Author: Kevin Harrys

Erlang/OTP SSH Vulnerability: A Widespread Threat to OT Networks

August 15, 2025 (updated November 8, 2025) Published by Kevin Harrys

A critical SSH vulnerability in Erlang/OTP (CVE-2025-32433), discovered by Ruhr University Bochum, has been rapidly exploited in OT networks across multiple industries and countries, prompting urgent patching and security measures to prevent remote code execution and operational disruptions.

Category: Vulnerabilities

Tags: Erlang/OTP

Hackers use Windows RID hijacking to create hidden admin account

January 29, 2025 (updated June 29, 2025) Published by Kevin Harrys

Learn how hackers exploit Windows RID hijacking to create hidden admin accounts, posing serious security threats. Understand the dangers and take action to counter these stealth attacks effectively. Keep yourself informed and safeguard against potential intrusions.

Category: Vulnerabilities

Tags: counter hacking strategies, cybersecurity threat, hidden admin account, safeguarding measures, Windows RID hijacking

Ransomware gang uses SSH tunnels for stealthy VMware ESXi access

January 29, 2025 (updated June 29, 2025) Published by Kevin Harrys

Discover how cybercriminals leverage SSH tunnels to discreetly breach VMware ESXi servers. Experts raise alarms on growing covert access threats amid ransomware operations. Dive into the study shedding light on virtualization security risks.

Category: Vulnerabilities

Tags: Cybercriminals, SSH tunnels, Virtualization security, VMware ESXi

Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched

November 27, 2024 (updated June 29, 2025) Published by Kevin Harrys

Security experts express alarm as unpatched Fortinet VPN zero-day continues to fuel malicious attacks. Concerns grow over unresolved vulnerabilities posing a critical security threat. Hackers exploit flaws despite ongoing alerts to users, highlighting persistent risks in today’s cybersecurity landscape.

Category: Vulnerabilities

Tags: Fortinet

CISA says critical Fortinet RCE flaw now exploited in attacks

October 16, 2024 (updated June 29, 2025) Published by Kevin Harrys

Stay alert! CISA raises alarm as Fortinet RCE flaw exploits surge. Take immediate action to protect your systems.

Category: Vulnerabilities

Tags: Fortinet RCE

Ransomware Hits Critical Infrastructure Hard, Costs Adding Up

October 12, 2024 (updated June 29, 2025) Published by Kevin Harrys

The article iscusses the rising threat of ransomware attacks on critical infrastructure, highlighting the economic toll, challenges in securing vital systems, implications of recent attacks on public services, and government initiatives to combat cyber threats. The journalistic style and professional tone aim to inform readers about the severity of ransomware attacks on essential services and the importance of enhancing cybersecurity measures to safeguard critical infrastructure.

Category: Threats

Tags: Ransomware

American Water, the largest water utility in US, is targeted by a cyberattack

October 10, 2024 (updated June 29, 2025) Published by Kevin Harrys

Discover the implications of the recent cyberattack on American Water, the largest water utility in the US. Learn about the ongoing investigation and steps taken to safeguard national security.

Category: Consequences

Tags: American Water Cyberattack, American Water Utility

Microsoft Windows ‘Critical Vulnerability’ Warning—You Have 72 Hours To Update Your PC

October 6, 2024 (updated June 29, 2025) Published by Kevin Harrys

Stay protected from the latest high-risk security flaw! Microsoft issues urgent warning for Microsoft Windows users, update your PC within 72 hours to secure it. Time is running out.

Category: Vulnerabilities

Tags: Microsoft Windows

CISA: Network switch RCE flaw impacts critical infrastructure

October 6, 2024 (updated June 29, 2025) Published by Kevin Harrys

Discover the latest CISA alert on a critical network RCE switch flaw impacting infrastructure security. Learn why immediate action is crucial. WisePlant’s cybersecurity experts emphasize the importance of patching affected devices to protect against potential cyber threats. Collaborative efforts are essential to safeguard national security.

Category: Vulnerabilities

Tags: RCE

Microsoft ends development of Windows Server Update Services (WSUS)

September 22, 2024 (updated June 29, 2025) Published by Kevin Harrys

Discover the repercussions as Microsoft halts WSUS development. Learn about alternatives, community feedback, and the future of server updates.

Category: OTC News

Tags: Microsoft, WSUS

CISA warns of Windows flaw used in infostealer malware attacks

September 20, 2024 (updated June 29, 2025) Published by Kevin Harrys

CISA alerts of critical Windows flaw exploited in infostealer malware attacks, stressing urgent action. WisePlant is here to safeguard your systems.

Category: Vulnerabilities

Tags: CISA, Infostealer, Windows

FreeBSD Releases Urgent Patch for High-Severity OpenSSH Vulnerability

September 13, 2024 (updated June 29, 2025) Published by Kevin Harrys

FreeBSD takes swift action to address critical OpenSSH vulnerability, issuing urgent patch for heightened security.

Category: Vulnerabilities

Tags: FreeBSD, OpenSSH

0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Devices

September 13, 2024 (updated June 30, 2025) Published by Kevin Harrys

A recently discovered “0.0.0.0 Day” vulnerability that affects major web browsers like Chrome, Firefox, and Safari. This vulnerability could be exploited by malicious websites to gain unauthorized access to local networks on macOS and Linux devices.

Category: Vulnerabilities

Tags: Linux, macOS

VMware ESXi hypervisor vulnerability grants full admin privileges

August 12, 2024 (updated June 30, 2025) Published by Kevin Harrys

Security researchers at Microsoft have discovered a vulnerability in VMware ESXi hypervisors that has been exploited by ransomware operators to gain full administrative access to a domain-joined hypervisor.

Category: Vulnerabilities

Tags: VMware ESXi

ICS malware FrostyGoop takes advantage of Modbus weakness, remains a threat to OT worldwide.

August 1, 2024 (updated June 30, 2025) Published by Kevin Harrys

The malware leverages Modbus TCP communications to target operational technology assets — and can easily be repurposed to compromise other industrial controllers, putting widespread critical infrastructure at risk.

Category: Threats, Vulnerabilities

Tags: FrostyGoop, Modbus

PKfail Secure Boot bypass lets attackers install UEFI malware

July 30, 2024 (updated June 30, 2025) Published by Kevin Harrys

PKfail, a supply-chain issue, has affected hundreds of UEFI products for over 12 years, leaving nearly 900 devices vulnerable to malware installation. Vendors and users must follow best practices, apply updates and patches, monitor, and protect devices, and replace test keys. Prompt firmware upgrades are advised, and leaked AMI PK devices should be disconnected from critical networks.

Category: Vulnerabilities

Tags: PKFail

CISA warns of actively exploited Juniper pre-auth RCE exploit chain

November 20, 2023 (updated June 30, 2025) Published by Kevin Harrys

In addition, CISA is working with Juniper Networks to develop a patch for the vulnerabilities associated with the exploit chain. CISA is also working with other vendors to ensure that their products are not vulnerable to the exploit chain.

Category: Vulnerabilities

Tags: Juniper

Cisco warned customers of a high-severity cisco switch vulnerabilities.

July 18, 2023 (updated September 16, 2024) Published by Kevin Harrys

Cisco has recently warned customers of a high-severity vulnerability impacting some of its switch models. This vulnerability could allow attackers to tamper with encrypted traffic, potentially leading to data theft or other malicious activities. Cisco has released a security advisory to address the issue and is urging customers to update their systems as soon as possible.

Category: Vulnerabilities

Tags: Cisco

CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems

February 10, 2023 (updated September 16, 2024) Published by Kevin Harrys

CISA has issued a warning about critical vulnerabilities in Siemens, GE Digital, and Contec industrial control systems. These flaws could allow attackers to gain access to and manipulate the systems.

Category: Vulnerabilities

Tags: Contec, Energy, GE, Siemens

Researchers Discover New PlugX Malware Variant Spreading via Removable USB Devices

January 28, 2023 (updated September 16, 2024) Published by Kevin Harrys

“This PlugX variant is wormable and infects USB devices in such a way that it conceals itself from the Windows operating file system,” Palo Alto Networks Unit 42 researchers Mike Harbison and Jen Miller-Osborn said. “A user would not know their USB device is infected or possibly used to exfiltrate data out of their networks.”

Category: Threats

Tags: Black Basta, Malware, PlugX, Qakbot

Posts pagination

Page 1 Page 2 Next page

Latest News

The Solution to Non-Tolerable Consequences of an Incident in OT December 1, 2025
WisePlant Group LLC & WiseCourses LLC Reaffirm Leadership in Industrial Cybersecurity During Awareness Month 2025 October 7, 2025
Erlang/OTP SSH Vulnerability: A Widespread Threat to OT Networks August 15, 2025
Cybersecurity Maintenance in Industrial Plants July 10, 2025
Supporting Safe & Secure Plant Operations July 4, 2025
Security Acceptance Testing in Industrial Environments July 4, 2025
Implementing Safety and Security Measures in Industrial Environments July 2, 2025
Designing Cybersecurity for Control Systems in Industrial Plants June 30, 2025
Cyber Risk Analysis in Industrial Plants June 29, 2025
Explosion aboard sewage boat kills one person in New York City May 30, 2025
Explosion at diesel processing facility injures worker in mexico facility May 23, 2025
Analyzing the Cybersecurity Risk Formula to Calculate Risk May 18, 2025
Chemical plant fire in Spain sends several towns into lockdown May 15, 2025
A practical approach to Process safety (PS) Courses: New training program at WiseCourses May 15, 2025
The Flixborough disaster May 13, 2025

Upcoming Events

Notice

There are no upcoming events.

Contact Us

Contact us
Technical Support
Certified Partners Program

Price Lists

WiseCourses Training
WisePlant Solutions
The Shop Store

Training & Certification

WiseCourses Campus
Industrial Cybersecurity
Knowledge & Experience

OTC News

The News That Matters
Oil & Gas industries
Electrical energy industries
Consequences within OT
Vulnerabilities within OT
Threats to OT Domain
OTC Newsletter