📰 Enterprise Security Blog

Expert insights on IoT security, physical security, compliance, and risk management.

Smart Office Security Month in Review: The Eight Things That Defined May 2026

May 2026 produced a CVSS 10.0 Cisco firewall zero-day exploited by ransomware for weeks before disclosure, two active botnet campaigns against industrial routers, a dark web ICS malware toolkit, a critical telnet RCE in legacy OT devices, CISA advisories across five major vendors, a supply chain attack targeting AI developers, and joint government guidance explicitly prohibiting LLMs in safety-critical OT systems. Here is what the month meant for organizations running connected office environments.

May 29, 2026 smart-officeIoT-security

CISA and Five Allies Tell You Not to Put LLMs in Safety-Critical OT Systems — Here's the Actual Guidance

A joint guidance document issued by CISA, the Australian Signals Directorate's ACSC, and international partners establishes principles for integrating AI into operational technology environments. The guidance explicitly differentiates acceptable AI use by Purdue Model layer, warns against LLM-first approaches for safety-critical decisions in OT, and requires AI vendors supplying OT environments to provide software bills of materials, data residency documentation, and transparent AI feature disclosure. For organizations running smart buildings and industrial systems, this is the clearest official framework yet for AI in OT.

May 26, 2026 OT-securityAI-security

TrapDoor: The Supply Chain Attack Targeting AI Developers That's Stealing Cloud Keys and SSH Credentials

The TrapDoor supply chain campaign, active as of May 22, 2026, is targeting AI developer communities through malicious packages in public repositories. The packages use preinstall scripts to steal cloud credentials, SSH keys, and developer secrets, then exfiltrate them through GitHub-based command and control infrastructure. The campaign is specifically targeting the tooling and repositories used by AI development teams — a population with access to cloud environments, model infrastructure, and enterprise data pipelines.

May 22, 2026 supply-chain-securityAI-security

CISA's May 2026 ICS Advisory Wave: Schneider Electric, Advantech, Axis, Rockwell, and Mitsubishi

CISA's May 2026 ICS advisory release covers critical vulnerabilities across five major industrial and building automation vendors: Schneider Electric EcoStruxure Foxboro DCS, Advantech WebAccess/SCADA, Axis Communications security cameras, Rockwell Automation Micro820/850/870 controllers, and Mitsubishi Electric ICONICS products. The highest-severity advisory involves a CVSS 9.8 deserialization vulnerability in Schneider's DCS Advisor component. Combined, the advisories affect SCADA systems, IP cameras, PLCs, and building HMI software that are standard in smart office and industrial deployments.

May 19, 2026 CISAICS-security

CVE-2026-32746: The Telnet Vulnerability in Legacy OT That Gives Attackers Root Before the Login Prompt

CVE-2026-32746 is a pre-authentication remote code execution vulnerability in GNU Inetutils telnetd, scoring 9.8 Critical on CVSS 3.1 and affecting all versions up to and including 2.7. An unauthenticated attacker can trigger root-level code execution during the initial TCP handshake — before any login prompt appears. The vulnerability affects embedded systems, PLCs, SCADA components, and IoT devices that expose telnet interfaces, as well as major Linux distributions that include Inetutils in their default package sets.

May 15, 2026 CVEOT-security

VoltRuptor: The ICS/SCADA Malware Being Sold on Dark Web Markets That Targets Industrial Infrastructure

A sophisticated ICS and SCADA malware toolkit called VoltRuptor, attributed to a group calling itself the Infrastructure Destruction Squad, is being sold through dark web channels in 2026. The malware supports multiple industrial protocols, includes persistence and anti-forensics capabilities, and is designed explicitly to cause operational disruption in industrial environments. Its availability as a commercial product lowers the barrier to sophisticated OT attacks significantly.

May 12, 2026 OT-securityICS-security

Industrial Routers Under Botnet Attack: Four-Faith and ASUS Vulnerabilities Being Actively Exploited in OT Networks

Two vulnerabilities in widely deployed industrial and commercial routers are being actively exploited by botnets in May 2026. CVE-2024-9643 in Four-Faith F3x36 Industrial Cellular Routers, scoring 9.8 on CVSS, allows full administrative control without authentication. CVE-2018-5999 in ASUS AsusWRT routers, a vulnerability from 2018, has been re-weaponized by the RondoDox botnet as of May 17, 2026. Both vulnerabilities are being used to build botnet infrastructure, and compromised industrial routers in OT environments create paths from the internet directly into production control systems.

May 8, 2026 IoT-securityOT-security

CVSS 10.0: Interlock Ransomware Exploited Cisco's Firewall Zero-Day for Weeks Before Cisco Knew

CVE-2026-20131 in Cisco Secure Firewall Management Center carries the maximum possible CVSS score of 10.0 and allows unauthenticated remote attackers to execute arbitrary Java code as root via an insecure deserialization flaw. The Interlock ransomware group was exploiting it as a zero-day from January 26, 2026 — more than a month before Cisco disclosed the vulnerability publicly — using memory-resident web shells, custom JavaScript and Java remote access trojans, and Active Directory certificate abuse to move through victim networks.

May 5, 2026 CVEransomware

Routers Are Now the Riskiest Device in Your Network: The 2026 Connected Device Risk Report

New research tracking connected device risk across IT, OT, IoT, and IoMT environments has named routers the single most dangerous device category in enterprise networks, averaging 32 vulnerabilities per device and accounting for roughly a third of all critical vulnerabilities found in corporate infrastructure. Forty percent of device types on the 2026 riskiest list are entirely new entries, and 75% were not on the list two years ago — a pace of attack surface expansion that most security programs are not designed to absorb.

May 1, 2026 IoT-securityOT-security

Smart Office Security Week in Review: The Seven Things That Mattered, April 22–28, 2026

This week produced a joint intelligence advisory on Chinese state-sponsored IoT device hijacking, a major Cisco wireless security report confirming that 85% of organizations are getting hit through wireless and IoT, critical vulnerabilities in Siemens industrial edge and building automation systems, a landmark workforce report linking skills gaps to real breaches, and a new NIST initiative on OT network visibility. Here is what it means for organizations running connected office environments.

April 29, 2026 smart-officeIoT-security

The OT-ISAC Advisory and the Hidden ICS Vulnerabilities in Your Smart Building Infrastructure

A consolidated OT-ISAC advisory published in April 2026 documents critical flaws across industrial control and management systems including AVEVA supervisory platforms, Horner field controllers, Anviz access control hardware, and BASControl20 building automation systems. The advisory assigns a moderate exploitation risk within 30 to 90 days for exposed deployments — which describes a large share of smart building installations.

April 28, 2026 OT-ISACICS-vulnerability

NIST's New OT Visibility Project: Why You Can't Secure What You Can't See in a Smart Office Network

NIST's National Cybersecurity Center of Excellence has announced a new initiative focused on helping critical infrastructure organizations gain visibility into their operational technology environments. The project addresses a foundational problem that smart office and connected building operators face: most organizations do not have an accurate, current picture of what OT and IoT devices are on their networks or what those devices are doing.

April 27, 2026 NISTOT-visibility