✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨
Utilities
Breach intelligence, attack campaigns, and threat reports targeting the Utilities sector.
Explore Other Sectors
Utilities Threat Reports
Terrabot Botnet's 2026 Exploitation of IoT Vulnerabilities
In June 2026, the Terrabot botnet, an aggressive IoT malware variant derived from Mirai and Gafgyt frameworks, was observed scanning the internet for vulnerabilities to exploit and expand its network of compromised devices. The botnet targeted known vulnerabilities in legacy D-Link DSL routers (CVE-2016-20017) and Dasan GPON routers (CVE-2018-10561), attempting unauthenticated command injections. However, due to automation errors, such as empty POST request bodies and malformed payloads, many of these exploit attempts failed, highlighting the botnet's technical limitations. ([isc.sans.edu](https://isc.sans.edu/diary?utm_source=openai)) This incident underscores the persistent threat posed by IoT botnets, even those with flawed execution, as they continue to exploit unpatched vulnerabilities in widely used devices. The rapid proliferation of such botnets emphasizes the need for robust security measures, timely patching, and vigilant monitoring to protect against automated cyber threats.
20 hours ago
Kill Chain
Critical Vulnerability in Lantronix EDS5000 Devices Actively Exploited
In June 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about active exploitation of a critical vulnerability in Lantronix EDS5000 Series devices. Identified as CVE-2025-67038 with a CVSS score of 9.8, this code injection flaw allows unauthenticated attackers to execute arbitrary OS commands with root privileges by exploiting improper input sanitization in the HTTP RPC module. The vulnerability was disclosed in April 2026 as part of the BRIDGE:BREAK set of vulnerabilities affecting serial-to-IP converters from Lantronix and Silex. The active exploitation of CVE-2025-67038 underscores the increasing targeting of IoT devices in critical infrastructure. Organizations must prioritize patching vulnerable systems and implementing robust input validation to mitigate such risks.
1 day ago
Kill Chain
Critical Vulnerabilities in Siemens SINEC INS: Immediate Action Required
In June 2026, Siemens disclosed multiple vulnerabilities in its SINEC INS software, versions prior to V1.0 SP2 Update 6. These vulnerabilities include improper input sanitization leading to OS command injection (CVE-2026-46746), path traversal (CVE-2026-46747), execution with unnecessary privileges (CVE-2026-46748), and the use of a one-way hash with a predictable salt (CVE-2026-46749). Exploitation of these flaws could allow attackers to execute arbitrary commands, access unintended file system locations, escalate privileges, and recover user passwords, potentially resulting in unauthorized access and control over affected systems. The disclosure underscores the critical importance of timely software updates and robust security practices in industrial control systems. Organizations utilizing SINEC INS are urged to upgrade to V1.0 SP2 Update 6 or later to mitigate these risks. This incident highlights the ongoing challenges in securing industrial networks against evolving cyber threats.
2 days ago
Kill Chain
Critical Vulnerability in Hubbell Aclara Metrum Cellular Web Interface (CVE-2026-1840)
In June 2026, a critical vulnerability (CVE-2026-1840) was identified in the Hubbell Aclara Metrum Cellular Web Interface, affecting versions prior to v2.1.0.105. This flaw allows unauthorized access to critical system functions due to missing authentication controls, enabling attackers to alter device configurations and disrupt operations, potentially leading to loss of communications. The vulnerability poses significant risks to the energy sector, particularly in the United States, where these devices are widely deployed. ([nvd.nist.gov](https://nvd.nist.gov/vuln/detail/CVE-2026-1740?utm_source=openai)) The incident underscores the importance of robust authentication mechanisms in industrial control systems. With increasing cyber threats targeting critical infrastructure, organizations must prioritize timely firmware updates and implement comprehensive security measures to mitigate such vulnerabilities.
2 days ago
Kill Chain
ABB Freelance Security Lock Vulnerability CVE-2025-7064
In June 2026, a vulnerability identified as CVE-2025-7064 was disclosed in ABB's Freelance Security Lock software. This authentication bypass flaw allows attackers to access underlying Windows OS functions even when Freelance Operations is active, depending on system configuration and user permissions. Affected versions include Freelance through 2013, 2013 SP1, 2016, 2016 SP1, 2019, 2019 SP1, 2019 SP1 FP1, and 2024. ([nvd.nist.gov](https://nvd.nist.gov/vuln/detail/CVE-2025-7064?utm_source=openai)) The vulnerability has a CVSS score of 6.6, indicating a medium severity level. While no active exploitation has been reported, organizations using the affected versions should assess their exposure and apply patches as recommended by ABB. ([nvd.nist.gov](https://nvd.nist.gov/vuln/detail/CVE-2025-7064?utm_source=openai))
2 days ago
Kill Chain
Siemens Discloses Critical Vulnerability in WinCC Certificate Manager
In June 2026, Siemens disclosed a vulnerability (CVE-2026-24349) in the WinCC Certificate Manager component of SIMATIC WinCC Unified PC Runtime versions 16 through 21 (prior to V21 Update 2). The flaw involves insufficient protection of cryptographic key material, potentially allowing attackers with local access to extract sensitive information. Siemens has released an update for version 21 and recommends upgrading to V21 Update 2 or later. For earlier versions, no fixes are planned, and users are advised to implement specific countermeasures. This incident underscores the critical importance of securing cryptographic key material, especially in industrial control systems. Organizations should prioritize updating affected systems and apply recommended mitigations to prevent potential exploitation.
2 days ago
Kill Chain
Siemens SIPROTEC 5 Vulnerability Exposes Critical Infrastructure to Potential Attacks
In June 2026, Siemens disclosed a vulnerability (CVE-2025-40808) in its SIPROTEC 5 devices, which are critical components in energy and industrial sectors. The flaw allows authenticated users to upload arbitrary files via the DIGSI 5 protocol, potentially leading to denial-of-service conditions or remote code execution. Siemens has released firmware updates to address this issue and recommends users upgrade to the latest versions to mitigate the risk. This incident underscores the importance of securing industrial control systems against authenticated insider threats. As cyberattacks targeting critical infrastructure become more sophisticated, organizations must prioritize timely patching and robust access controls to safeguard operational technology environments.
2 days ago
Kill Chain
Critical Vulnerability in Schneider Electric's EasyLogic T150 and Saitel DP Devices
In May 2026, Schneider Electric disclosed a critical vulnerability (CVE-2026-6865) in its EasyLogic T150 and Saitel DP Remote Terminal Units (RTUs) and Controllers. This path traversal flaw allows unauthorized access to sensitive files, potentially compromising system integrity. Affected versions include EasyLogic T150 firmware up to 11.06.31 and Saitel DP firmware up to 11.06.36. Schneider Electric has released firmware updates to address this issue. This incident underscores the persistent risks in industrial control systems, especially within critical infrastructure sectors like energy and manufacturing. Organizations must prioritize timely patching and robust access controls to mitigate such vulnerabilities.
6 days ago
Kill Chain
Critical Vulnerabilities in Rockwell Automation's FactoryTalk Historian SE Threaten Industrial Control Systems
In June 2026, Rockwell Automation disclosed multiple vulnerabilities in its FactoryTalk Historian Site Edition (SE) software, specifically affecting versions up to 11.00. The most critical, CVE-2025-13036, is an authentication bypass issue where an attacker can obtain a valid authentication token by repeatedly sending requests to the login endpoint. Additionally, CVE-2025-44019 and CVE-2025-36539 involve uncaught exceptions that could allow authenticated users to crash essential subsystems, leading to denial of service and potential data loss. These vulnerabilities pose significant risks to industrial control systems relying on this software. ([rockwellautomation.com](https://www.rockwellautomation.com/es-es/trust-center/security-advisories/advisory.SD1773.html?utm_source=openai)) The disclosure underscores the ongoing challenges in securing industrial control systems, highlighting the necessity for continuous monitoring and timely patching. Organizations must remain vigilant, as such vulnerabilities can be exploited to disrupt critical manufacturing operations, emphasizing the importance of robust cybersecurity practices in industrial environments.
6 days ago
Kill Chain
Critical Vulnerability in Mitsubishi Electric MELSEC iQ-F Series: CVE-2026-8805
In June 2026, Mitsubishi Electric disclosed a high-severity vulnerability (CVE-2026-8805) in its MELSEC iQ-F Series FX5-EIP EtherNet/IP Module. This flaw allows remote attackers to cause a denial-of-service (DoS) condition by rapidly establishing numerous TCP connections, leading to improper memory access and system instability. Affected versions include FX5-EIP up to and including version 1.000. ([mitsubishielectric.com](https://www.mitsubishielectric.com/fa/about-us/security/vulnerability/?utm_source=openai)) This incident underscores the critical importance of securing industrial control systems against network-based attacks. As cyber threats targeting operational technology (OT) environments increase, organizations must prioritize timely vulnerability management and implement robust network defenses to safeguard critical manufacturing processes.
6 days ago
Kill Chain
Critical Vulnerability in AzeoTech DAQFactory: CVE-2026-12390
In June 2026, a critical vulnerability (CVE-2026-12390) was identified in AzeoTech's DAQFactory software, versions 21.1 and prior. This Type Confusion flaw allows attackers to execute arbitrary code by tricking users into opening malicious .ctl files. The vulnerability poses significant risks to systems utilizing DAQFactory, potentially leading to unauthorized access and control. The disclosure underscores the ongoing challenges in securing industrial control systems, especially as attackers increasingly target such environments. Organizations are urged to apply recommended mitigations promptly to prevent exploitation and maintain operational integrity.
6 days ago
Kill Chain
Navigating the 'Smash-and-Grab Era': Understanding Rapid AI-Driven Cyber Threats
In 2026, cybersecurity experts identified a significant shift in cyberattack methodologies, termed the 'Smash-and-Grab Era.' This new approach is characterized by rapid, parallel attacks facilitated by advanced technologies like Large Language Models (LLMs). Unlike previous 'low and slow' tactics, attackers now execute swift operations, exploiting vulnerabilities and exfiltrating data within hours. This evolution challenges traditional detection and response strategies, as defenders struggle to manage multiple simultaneous attack vectors effectively. The emergence of this era underscores the urgent need for organizations to adapt their cybersecurity frameworks. The integration of AI in cyberattacks has accelerated the speed and complexity of threats, rendering conventional defense mechanisms less effective. As attackers leverage AI to automate and scale their operations, it is imperative for defenders to enhance their capabilities to detect and respond to these rapid, multifaceted attacks.
1 week ago
Kill Chain
Stop Active Cloud Data Exfiltration
Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.
Looking for threats in a different sector?
Browse All Threat Reports