CPS Threat Intelligence – jonas.colmsjo.com

News Summary week 12, 2026

The U.S. Justice Department formally attributed the Handala hacktivist group to Iran’s MOIS and the FBI seized its domains, while CISA released eight new ICS advisories headlined by critical EV charging and parking infrastructure vulnerabilities, a CVSS 9.8 SCADAPack RTU flaw, and Schneider Electric EcoStruxure code injection—as the Interlock ransomware gang’s exploitation of a Cisco FMC zero-day 36 days before disclosure underscored the accelerating pace of OT-adjacent threats.

News Summary week 11, 2026

Iran-linked Handala group devastated medical device giant Stryker with a wiper attack across 79 countries, while CISA’s ICS Patch Tuesday delivered ten advisories headlined by a CVSS 10.0 Honeywell building management controller with no vendor patch, a critical Siemens S7-1500 PLC vulnerability, and Schneider Electric EcoStruxure flaws enabling full system compromise.

News Summary week 10, 2026

Iran-aligned threat actors escalated cyberattacks against critical infrastructure following Operation Epic Fury, while CISA—operating at reduced capacity during the DHS shutdown—issued nine ICS advisories covering Hitachi Energy RTU500 substation controllers, Mitsubishi MELSEC PLCs, wind turbine ice detectors, and a continued wave of EV charging platform vulnerabilities.

News Summary week 09, 2026

CISA issued Emergency Directive 26-03 for a Cisco SD-WAN zero-day exploited since 2023, while a coordinated disclosure exposed critical authentication flaws across six EV charging platforms and Copeland XWEB refrigeration controllers received a perfect CVSS 10.0 advisory with 23 vulnerabilities.

News Summary week 08, 2026

The DHS shutdown left CISA operating at 38% capacity during a week when Dragos revealed three new OT threat groups and Volt Typhoon still embedded in U.S. utilities, while CISA released eight ICS advisories including a critical flaw in natural gas odorization controllers with no vendor response.

News Summary week 07, 2026

Week 07 featured a major ICS Patch Tuesday with advisories from Siemens, Schneider Electric, AVEVA, and Phoenix Contact, CISA issued a binding directive ordering federal agencies to replace unsupported edge devices, and the UK NCSC warned of severe cyber threats to critical national infrastructure following the Poland grid attack.

News Summary week 06, 2026

Week 06 highlighted by Romania’s Conpet oil pipeline operator hit by Qilin ransomware, 13 new CISA ICS advisories including a CVSS 10.0 for a defunct vendor’s product, FDA’s updated cybersecurity guidance aligned with QMSR enforcement, and a major Chinese espionage campaign compromising 70 organizations across 37 countries.

News Summary week 05, 2026

Week 05 saw ESET and Dragos attribute the DynoWiper attack on Poland’s power grid to Russia’s Sandworm group, CISA issued seven ICS advisories affecting Rockwell, Johnson Controls, and Schneider Electric, and NERC released a landmark CIP Roadmap highlighting growing risks to low-impact grid assets.

News Summary week 04, 2026

Week 04 dominated by Pwn2Own Automotive 2026 with 76 zero-days in Tesla, EV chargers, and IVI systems; plus 8 new CISA ICS advisories affecting Schneider Electric, Rockwell, and Delta Electronics.

News Summary week 03, 2026

Week 03 features critical AVEVA Process Optimization RCE vulnerabilities, Siemens Industrial Edge authentication bypass, Rockwell GuardLink DoS flaws, and Pwn2Own Automotive 2026 discoveries in Tokyo.

News Summary week 02, 2026

Week 02 highlights include CISA advisories for weather monitoring systems, critical Bluetooth vulnerability in WHILL wheelchairs (CVSS 9.8), and pro-Russia hacktivists targeting OT infrastructure.

News Summary week 51, 2025

Week 51 features CISA advisory on pro-Russia hacktivists targeting water/energy sectors, critical ICS vulnerabilities in Siemens/Rockwell/Advantech products, and automotive zero-days in aftermarket devices.

News Summary week 48, 2025

Week 48 saw CISA release 5 critical ICS advisories including CVSS 9.3 vulnerability in Emerson UPS monitoring (end-of-life, no patch), plus building automation and industrial edge controller flaws.

News Summary week 47, 2025

Week 47 highlights first large-scale autonomous AI cyberattack disclosed by Anthropic, Scattered Spider teens charged for TfL breach, and critical analysis of AI-powered attack automation.