< ciso
brief />
Tag Banner

All news with #critical infrastructure tag

400 articles · page 8 of 20

Monthly Security Roundup — February 2026 Highlights

🔒 In February 2026 ESET Chief Security Evangelist Tony Anscombe highlights a series of notable incidents: widespread misuse of commercial generative AI, a novel Android malware campaign, increased ATM jackpotting, and destructive attacks against critical infrastructure. Researchers tied more than 600 compromised FortiGate devices in 55 countries to exposed management ports and weak credentials, while ESET documented PromptSpy, the first known Android malware abusing generative AI for context-aware UI manipulation. The FBI warned US ATM operators about a rise in jackpotting, and ESET analyzed a DynoWiper case targeting an energy company. Businesses are urged to strengthen access controls, enforce MFA, close exposed management ports, and improve monitoring for GenAI-related abuse.
read more →

Critical Juniper PTX Router Flaw Lets Attackers Gain Root

🔒 Juniper PTX core routers running Junos OS Evolved contain a critical vulnerability that can allow an unauthenticated, network-based attacker to execute code as root. The flaw is in the On-Box Anomaly detection framework, which is enabled by default and should not be externally reachable. Juniper says it is unaware of any active exploitation and urges installation of 25.4R1-S1-EVO, while recommending ACLs or firewall filters and the alternative command request pfe anomalies disable as temporary mitigations.
read more →

Tehran's Two-Tiered Internet and Its Global Risks Today

🔒Iran's January 2026 communications blackout was a comprehensive shutdown that disabled mobile networks, landlines, and even Starlink, extending beyond conventional URL blocking to dismantle both physical and logical connectivity. The regime is formalizing a two-tiered model—white SIM cards and data-center whitelists—that preserves full access for officials while isolating ordinary citizens. By removing social features and disabling local chat channels, the state aims to atomize the population and prevent real-time coordination. The author urges policy and technical measures—such as expanded humanitarian licensing and D2C satellite access—to give repressed populations resilient means of connectivity.
read more →

National Cyber Resilience in the AI Era: A Leadership Guide

🔐 This practical Q&A guide helps leaders translate evolving threats into actionable resilience measures. It highlights why national cyber security urgency has increased as adversaries shift from theft to persistent, disruptive positioning that can affect fuel, hospitals, elections, markets, and public trust. The brief recommends adoption of NIST frameworks, Zero Trust principles, and AI governance to mitigate cloud, OT, and supply chain risks. Leaders receive concise operational steps to align policy, technology, and cross‑sector coordination.
read more →

Chargemap Charging Infrastructure Vulnerabilities Reported

🔒 CISA reports multiple vulnerabilities in Chargemap's public charging infrastructure that could allow attackers to impersonate charging stations, hijack sessions, and disrupt services. The most severe issue (CVE-2026-25851) involves unauthenticated OCPP WebSocket endpoints and carries a CVSS 3.1 base score of 9.4. Chargemap did not respond to coordination; users should contact vendor support and reduce network exposure until fixes are available.
read more →

CloudCharge OCPP WebSocket Flaws Enable Station Impersonation

⚠️ CISA warns of multiple critical vulnerabilities in CloudCharge cloudcharge.se affecting OCPP WebSocket endpoints (four CVEs, highest CVSS 9.4). Exploits can enable station impersonation, session hijacking, credential exposure, and large-scale denial of service by suppressing or misrouting telemetry. CloudCharge did not respond to coordination requests; operators should apply network mitigations and restrict Internet exposure. CISA identifies Energy and Transportation sectors as at risk worldwide.
read more →

Critical OCPP WebSocket Flaws in SWITCH EV Charging

🔒 Successful exploitation of vulnerabilities in SWITCH EV charging infrastructure could allow attackers to impersonate charging stations, hijack sessions, suppress or misroute legitimate telemetry, and manipulate backend data. The advisory identifies four CVEs affecting all product versions, including CVE-2026-27767 with a CVSS 3.1 base score of 9.4 (Critical). Vendor coordination was not received; CISA recommends minimizing network exposure, isolating control-system networks, using secure remote access, and contacting the vendor for remediation status. No known public exploitation has been reported.
read more →

EV2GO ev2go.io WebSocket Auth & Session Risks

🔒 CISA reports multiple critical vulnerabilities in EV2GO ev2go.io WebSocket interfaces that allow unauthenticated actors to impersonate charging stations, hijack sessions, and manipulate backend data. Exploitation can lead to large-scale denial of service, suppression or misrouting of legitimate telemetry, and unauthorized control of charging infrastructure; affected versions are all and the highest CVSS score is 9.4. Vendor coordination was not received; operators should minimize Internet exposure, isolate ICS networks, and implement stronger authentication, session management, and rate limiting.
read more →

Pelco Sarix Pro 3 Series Authentication Bypass Advisory

🔒 CISA reports an authentication bypass vulnerability (CVE-2026-1241) affecting Pelco Sarix Professional 3 Series IP cameras running firmware <=02.52. Successful exploitation can permit unauthenticated access to live video streams and sensitive device data, creating privacy, operational, and compliance risks across multiple critical infrastructure sectors. Pelco has released firmware 02.53 to address the issue; users should update promptly and follow network hardening guidance such as isolating camera networks, minimizing internet exposure, and placing devices behind firewalls.
read more →

Copeland XWEB/XWEB Pro Multiple Critical Vulnerabilities

⚠️ Copeland has released patches addressing numerous severe vulnerabilities in XWEB and XWEB Pro appliances that may allow authentication bypass, remote code execution, denial-of-service, path traversal, and memory corruption. Affected firmware includes XWEB 300D PRO, 500D PRO, and 500B PRO running version 1.12.1 or earlier. Several issues are rated high or critical, including one pre-authentication vulnerability with a CVSS v3.1 score of 10.0. Administrators should apply vendor updates immediately and minimize device exposure on untrusted networks.
read more →

Johnson Controls Frick Quantum HD: Critical Vulnerabilities

⚠️ Johnson Controls Frick Controls Quantum HD (versions <= 10.22) contains multiple critical vulnerabilities that can allow pre‑authentication remote code execution, code injection, information disclosure, and denial of service. CISA catalogs six CVEs, including four critical code/OS injection issues (CVSS 9.1), a high severity path traversal (CVSS 7.5), and a medium severity plaintext credential issue (CVSS 6.2). The vendor designates versions 10.22–11 as legacy and recommends upgrading to Quantum HD Unity version 12 or higher, applying the vendor hardening guidance, and following network isolation and access best practices.
read more →

Critical OCPP WebSocket Flaws in Mobility46 Stations

Mobility46 charging stations running mobility46.se are affected by multiple OCPP WebSocket vulnerabilities that can allow unauthorized administrative access, session hijacking, credential exposure, and denial-of-service. Four CVEs are documented, including one critical issue with a CVSS 3.1 base score of 9.4. Mobility46 did not respond to CISA coordination; operators should isolate devices, apply network controls, and contact the vendor for guidance.
read more →

CISA: EV Energy ev.energy Vulnerabilities — Urgent Advisory

🔒 CISA warns of multiple critical and high-severity vulnerabilities in EV Energy ev.energy software that could permit unauthorized administrative control, session hijacking, credential exposure, and denial-of-service against charging stations. The advisory identifies four CVEs (including CVE-2026-27772) affecting all versions and assigns a top CVSS score of 9.4 for the most severe issue. EV Energy did not respond to coordination requests; CISA recommends vendor fixes and immediate network hardening, including minimizing Internet exposure and restricting access to charge point endpoints.
read more →

Manual Data Transfers Threaten National Security Readiness

🔒 More than half of national security organizations still rely on manual processes to transfer sensitive data, the CYBER360 report warns. The article highlights how human-dependent transfers introduce delays, audit gaps, and exploitable seams that adversaries can weaponize. It urges adoption of automated, policy-driven controls—centered on Zero Trust, data-centric protection, and cross-domain solutions—to restore speed, accountability, and mission resilience.
read more →

Cyber Conflict Targeting Society: Policy and Resilience

🛡️ In the first episode of Fortinet's Brass Tacks: Talking Cybersecurity season 2, host Joe Robertson speaks with Annita Sciacovelli, a professor of international law and cybersecurity advisor to the Italian Ministry of Defence, about how modern cyber conflict increasingly targets societies rather than only military or corporate assets. They explain that attacks on energy, transport, finance, and public administration aim to erode trust and create strategic psychological pressure, reframing cybersecurity as a public-interest challenge. The discussion highlights legal distinctions between terrorism and state use of force, the importance of ENISA, and EU frameworks such as NIS2, DORA, and the Cyber Resilience Act, while underscoring the need for cyber diplomacy, intelligence sharing, and continuous resilience-building.
read more →

Bring the Fight to the Edge: Time-Based OT Defense

🔍 Recent joint research from Palo Alto Networks, Siemens and the Idaho National Laboratory shows that most OT-impacting attacks originate in IT and manifest at the IT–OT edge. Analysts found attackers dwell an average of 185 days in precursor phases, producing detectable signals like credential abuse, reconnaissance and protocol misuse. The paper recommends edge-focused telemetry and an OT SOC-driven active defense to detect and disrupt threats before operational impact.
read more →

Record Highs in Industrial Control System Vulnerabilities

🔒 Forescout's new report finds that 2025 saw a record 508 ICS advisories covering 2,155 CVEs and a notable rise in vulnerability severity. The average CVSS for advisories rose to above 8.0 in 2024–2025, with the most affected assets including Purdue Level 1 field controllers, Level 3 operational systems and control-level devices. The vendor warns that reduced CISA advisory coverage and many untracked vulnerabilities increase OT/ICS risk and calls for greater vendor accountability and industry collaboration.
read more →

Critical Honeywell CCTV Auth Bypass Threat to Devices

🔒 CISA has issued an advisory for a critical Honeywell CCTV vulnerability tracked as CVE-2026-1670. An unauthenticated API endpoint can be abused to change the account recovery email, enabling account takeover and unauthorized access to camera feeds. The advisory lists several mid-range models; Honeywell users should contact support and limit network exposure until vendor guidance or patches are available.
read more →

Cyberattack Disrupts Deutsche Bahn Information Systems

🚨 Deutsche Bahn reported that its information and booking services, including the DB Navigator app and the bahn.de website, were disrupted by a cyberattack. The operator characterized the incident as a DDoS attack that produced intermittent outages starting Tuesday afternoon and recurring on Wednesday morning. Services were restored to a "largely stable" state after defensive measures, though temporary restrictions persisted and the company provided no details about possible perpetrators or motives. Deutsche Bahn said the measures taken helped keep customer impact as low as possible.
read more →

Munich Cybersecurity Conference 2026: Politics Meet Industry

🔐 At the Munich Cybersecurity Conference (MCSC) 2026, representatives from the White House, FBI, Europol, OECD, BSI, BND, the European Commission and Japan's National Cybersecurity Office convened to discuss the rising global cyber threat environment. Speakers emphasized the need for stronger public-private cooperation and the industrialization of cybersecurity to better protect critical digital infrastructure. Panelists warned that geopolitical tensions - notably involving North Korea, China and Russia - and transnational cybercrime demand coordinated international responses.
read more →