Critical Infrastructure

Darktrace researchers expose ZionSiphon, OT malware designed to sabotage chlorine levels and pressure controls at Israeli desalination plants. A coding error currently prevents activation.

Joint advisory AA26-097A details Iranian APT targeting Rockwell Allen-Bradley controllers across critical infrastructure. Attacks caused operational disruptions since March 2026.

All new overseas-manufactured routers prohibited from U.S. market after Volt Typhoon and Salt Typhoon exploited compromised devices. Existing routers unaffected.

CVE-2026-3611 exposes Honeywell IQ4x building management controllers with CVSS 10 severity. Default configuration allows anyone to create admin accounts.

Iranian APT group breaches US critical infrastructure using novel Dindoor malware built on Deno runtime. Symantec links campaign to MOIS.

New National Cybersecurity Strategy emphasizes offensive operations, deregulation, and emerging tech superiority. Six pillars outline federal cyber priorities through 2029.

CVE-2026-20781 exposes OCPP WebSocket endpoints to unauthenticated station impersonation, enabling attackers to manipulate EV charging infrastructure and steal energy.

SANS ISC analyzes DynoWiper's internals revealing Mersenne Twister seeding, 16-byte overwrite buffers, and directory exclusions. Technical breakdown of Sandworm's latest wiper.

Conpet, operator of 3,800km of Romanian oil pipelines, confirms cyberattack. Qilin claims 1TB of stolen data including financial records and passports.

Russian-linked gang dumps executive emails, employee IDs, and banking communications in first airline sector attack of 2026.

Analysis reveals CyberAv3ngers and other 'hacktivist' groups targeting US infrastructure are actually IRGC-controlled operations masquerading as ideological actors.

ESET researchers attribute December cyberattack on Polish energy infrastructure to Russian GRU hackers. Previously unknown wiper malware recovered.

Industrial control system vulnerabilities disclosed in Siemens RUGGEDCOM, Industrial Edge devices, Schneider EcoStruxure, AVEVA, and Festo products.

Cisco Talos exposes China-nexus APT targeting critical infrastructure with CVE-2025-53690 exploitation, credential harvesting, and potential supply chain compromise.

Pickett USA breach exposes LiDAR scans, transmission line surveys, and substation layouts for Tampa Electric, Duke Energy Florida, and American Electric Power. Asking price: 6.5 BTC.

Aurora College in Canada's Northwest Territories cancels all classes January 5-9 after cyber attack over Christmas break takes down servers, email, and e-learning systems.

CACI wins task order to modernize classified and unclassified networks at all 14 U.S. Space Force bases, implementing zero trust architecture and cloud capabilities.

Two crew members detained after cargo vessel's anchor allegedly severed Finland-Estonia telecommunications cable in suspected hybrid warfare operation.

Beyond CVSS scores, these vulnerabilities caused the most damage in 2025—from nation-state exploitation to mass ransomware campaigns and breaches affecting millions.

Oltenia Energy Complex shut down IT systems on December 26 after a ransomware attack encrypted critical documents and disrupted ERP, email, and web operations.

David Stern, the sole employee running CISA's ransomware early warning initiative, resigned December 19 after being ordered to relocate. The program had sent 2,100+ alerts in 2024.

Attackers weaponized Windows BitLocker to encrypt systems across Romanian Waters, impacting 10 of 11 river basin management organizations.

Danish intelligence attributes Z-Pentest hacktivist attack on Køge water utility to Russian state, summons ambassador over 'hybrid war' operations.

Amazon's threat intelligence team exposes and disrupts Sandworm operations targeting Western critical infrastructure through misconfigured edge devices.

Joint advisory from CISA, FBI, NSA warns of pro-Russia hacktivist groups successfully compromising SCADA systems at US water, energy, and food facilities.