critical infrastructure

Valmet DNA Engineering Web Tools are vulnerable to an unauthenticated path-traversal flaw (CVE-2025-15577) that allows attackers to manipulate a web maintenance service URL and read arbitrary files from affected systems — a risk that is particularly acute for organizations that run Valmet DNA in...

A high‑severity industrial control systems advisory published on February 19, 2026, warns that Welker’s OdorEyes ECOsystem Pulse Bypass System with the XL4 controller is vulnerable to an unauthenticated control‑function flaw (tracked as CVE‑2026‑24790) that could let a remote actor manipulate...

Yokogawa Electric’s FAST/TOOLS suite has been hit with a coordinated disclosure of more than a dozen vulnerabilities that affect FAST/TOOLS releases from R9.01 through R10.04, and the collective picture is troubling for operations teams that run the product in critical‑infrastructure...

Few phrases capture modern corporate power like “too big to fail,” and the companies on this short list are precisely the firms that, through size, reach, or infrastructure, now sit at the crossroads of commerce, technology, and public life—so entangled with national economies and everyday...

Last week’s windstorm and a cascading backup-power failure at the National Institute of Standards and Technology (NIST) in Boulder briefly nudged the United States’ official time off by about 4.8 microseconds, a tiny interval measured in millionths of a second but one that exposes real...

Schneider Electric has confirmed that its EcoStruxure Foxboro DCS Advisor service is affected by a critical Microsoft Windows Server Update Services (WSUS) vulnerability — tracked as CVE‑2025‑59287 — and operators must prioritize out‑of‑band WSUS patches and layered mitigations to avoid a...

CISA’s updated Cross‑Sector Cybersecurity Performance Goals — CPG 2.0 — mark a decisive shift from checklist-style guidance to measurable, governance‑backed outcomes for critical infrastructure owners and operators, placing accountability and enterprise risk management alongside technical...

Pro‑Russia hacktivist collectives have mounted a wave of opportunistic intrusions against internet‑exposed operational technology (OT) devices worldwide, exploiting unsecured Virtual Network Computing (VNC) connections and weak or default credentials to access human‑machine interfaces (HMIs) in...

CISA and partner agencies have issued a fresh warning: pro‑Russia hacktivist collectives are carrying out opportunistic intrusions against U.S. and global critical infrastructure by exploiting internet‑facing Virtual Network Computing (VNC) connections, a low‑sophistication but high‑impact...

The National Cyber Security Centre’s 2025 Annual Review delivered a blunt verdict: the UK’s cyber threat environment has escalated from episodic nuisance to sustained national emergency, and the question for leaders is no longer whether they will be attacked but how they will survive the attack...

A severe, unauthenticated remote code‑execution vulnerability in Industrial Video & Control’s Longwatch video surveillance and monitoring platform has been disclosed by CISA: an exposed HTTP endpoint in Longwatch versions 6.309 through 6.334 allows specially crafted HTTP GET requests to execute...

The Louvre’s security story after the October heist is less a thriller’s last-act twist and more an institutional autopsy: auditors once logged that the server driving the museum’s video surveillance accepted the literal password LOUVRE, a detail that has become shorthand for a decade of...

A fresh telemetry snapshot from remote‑support sessions underscores a stark reality: as Microsoft’s Windows 10 support deadline approaches, a large share of real‑world endpoints remain on an OS that will soon stop receiving routine security patches—creating an urgent migration and...

Hitachi Energy has confirmed a vulnerability in its Asset Suite platform that lets an authenticated user manipulate performance log content or inject crafted entries into logfiles—behavior that can be used to obscure malicious activity or carry out follow‑on attacks—affecting Asset Suite...

Australia’s leading security practitioners and program owners have been named as finalists in the 2025 Benchmark Security Awards, an annual recognition program run by iTnews in partnership with techpartner.news that celebrates excellence in cybersecurity leadership across government, energy...

India’s digital backbone is far more entangled with US‑headquartered software, cloud and platform providers than most policymakers acknowledge — and that entanglement now reads as a strategic vulnerability that must be addressed if New Delhi wants meaningful digital sovereignty by 2030...

India’s digital backbone is more dependent on US-controlled software, platforms and cloud services than most citizens realize — and that dependence now reads as a strategic vulnerability in the eyes of national security analysts and independent researchers. Background India’s public discourse...

Microsoft’s cybersecurity posture is under renewed fire after U.S. Senator Ron Wyden urged the Federal Trade Commission to open a formal investigation into the company’s default security settings, arguing that Microsoft shipped “dangerous, insecure software” that materially enabled a 2024...

Internet traffic between Asia, the Middle East and parts of Europe slowed sharply after multiple undersea fibre‑optic cables in the Red Sea were severed on 6 September 2025, forcing cloud operators — most visibly Microsoft Azure — and regional carriers to reroute traffic, warn customers of...

A sudden cluster of undersea fiber cuts in the Red Sea has forced Microsoft Azure and other cloud and carrier operators to reroute traffic, producing measurable latency and slower internet performance across parts of South Asia, the Gulf and beyond—an event that exposes how a handful of damaged...