top of page
ALL POSTS
FortiBleed: Global Credential Breach Affects 73,932 Fortinet Firewalls Across 194 Countries
Key Findings FortiBleed campaign exposed valid login credentials for 73,932 Fortinet firewall URLs across 194 countries, affecting 21,632 unique domains Attackers conducted approximately 1.16 billion credential attempts against over 320,000 FortiGate targets using a self-feeding system Compromised organizations include Samsung, Oracle, Foxconn, Comcast, Siemens, Lenovo, Spotify, Sony, and numerous government and critical infrastructure entities The operation leverages previou
Jun 184 min read
ZionSiphon: Critical Infrastructure Malware Targeting Israeli Water Systems
Key Findings New malware strain named ZionSiphon discovered targeting Israeli water treatment and desalination plants Malware designed to alter chlorine levels and water pressure in critical infrastructure systems Contains hardcoded targeting for specific Israeli facilities and IP ranges Includes political messaging supporting Iran, Yemen, and Palestine Critical flaw in targeting logic prevents malware from executing payload, rendering current sample ineffective Threat actors
Apr 173 min read
Iranian APT Attacks Target Thousands of Exposed US Industrial Devices
Key Findings Censys identified 5,219 internet-exposed Rockwell Automation PLCs globally, with 74.6% located in the United States Iranian-linked APT groups have been actively targeting these devices since March 2026, causing operational disruptions and financial losses Approximately 3,891 exposed U.S. devices are concentrated on cellular networks, indicating field-deployed infrastructure at utilities and substations Most vulnerable devices run outdated firmware from the MicroL
Apr 112 min read
Iran-Linked Cyber Actors Escalate Attacks on US Critical Infrastructure Through PLC Exploitation
Key Findings Iran-affiliated cyber actors are actively targeting internet-exposed programmable logic controllers (PLCs) across U.S. critical infrastructure sectors including government, water systems, and energy Attacks have caused diminished PLC functionality, manipulated display data, operational disruption, and financial losses Threat actors are exploiting Rockwell Automation and Allen-Bradley PLCs, specifically CompactLogix and Micro850 devices Initial access is gained th
Apr 82 min read
FCC Bans New Foreign-Made Routers Due to Supply Chain and Cyber Security Risks
Key Findings FCC bans all new foreign-made consumer routers from U.S. market effective immediately unless granted Conditional Approval by DoD or DHS Foreign routers pose unacceptable supply chain vulnerabilities and severe cybersecurity risks to critical infrastructure and American citizens Chinese state-sponsored actors including Volt Typhoon, Flax Typhoon, and Salt Typhoon have exploited compromised foreign routers to target U.S. critical infrastructure Ban applies only to
Mar 252 min read
bottom of page
