✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨
Manufacturing
Breach intelligence, attack campaigns, and threat reports targeting the Manufacturing sector.
Explore Other Sectors
Manufacturing Threat Reports
Critical Vulnerability in Lantronix EDS5000 Devices Actively Exploited
In June 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about active exploitation of a critical vulnerability in Lantronix EDS5000 Series devices. Identified as CVE-2025-67038 with a CVSS score of 9.8, this code injection flaw allows unauthenticated attackers to execute arbitrary OS commands with root privileges by exploiting improper input sanitization in the HTTP RPC module. The vulnerability was disclosed in April 2026 as part of the BRIDGE:BREAK set of vulnerabilities affecting serial-to-IP converters from Lantronix and Silex. The active exploitation of CVE-2025-67038 underscores the increasing targeting of IoT devices in critical infrastructure. Organizations must prioritize patching vulnerable systems and implementing robust input validation to mitigate such risks.
1 day ago
Kill Chain
INC Ransomware's 2026 Surge: A Growing Threat to Sensitive Sectors
In early 2026, the INC ransomware group, a ransomware-as-a-service (RaaS) operation active since mid-2023, intensified its attacks across various sectors, notably healthcare, education, and government entities. Utilizing double extortion tactics, INC affiliates gained initial access through spear-phishing campaigns and exploitation of vulnerabilities in external services. Once inside, they conducted internal reconnaissance using tools like NETSCAN.EXE and AnyDesk.exe, exfiltrated sensitive data, and deployed ransomware to encrypt systems, pressuring victims into paying ransoms to prevent data leaks. ([explore.ontolocy.com](https://explore.ontolocy.com/intel/intrusion-sets/inc-ransomware-group/?utm_source=openai)) This surge in INC's activities underscores the evolving ransomware landscape, where groups leverage RaaS models to scale operations rapidly. The focus on sectors with sensitive data highlights the critical need for organizations to bolster defenses against such multifaceted threats.
1 week ago
Kill Chain
Critical Security Flaw in Jinan USR IOT's USR-W610 Converter Exposes Networks to Attack
In May 2026, a critical vulnerability (CVE-2026-7786) was identified in Jinan USR IOT Technology Limited's USR-W610 RS232/485 to Wi-Fi/Ethernet Converter, firmware version 7.03T.07. The device contains hard-coded plaintext administrative credentials embedded within the firmware, which can be extracted and used by attackers to gain full administrator access. This flaw poses significant risks, including unauthorized control over the device and potential network intrusion. The vendor has not responded to coordination attempts, leaving users without an official patch or remediation guidance. This incident underscores the persistent issue of hard-coded credentials in IoT devices, a vulnerability that has been exploited in various sectors, leading to unauthorized access and control. The lack of vendor response highlights the challenges in securing IoT devices, emphasizing the need for proactive security measures and regular vulnerability assessments to mitigate such risks.
3 weeks ago
Kill Chain
State of Ransomware in 2026: Emerging Trends and Tactics
In 2025, ransomware attacks evolved significantly, with a notable rise in 'encryption-less' extortion tactics where attackers exfiltrate sensitive data and threaten its release without encrypting files. Additionally, some ransomware groups began adopting post-quantum cryptography to secure their operations against future quantum computing threats. ([kaspersky.com](https://www.kaspersky.com/about/press-releases/international-anti-ransomware-day-2026-kaspersky-shares-insights-into-ransomware-trends-and-tactics?utm_source=openai)) These developments underscore the increasing sophistication of ransomware operations, highlighting the need for organizations to enhance their cybersecurity measures to protect against data breaches and ensure compliance with evolving regulatory standards.
1 month ago
Kill Chain
Critical Security Vulnerabilities Discovered in ABB AWIN Gateways
In March 2026, ABB disclosed multiple vulnerabilities in its AWIN Gateways, specifically affecting firmware versions 2.0-0 and 2.0-1 on the GW100 rev.2, and versions 1.2-0 and 1.2-1 on the GW120. These vulnerabilities include authentication bypass by capture-replay (CVE-2025-13777), missing authentication for critical functions leading to remote device reboot (CVE-2025-13778), and unauthorized access to system configurations revealing sensitive details (CVE-2025-13779). Exploitation of these flaws could allow attackers to gain unauthorized access, disrupt device operations, and expose confidential information. ([library.e.abb.com](https://library.e.abb.com/public/3df44661342a482f9b39595fb1457446/4JNO000329_A_en%20Vulnerabilities%20in%20Embedded%20Webserver.pdf?x-sign=hpo%2FlHiVW9S%2FJFfI7on%2BhNiDyo6eVzQkPp6%2BJB4nbIGqiVRH4VpRTPwCRDjUFbLP&utm_source=openai)) The disclosure underscores the critical need for robust security measures in industrial control systems, as such vulnerabilities can have significant operational and safety implications. Organizations utilizing ABB AWIN Gateways should promptly apply the recommended firmware updates and review their network security protocols to mitigate potential risks.
1 month ago
Kill Chain
Critical Vulnerability in Hugging Face's LeRobot Exposes Systems to Remote Code Execution
In April 2026, a critical vulnerability (CVE-2026-25874) was identified in Hugging Face's open-source robotics platform, LeRobot. This flaw, stemming from unsafe deserialization practices using Python's pickle module over unauthenticated gRPC channels, allows unauthenticated attackers to execute arbitrary code on both policy servers and robot clients. Exploitation can lead to full system compromise, data theft, and potential physical safety risks due to the nature of robotic operations. This incident underscores the persistent risks associated with deserializing untrusted data, especially in AI and robotics platforms. It highlights the necessity for secure coding practices, robust authentication mechanisms, and the importance of timely patching to mitigate such vulnerabilities.
1 month ago
Kill Chain
Backdoor.MSIL.XWorm Phishing Campaign Compromises ICS Globally in Q4 2025
In Q4 2025, a significant phishing campaign known as "Curriculum-vitae-catalina" targeted HR personnel globally. Attackers sent emails disguised as job applications, with subjects like "Resume" or "Attached Resume," containing malicious attachments named "Curriculum Vitae-Catalina.exe." When executed, these files installed the Backdoor.MSIL.XWorm malware, granting remote control over infected systems. The campaign unfolded in two waves: the first in October affecting regions including Russia, Western Europe, South America, and Canada; the second in November impacting other areas. The attack subsided by December. Regions with historically high email threat rates, such as Southern Europe, South America, and the Middle East, reported the highest infection rates. In Africa, the malware also spread via USB devices connected to ICS computers. ([securelist.com](https://securelist.com/industrial-threat-report-q4-2025/119392/?utm_source=openai)) This incident underscores the evolving sophistication of phishing attacks targeting industrial control systems (ICS). The widespread distribution and rapid propagation of Backdoor.MSIL.XWorm highlight the critical need for enhanced email security measures and user awareness training to mitigate such threats.
2 months ago
Kill Chain
Black Basta Affiliates Resurface with Targeted Social Engineering Attacks in 2026
In April 2026, a group of former Black Basta affiliates initiated a sophisticated social engineering campaign targeting over 100 employees across multiple organizations. The attackers employed mass email bombing and impersonated IT support via Microsoft Teams to gain unauthorized access to networks, aiming for data theft, ransomware deployment, and extortion. Notably, approximately 75% of the targets were senior executives, directors, and managers, indicating a strategic focus on high-privilege accounts. ([cyberscoop.com](https://cyberscoop.com/black-basta-affiliates-senior-executives-reliaquest/?utm_source=openai)) This resurgence underscores the persistent threat posed by disbanded cybercriminal groups reassembling or reusing effective tactics. The campaign's rapid execution and automation highlight the evolving sophistication of social engineering attacks, emphasizing the need for organizations to bolster their cybersecurity defenses and employee awareness programs. ([cyberscoop.com](https://cyberscoop.com/black-basta-affiliates-senior-executives-reliaquest/?utm_source=openai))
2 months ago
Kill Chain
FBI's 2025 Internet Crime Report: A 26% Surge in Cybercrime Losses
In 2025, the FBI's Internet Crime Complaint Center (IC3) reported a significant surge in cybercrime, with total losses reaching $20.9 billion—a 26% increase from the previous year. The center received over one million complaints, marking a 17% rise compared to 2024. Investment-related fraud led to losses of nearly $8.65 billion, while business email compromise accounted for almost $3.05 billion. Phishing remained the most reported cybercrime, followed by extortion and personal data breaches. ([cyberscoop.com](https://cyberscoop.com/fbi-internet-crime-complaint-center-annual-cybercrime-report/?utm_source=openai)) This escalation underscores the growing sophistication of cybercriminals, who are increasingly leveraging artificial intelligence to enhance their attacks. The trend highlights the urgent need for organizations to bolster their cybersecurity measures and stay vigilant against evolving threats. ([forbes.com](https://www.forbes.com/sites/timkeary/2026/04/07/fbi-reports-208-billion-lost-to-cybercrime-as-hackers-turn-to-ai/?utm_source=openai))
2 months ago
Kill Chain
Schneider Electric's Foxboro DCS Vulnerability Exposes Critical Infrastructure to Cyber Threats
In March 2026, Schneider Electric disclosed a deserialization vulnerability (CVE-2026-1286) in its EcoStruxure Foxboro DCS versions prior to CS8.1. This flaw allows an authenticated administrator to execute arbitrary code by opening a malicious project file, potentially compromising system confidentiality, integrity, and availability. The vulnerability affects critical infrastructure sectors globally, including energy and manufacturing. ([cvedetails.com](https://www.cvedetails.com/cve/CVE-2026-1286/?utm_source=openai)) This incident underscores the persistent risks associated with deserialization vulnerabilities in industrial control systems. Organizations must prioritize timely software updates and implement strict access controls to mitigate such threats effectively.
3 months ago
Kill Chain
Mazda's 2025 Data Breach: A Wake-Up Call for Supply Chain Security
In December 2025, Mazda Motor Corporation identified unauthorized access to a warehouse management system associated with parts procured from Thailand. The breach exposed 692 records containing user IDs, full names, email addresses, company names, and business partner IDs. No customer data was involved. Mazda promptly reported the incident to Japan's Personal Information Protection Commission and implemented enhanced security measures, including reducing internet exposure, applying security patches, increasing monitoring for suspicious activity, and introducing stricter access policies. This incident underscores the persistent threat of cyberattacks targeting supply chain systems. Organizations must remain vigilant, as such breaches can lead to phishing attacks and scams targeting exposed individuals. Implementing robust security protocols and continuous monitoring is essential to mitigate these risks.
3 months ago
Kill Chain
Critical Vulnerability in Inductive Automation's Ignition Software: CVE-2025-13911
In December 2025, a vulnerability (CVE-2025-13911) was identified in Inductive Automation's Ignition SCADA software versions 8.1.x and 8.3.x. This flaw allows authenticated administrators to upload malicious project files containing Python scripts, which execute with SYSTEM-level privileges on Windows systems. The vulnerability arises from insufficient restrictions on Python library imports within the scripting environment, combined with the Ignition service account possessing excessive system permissions. Exploitation could lead to full system compromise, enabling attackers to manipulate automation processes, disrupt operations, exfiltrate sensitive data, or deploy ransomware. ([support.inductiveautomation.com](https://support.inductiveautomation.com/hc/en-us/articles/41992057776397-Script-Resource-Import-Vulnerability-for-Windows-CVE-2025-13911?utm_source=openai)) This incident underscores the critical importance of implementing the principle of least privilege and enforcing strict validation of imported project files in industrial control systems. Organizations must prioritize mitigating such vulnerabilities to safeguard against potential operational disruptions and security breaches.
3 months ago
Kill Chain
Stop Active Cloud Data Exfiltration
Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.
Looking for threats in a different sector?
Browse All Threat Reports