Industrial control system vulnerability enables unauthenticated file disclosure in OT networks

Weekly insights on threats, vulnerabilities, and security best practices.

New CISA advisory exposes critical vulnerabilities in Mitsubishi MELSEC iQ-R PLCs allowing unauthorized device data access, control program manipulation, and denial-of-service attacks.

CISA alerts reveal critical vulnerabilities in Chargemap charging stations enabling unauthorized admin control and service disruption. Multiple attack vectors threaten EV infrastructure.

CVE-2026-2329 in Grandstream phones allows unauthenticated remote code execution with root privileges, exposing voice communications to interception and enabling lateral network movement.