptly blocked while investigations continue. A threat actor claimed responsibility and shared samples, alleging large-scale data and message exfiltration.
read more →

White House EO Aligns AI Policy with Cybersecurity

🔒 The White House Executive Order on advanced AI seeks practical public–private coordination to address AI-driven cyber risks while preserving innovation. It prioritizes voluntary model assessments, improved federal defenses, faster vulnerability discovery and remediation, and expanded cybersecurity talent. Successful implementation will hinge on operationalizing AI-assisted defense, translating insights into timely guidance and mitigations, and supporting resource-constrained critical infrastructure operators.
read more →

Critical UniFi OS bug enables unauthenticated root access

🔒 Researchers found that three fixed flaws in UniFi OS Server (CVE-2026-34908, CVE-2026-34909, CVE-2026-34910) can be chained to achieve remote code execution with root privileges on versions 5.0.6 and earlier. Bishop Fox validated the full attack path on a live instance, showing an authentication bypass via URI normalization differences and a subsequent command injection that escalates to root due to passwordless sudo. A detection script and guidance are available; upgrade to 5.0.8 or later.
read more →

Resilience and Self-Reliance in Cyber Conflict

🛡️ Dmytro Kuleba, Ukraine’s former foreign minister, told Infosecurity Europe that preparation, resilience and self-reliance are crucial for cybersecurity professionals facing wartime threats. He cited KyivStar’s rapid recovery from a December 2023 hack and stressed the value of wargaming and muscle-memory incident response. Kuleba warned that innocuous services such as CRMs can be weaponized and urged businesses to distrust products from potential adversaries.
read more →

CISA warns of attacks on fuel tank monitoring systems

🔒 CISA and multiple US agencies warn that internet-exposed automatic tank gauge (ATG) systems used to monitor fuel and liquid storage tanks are being targeted by cyber actors. The advisory notes attackers exploit authentication bypasses, hardcoded credentials, command-execution flaws, SQL injection, and privilege-escalation vulnerabilities. If compromised, attackers can alter network and tank settings, disable alerts, and impair monitoring, increasing risk to safety and operations. Agencies recommend blocking public access, enforcing strong credentials and MFA, applying updates, and monitoring for unauthorized changes.
read more →

Anthropic expands Project Glasswing to 150 more firms

🔎 Anthropic has added 150 additional companies to its Project Glasswing initiative, prioritizing critical infrastructure sectors like power, water, healthcare, communications, and hardware. Analysts view the expansion positively for increasing vulnerability discovery, but warn of a remediation bottleneck: vendors and SOCs may struggle to validate, prioritize, and patch a potential 10x or greater increase in findings. Experts emphasize the need for confidence scoring, automation, and third-party validation to maintain trust and ensure timely remediation.
read more →

NCSC: Act Now to Build Cyber Resilience

🔒 Paul Chichester of the NCSC warned at Infosecurity Europe that escalating technological change, geopolitical tensions and evolving threats make predicting cyber risk harder than ever. He highlighted hyper-connectivity, rapid tech transformation and state-backed cyber operations as key challenges, and urged stronger public-private collaboration. Chichester praised the Cyber Security and Resilience Bill and called for practical steps like reducing attack surface, addressing legacy systems, enforcing access controls and running incident exercises.
read more →

CISA and Partners Urge Hardening of ATG Systems

🔒 The Cybersecurity and Infrastructure Security Agency (CISA), alongside multiple federal partners, warns of malicious cyber activity targeting internet-exposed automatic tank gauge (ATG) systems used across energy, chemical, food and agriculture, and transportation sectors. The advisory outlines observed tactics—such as authentication bypass, command execution, and privilege escalation—and urges owners to remove ATG devices from public internet exposure, apply patches, enforce strong credentials, and monitor device logs. It also lists reporting contacts and mitigation resources.
read more →

Monthly security roundup: May 2026 highlights

🎥 ESET Chief Security Evangelist Tony Anscombe reviews major cybersecurity stories from May 2026, focusing on industrial control system intrusions, an AI-directed data theft, a Google-reported AI-developed zero-day, and crypto kiosk scams. He outlines attack vectors such as weak passwords and internet-exposed systems, notes the partial failure of an IT-to-OT escalation, and previews mitigation advice for defenders. Watch Tony’s video for practical recommendations and refer to the April edition for additional context.
read more →

Attack Surface and Cyber Risks for FIFA 2026

📘 The 2026 FIFA World Cup spans 39 days across 16 host cities in three nations, creating a vast temporary tournament network layered on existing stadium and municipal infrastructure. This assessment warns of high likelihoods for disruptive intrusions, large-scale fraud and politically motivated DDoS and hack-and-leak operations. Key drivers include Iran-nexus disruptive campaigns, pro-Russian hacktivist DDoS activity and financially motivated cybercrime targeting fans and the hospitality ecosystem.
read more →

ESET APT Activity Report Q4 2025–Q1 2026

📄 ESET summarizes notable APT activity observed between October 2025 and March 2026, highlighting China-, Iran-, North Korea-, and Russia-aligned operations alongside unattributed clusters. The report illustrates geopolitical drivers behind campaigns, describes new tooling and supply-chain compromises such as a trojanized axios package, and notes destructive incidents impacting critical infrastructure. ESET confirms protections by its products and notes the report reflects a subset of its Threat Intelligence.
read more →

Dutch raid seizes servers, arrests hosting co-owners

🛡️ Dutch authorities arrested two co-owners of related hosting companies and seized over 800 servers on May 18, alleging they operated infrastructure used by Russia for cyberattacks and influence operations targeting the EU. The arrests follow investigative reporting that linked MIRhosting and WorkTitans to Stark Industries, an ISP sanctioned by the EU for facilitating DDoS, proxy, and anonymity services tied to Russia-backed actors. Officials searched businesses and data centers and charged the suspects with violating sanctions law by making economic resources available to sanctioned entities. Both suspects deny wrongdoing and one company says it has paused services to the implicated client pending internal review.
read more →

Netherlands seizes servers tied to hosting firm

🔎 Financial crime investigators in the Netherlands (FIOD) arrested two men and seized 800 servers linked to a web hosting company accused of enabling cyberattacks, interference operations, and disinformation campaigns. Authorities say the suspects provided resources indirectly to Russian and Belarusian entities sanctioned by the EU, and that infrastructure was moved to a front company after sanctions. Raids recovered servers, laptops, phones, and records across multiple Dutch data centers.
read more →

Critical Cisco Secure Workload vulnerability demands immediate patch

🔒 A critical vulnerability in the on-premises Cisco Secure Workload platform can let a remote, unauthenticated attacker gain site admin privileges by sending a crafted HTTP request to an internal REST API. Cisco assigned CVE-2026-20223 a CVSS score of 10.0 and says the issue stems from insufficient validation and authentication of REST API access. Only on-prem deployments must act immediately by upgrading to the patched versions; SaaS has already been fixed. Cisco reported no known exploitation in the wild at the time of disclosure.
read more →

Threat-Informed OT Security for Critical Infrastructure

🔒 Operational technology (OT) environments differ fundamentally from IT and demand a threat-informed approach to security that balances safety, uptime, and continuity. Traditional IT controls can disrupt industrial processes, so visibility, asset context, segmentation, and collaboration between IT and OT teams are essential. Fortinet recommends phased, visibility-first segmentation aligned with ISA/IEC 62443, OT-aware policies, passive discovery, and tailored protections such as virtual patching and secure remote access.
read more →

Analysis: Fast16 Malware Targeted Nuclear Simulations

🔎 Symantec and Carbon Black confirm the Lua-based fast16 malware was a pre-Stuxnet sabotage tool designed to corrupt nuclear weapons testing simulations. The threat specifically targets high-explosive runs in LS-DYNA and AUTODYN, activating only when simulated material density reaches ~30 g/cm³. With 101 hook rules organized into 9–10 groups, the framework tracked software versions and spread laterally while avoiding some security products, indicating a methodical, long-running operation.
read more →

Universal Robots Polyscope 5 Command Injection Fix

⚠️ A critical OS command injection in the Dashboard Server of Universal Robots Polyscope 5 (CVSS 9.8) allows unauthenticated attackers to execute commands on the robot's operating system. Affected releases are versions prior to 5.25.1; the vendor has issued Polyscope 5 v5.25.1 as a corrective update. CISA advises immediate patching and network defenses including segmentation, firewalling, and limiting internet exposure.
read more →

Siemens Ruggedcom Rox Improper Access Control Flaw

⚠ The Siemens Ruggedcom Rox product contains an improper access control vulnerability in its web server JSON‑RPC interface that can allow an authenticated remote attacker to read arbitrary files on the underlying operating system with root privileges. Siemens has released updates and advises customers to upgrade to V2.17.1 or later. The issue is tracked as CWE-88 and CISA has republished the vendor advisory to increase visibility. Administrators should restrict network access and follow Siemens' operational security guidance.
read more →

Siemens Ruggedcom Rox OS Command Injection Fix Released

⚠ An input validation vulnerability in the feature key installation process of Siemens Ruggedcom Rox allows an authenticated remote attacker to inject OS commands and achieve arbitrary code execution with root privileges. Siemens has released updates and advises customers to upgrade affected devices to V2.17.1 or later without delay. CISA and Siemens recommend isolating control networks, restricting access, and following Siemens' operational guidelines to reduce exposure.
read more →

Siemens Ruggedcom Rox OS Command Injection Advisory

⚠️An input validation vulnerability in the Scheduler feature of Siemens Ruggedcom Rox devices allows an authenticated remote attacker to inject OS commands via the device's Web UI. Successful exploitation can execute arbitrary commands with root privileges on the underlying operating system. Siemens has released updates and recommends upgrading to V2.17.1 or later; CISA urges operators to apply the patch and implement network protections such as firewalls, isolation, and secure remote access.
read more →