CPS Threat Intelligence – jonas.colmsjo.com

News Summary week 18, 2026

CISA published seven ICS advisories across the April 24-May 1 week, headlined by six ABB advisories on April 30 covering AWIN Gateways (CVE-2025-13777/78/79), Ability OPTIMAX SSO bypass, Symphony Plus Engineering, and System 800xA, plus a single April 28 advisory for NSA GRASSMARLIN. Itron and Medtronic both disclosed breaches on April 27, and the Iranian CyberAv3ngers PLC campaign continued to drive elevated posture in water, energy, and government sectors.

News Summary week 17, 2026

CISA released over a dozen ICS advisories on April 21 and 23 covering critical vulnerabilities in SenseLive X3050, Silex Technology SD-330AC, Hardy Barth EV chargers, Siemens SINEC NMS, and others, while Forescout disclosed the BRIDGE:BREAK vulnerability cluster affecting 20,000 serial-to-IP converters, and Darktrace identified ZionSiphon—a development-stage OT malware designed to sabotage Israeli water treatment and desalination facilities.

News Summary week 16, 2026

Sweden attributed a 2025 destructive cyberattack on a thermal power plant to Russian intelligence-linked hackers in an April 15 disclosure, while CISA published four new ICS advisories on April 16—including a CVSS 9.8 flaw in Anviz access control systems and a critical missing-authorization vulnerability in AVEVA Pipeline Simulation—and the FBI IC3 2025 Annual Report confirmed healthcare as the most ransomware-targeted critical infrastructure sector.

News Summary week 15, 2026

A joint six-agency advisory warned that Iranian CyberAv3ngers are actively exploiting Rockwell Automation PLCs across U.S. water, energy, and government infrastructure, while CISA published five new ICS advisories—including a critical missing-authentication flaw in natural gas odorizer controllers—and a ransomware attack on Signature Healthcare forced ambulance diversions and chemotherapy cancellations.

News Summary week 14, 2026

CISA published five ICS advisories headlined by critical authentication-bypass flaws in the PX4 drone autopilot and Anritsu spectrum monitors, while actively exploited vulnerabilities in F5 BIG-IP APM and Hitachi Energy Ellipse prompted urgent patching—and a ransomware attack on Minot, North Dakota’s water treatment plant underscored the escalating threat to municipal water infrastructure.

News Summary week 13, 2026

CISA released seven ICS advisories including a maximum-severity CVSS 10.0 PTC Windchill deserialization flaw and a critical WAGO managed switch CLI escape vulnerability, while FERC approved sweeping CIP reliability standard updates for virtualization and supply chain security—and New York’s first-in-nation mandatory wastewater cybersecurity incident reporting requirement took effect, all against the backdrop of an ongoing Iranian cyber campaign that struck a second U.S. healthcare provider within weeks of the Stryker wiper attack.

News Summary week 12, 2026

The U.S. Justice Department formally attributed the Handala hacktivist group to Iran’s MOIS and the FBI seized its domains, while CISA released eight new ICS advisories headlined by critical EV charging and parking infrastructure vulnerabilities, a CVSS 9.8 SCADAPack RTU flaw, and Schneider Electric EcoStruxure code injection—as the Interlock ransomware gang’s exploitation of a Cisco FMC zero-day 36 days before disclosure underscored the accelerating pace of OT-adjacent threats.

News Summary week 11, 2026

Iran-linked Handala group devastated medical device giant Stryker with a wiper attack across 79 countries, while CISA’s ICS Patch Tuesday delivered ten advisories headlined by a CVSS 10.0 Honeywell building management controller with no vendor patch, a critical Siemens S7-1500 PLC vulnerability, and Schneider Electric EcoStruxure flaws enabling full system compromise.

News Summary week 10, 2026

Iran-aligned threat actors escalated cyberattacks against critical infrastructure following Operation Epic Fury, while CISA—operating at reduced capacity during the DHS shutdown—issued nine ICS advisories covering Hitachi Energy RTU500 substation controllers, Mitsubishi MELSEC PLCs, wind turbine ice detectors, and a continued wave of EV charging platform vulnerabilities.

News Summary week 09, 2026

CISA issued Emergency Directive 26-03 for a Cisco SD-WAN zero-day exploited since 2023, while a coordinated disclosure exposed critical authentication flaws across six EV charging platforms and Copeland XWEB refrigeration controllers received a perfect CVSS 10.0 advisory with 23 vulnerabilities.

News Summary week 08, 2026

The DHS shutdown left CISA operating at 38% capacity during a week when Dragos revealed three new OT threat groups and Volt Typhoon still embedded in U.S. utilities, while CISA released eight ICS advisories including a critical flaw in natural gas odorization controllers with no vendor response.

News Summary week 07, 2026

Week 07 featured a major ICS Patch Tuesday with advisories from Siemens, Schneider Electric, AVEVA, and Phoenix Contact, CISA issued a binding directive ordering federal agencies to replace unsupported edge devices, and the UK NCSC warned of severe cyber threats to critical national infrastructure following the Poland grid attack.

News Summary week 06, 2026

Week 06 highlighted by Romania’s Conpet oil pipeline operator hit by Qilin ransomware, 13 new CISA ICS advisories including a CVSS 10.0 for a defunct vendor’s product, FDA’s updated cybersecurity guidance aligned with QMSR enforcement, and a major Chinese espionage campaign compromising 70 organizations across 37 countries.

News Summary week 05, 2026

Week 05 saw ESET and Dragos attribute the DynoWiper attack on Poland’s power grid to Russia’s Sandworm group, CISA issued seven ICS advisories affecting Rockwell, Johnson Controls, and Schneider Electric, and NERC released a landmark CIP Roadmap highlighting growing risks to low-impact grid assets.

News Summary week 04, 2026

Week 04 dominated by Pwn2Own Automotive 2026 with 76 zero-days in Tesla, EV chargers, and IVI systems; plus 8 new CISA ICS advisories affecting Schneider Electric, Rockwell, and Delta Electronics.

News Summary week 03, 2026

Week 03 features critical AVEVA Process Optimization RCE vulnerabilities, Siemens Industrial Edge authentication bypass, Rockwell GuardLink DoS flaws, and Pwn2Own Automotive 2026 discoveries in Tokyo.

News Summary week 02, 2026

Week 02 highlights include CISA advisories for weather monitoring systems, critical Bluetooth vulnerability in WHILL wheelchairs (CVSS 9.8), and pro-Russia hacktivists targeting OT infrastructure.

News Summary week 51, 2025

Week 51 features CISA advisory on pro-Russia hacktivists targeting water/energy sectors, critical ICS vulnerabilities in Siemens/Rockwell/Advantech products, and automotive zero-days in aftermarket devices.

News Summary week 48, 2025

Week 48 saw CISA release 5 critical ICS advisories including CVSS 9.3 vulnerability in Emerson UPS monitoring (end-of-life, no patch), plus building automation and industrial edge controller flaws.

News Summary week 47, 2025

Week 47 highlights first large-scale autonomous AI cyberattack disclosed by Anthropic, Scattered Spider teens charged for TfL breach, and critical analysis of AI-powered attack automation.