Energy sector cybersecurity is a matter of national security, with power grids, pipelines, and utility systems representing critical infrastructure targets for nation-state actors. Industrial control systems and operational technology in energy environments face specialized threats. defend.network tracks threats to the energy sector including ICS/SCADA vulnerabilities, nation-state targeting, and regulatory developments.
Critical vulnerabilities in Palo Alto Networks and Ivanti EPMM under active exploitation. PCPJack credential stealer worm targeting cloud infrastructure. Russian state actors harvesting Office tokens via router compromise.
Critical supply-chain attacks on SAP npm packages and North Korean AI-assisted malware, combined with cPanel authentication bypass and state-sponsored credential harvesting, create immediate existential threats to enterprise infrastructure and critical systems.
Critical supply chain attacks on developer platforms, Russian state-sponsored token theft via router exploits, and unpatched Windows RPC privilege escalation demand immediate defensive action.
Critical threats include FIRESTARTER backdoor persistence on federal Cisco devices, Russian military token theft via router exploitation, Chinese APT GopherWhisper attacks, and four actively exploited CISA KEV vulnerabilities with May 2026 federal patching deadline.
Critical supply chain attacks via malicious Docker images and npm worms, state-sponsored credential theft campaigns targeting Microsoft Office, and destructive Lotus Wiper malware deployed against Venezuelan energy infrastructure require immediate response across all organizations.
Russian state-backed APT harvesting Microsoft tokens, 1,570+ Gentlemen ransomware victims, critical SD-WAN and RMM exploits, Windows Defender flaws—urgent patching required across infrastructure.
Critical RCE vulnerabilities in AI infrastructure (SGLang, Anthropic MCP) combined with state-sponsored APT campaigns targeting authentication systems and OT/healthcare infrastructure demand immediate patching and access controls.
Apache ActiveMQ actively exploited; Microsoft Defender zero-day disclosed; Russian state actors harvesting Office 365 tokens; ZionSiphon targets water infrastructure.
Critical Adobe Reader zero-day, CPUID supply-chain compromise distributing STX RAT, Russian APT harvesting Office tokens via router exploits, and Iranian actors targeting 4,000+ U.S. industrial control systems.
Critical threats span Iranian PLC targeting, Russian token harvesting, Marimo RCE exploitation within 10 hours, and GlassWorm IDE infections. Immediate patching and detection deployment required.
Critical exploitation of Marimo RCE, Iranian targeting of 4,000 US PLCs, and Russian token harvesting via routers demand immediate patching and access controls.
Russian APT28 conducting large-scale DNS hijacking via compromised routers for token theft; Iranian hackers targeting U.S. critical infrastructure PLCs; critical Docker and Flowise vulnerabilities under active exploitation.
State-sponsored Chinese APT embedded in telecom backbone, critical Langflow AI vulnerability actively exploited, wiper malware targeting Iran systems, and zero-click AI assistant vulnerabilities require immediate response.
AI-powered autonomous cyber espionage, device code phishing at 340+ organizations, and critical infrastructure vulnerabilities require immediate defensive action across all sectors.
Critical supply chain attacks on LiteLLM and development tools, wiper attacks on medical device manufacturer, and RCE vulnerabilities in manufacturing systems demand immediate response.
This week presents an exceptionally high-risk threat landscape dominated by active exploitation campaigns and critical infrastructure vulnerabilities. Federal agencies face an immediate Sunday deadlin
This week presents elevated risk from actively exploited vulnerabilities across network infrastructure, IoT devices, and enterprise software. Immediate patching is required for Cisco Firepower/ASA dev
This week presents elevated risk across OT/ICS sectors with multiple critical RCE vulnerabilities in industrial control systems and emerging threats to cloud infrastructure. Active exploitation of Mic
This week presents an elevated threat landscape dominated by actively exploited critical vulnerabilities in both IT and OT environments. Iranian-affiliated threat actors are actively targeting US crit
This week presents elevated risk with five critical vulnerabilities actively exploited in the wild, including FortiClient EMS and video conferencing systems requiring immediate patching. Organizations
This week reflects sustained critical threats across OT/ICS and enterprise systems with multiple actively exploited vulnerabilities. F5 BIG-IP APM (CVE-2025-53521) and Citrix NetScaler (CVE-2026-3055)
Subscribe free and never miss a threat briefing.