Patch Now: Critical Flaw in OT Robot OS Gives Attackers Control
An unauthenticated attacker can exploit the command injection vulnerability to gain remote access to robotic systems, causing significant disruption to the environment.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
An unauthenticated attacker can exploit the command injection vulnerability to gain remote access to robotic systems, causing significant disruption to the environment.
Forescout's Rik Ferguson on AI-Driven Vulnerability Risks and Visibility GapsAnthropic's Claude Mythos marks a shift in AI-driven vulnerability discovery, but the bigger challenge facing defenders is how to respond. Faster exploit development is exposing gaps in asset visibility, patching and security operations across IT and OT environments, said Forescout's Rik Ferguson.
Airport Baggage Carousels Are Weapons, in the Right HandsConsider the airport baggage carousel. It's big, clunky and tedious to wait by. But look at it like a war planner does, and it's suddenly very different: An almost certainly poorly secured technology system that foreign adversaries could exploit to disrupt military mobilization across the United States.
Successful Breaches Renew Fears of Operational Vulnerabilities Across Water SectorRussia is suspected of escalating cyberattacks on European water utilities, including attempts to sabotage Polish and Norwegian water facilities and dams, signaling a broader threat to global critical infrastructure as state-backed actors exploit critical OT weaknesses amid global conflict.
Majority of Attacks Target Operational Technology NetworksExploitation attempts against a severe vulnerability in a runtime system widely deployed in operational technology environments spiked globally in the days after open-source maintainers of the Erlang/OTP project published a patch. Attackers could take full control of systems.
Malicious actors have been observed exploiting a now-patched critical security flaw impacting Erlang/Open Telecom Platform (OTP) SSH as early as beginning of May 2025, with about 70% of detections originating from firewalls protecting operational technology (OT) networks
Also: Rethinking IT-OT Integration; Previewing Black Hat 2025In this week's update, four ISMG editors discussed the latest on the ToolShell exploit and the rise of Warlock ransomware, why IT-OT integration may not be the best answer for industrial security and what to expect next week from ISMG Studio at Black Hat Conference 2025.
ISMG Editors: China-Linked SharePoint Exploits Raise AlarmIn this week's update, four ISMG editors discussed the latest SharePoint exploits linked to China, why the security of operational technology is still lagging 15 years after Stuxnet and a look at the widening divide in the ways enterprises are approaching AI adoption.
Companies critical to the aviation and aerospace supply chains didn't patch a known CVE, providing opportunity for foreign espionage.
Over-Deployment of Tools Raises Security and Operational ConcernsExcessive deployment of remote access tools in operational technology environments expands attack surfaces and creates operational challenges, warn security researchers from Claroty. Remote access tools are essential, but they introduce numerous potential vulnerabilities that threat actors exploit.
As ransomware infections have evolved from purely encrypting data to schemes such as double and triple extortion, a new attack vector is likely to set the stage for future campaigns
Pwn2Own Miami 2022 has ended with competitors earning $400,000 for 26 zero-day exploits (and several bug collisions) targeting ICS and SCADA products demoed during the contest between April 19 and April 21. [...]