critical infrastructure

A newly published advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns that ePower’s charging management platform — branded at epower.ie and used by network operators and site hosts worldwide — contains a cluster of high‑severity authentication and...

A coordinated federal advisory has placed Labkotec’s LID-3300IP ice detector squarely in the spotlight: CISA warns that an unauthenticated flaw in the device’s ice‑detector software (tracked as CVE‑2026‑1775 in the advisory) allows an attacker with network reachability to send specially crafted...

Hitachi Energy's RTU500 family is the subject of a fresh set of security advisories that enumerate multiple firmware-level flaws capable of leaking low-value user management data and causing device outages — vulnerabilities operators must treat as urgent because the affected components sit at...

A cluster of high-severity authentication and session‑management flaws in EV2GO’s ev2go.io charging-management platform has been disclosed by U.S. federal authorities, and the practical impact is stark: every version of the service is listed as affected, the vendor’s public endpoints expose...

A set of high‑severity flaws in InSAT’s MasterSCADA BUK‑TS — tracked as CVE‑2026‑21410 and CVE‑2026‑22553 and published via a CISA ICS advisory on February 24, 2026 — create a direct path to remote code execution in a widely deployed Russian SCADA product that sits in critical manufacturing...

Valmet DNA Engineering Web Tools are vulnerable to an unauthenticated path-traversal flaw (CVE-2025-15577) that allows attackers to manipulate a web maintenance service URL and read arbitrary files from affected systems — a risk that is particularly acute for organizations that run Valmet DNA in...

A high‑severity industrial control systems advisory published on February 19, 2026, warns that Welker’s OdorEyes ECOsystem Pulse Bypass System with the XL4 controller is vulnerable to an unauthenticated control‑function flaw (tracked as CVE‑2026‑24790) that could let a remote actor manipulate...

Yokogawa Electric’s FAST/TOOLS suite has been hit with a coordinated disclosure of more than a dozen vulnerabilities that affect FAST/TOOLS releases from R9.01 through R10.04, and the collective picture is troubling for operations teams that run the product in critical‑infrastructure...

Few phrases capture modern corporate power like “too big to fail,” and the companies on this short list are precisely the firms that, through size, reach, or infrastructure, now sit at the crossroads of commerce, technology, and public life—so entangled with national economies and everyday...

Last week’s windstorm and a cascading backup-power failure at the National Institute of Standards and Technology (NIST) in Boulder briefly nudged the United States’ official time off by about 4.8 microseconds, a tiny interval measured in millionths of a second but one that exposes real...

Schneider Electric has confirmed that its EcoStruxure Foxboro DCS Advisor service is affected by a critical Microsoft Windows Server Update Services (WSUS) vulnerability — tracked as CVE‑2025‑59287 — and operators must prioritize out‑of‑band WSUS patches and layered mitigations to avoid a...

CISA’s updated Cross‑Sector Cybersecurity Performance Goals — CPG 2.0 — mark a decisive shift from checklist-style guidance to measurable, governance‑backed outcomes for critical infrastructure owners and operators, placing accountability and enterprise risk management alongside technical...

Pro‑Russia hacktivist collectives have mounted a wave of opportunistic intrusions against internet‑exposed operational technology (OT) devices worldwide, exploiting unsecured Virtual Network Computing (VNC) connections and weak or default credentials to access human‑machine interfaces (HMIs) in...

CISA and partner agencies have issued a fresh warning: pro‑Russia hacktivist collectives are carrying out opportunistic intrusions against U.S. and global critical infrastructure by exploiting internet‑facing Virtual Network Computing (VNC) connections, a low‑sophistication but high‑impact...

The National Cyber Security Centre’s 2025 Annual Review delivered a blunt verdict: the UK’s cyber threat environment has escalated from episodic nuisance to sustained national emergency, and the question for leaders is no longer whether they will be attacked but how they will survive the attack...

A severe, unauthenticated remote code‑execution vulnerability in Industrial Video & Control’s Longwatch video surveillance and monitoring platform has been disclosed by CISA: an exposed HTTP endpoint in Longwatch versions 6.309 through 6.334 allows specially crafted HTTP GET requests to execute...

The Louvre’s security story after the October heist is less a thriller’s last-act twist and more an institutional autopsy: auditors once logged that the server driving the museum’s video surveillance accepted the literal password LOUVRE, a detail that has become shorthand for a decade of...

A fresh telemetry snapshot from remote‑support sessions underscores a stark reality: as Microsoft’s Windows 10 support deadline approaches, a large share of real‑world endpoints remain on an OS that will soon stop receiving routine security patches—creating an urgent migration and...

Hitachi Energy has confirmed a vulnerability in its Asset Suite platform that lets an authenticated user manipulate performance log content or inject crafted entries into logfiles—behavior that can be used to obscure malicious activity or carry out follow‑on attacks—affecting Asset Suite...

Australia’s leading security practitioners and program owners have been named as finalists in the 2025 Benchmark Security Awards, an annual recognition program run by iTnews in partnership with techpartner.news that celebrates excellence in cybersecurity leadership across government, energy...