Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: ot (3 articles)Clear

Cyberattack halts Australia's second-largest sugar producer mid-harvest

Mackay Sugar, Australia's second-largest sugar producer, has shut down two of its Queensland mills after a cybersecurity incident, halting production and stopping sugarcane harvesting at the peak of the season. The company confirmed the attack on Wednesday and has brought in outside cybersecurity experts and local authorities to investigate and restore systems. It has not yet said who was responsible or whether data was stolen, but the operational shutdown is consistent with a ransomware attack. The incident is the latest example of attackers disrupting food and agriculture operations, a sector whose industrial systems are increasingly targeted for maximum pressure.

Check
Food, agriculture, and manufacturing operators should review how cleanly their IT and operational-technology networks are separated, and confirm a ransomware shutdown of IT could not halt production lines.
Affected
Industrial and agricultural organizations where a compromise of business IT systems can cascade into operational-technology environments and force a full production shutdown, as happened at Mackay Sugar's mills.
Fix
Segment IT from operational-technology networks, keep offline tested backups, rehearse ransomware recovery for production systems, and pre-arrange incident-response and authority contacts before an attack hits.

Universal Robots PolyScope 5 cobots: unauthenticated RCE on Dashboard Server (CVE-2026-8153, CVSS 9.8) - patch out

Universal Robots, the Danish maker of the PolyScope 5 collaborative-robot controllers used across manufacturing, logistics, automotive, and healthcare, has patched CVE-2026-8153, a CVSS 9.8 OS command injection in the Dashboard Server interface. The server accepts user-controlled input and passes it to the underlying Linux OS without proper neutralization, so anyone with network access to the Dashboard Server port can achieve unauthenticated remote code execution on the robot controller - effectively a Linux machine wired directly into physical machinery. Vera Mens of Claroty Team82 discovered and reported the flaw through CISA and CERT/CC's VINCE coordination. Exploitation requires the Dashboard Server to be enabled in the UI.

Check
Inventory Universal Robots PolyScope 5 deployments and their firmware version. Identify whether the Dashboard Server is enabled and reachable from any network beyond the management VLAN.
Affected
Universal Robots PolyScope 5 controllers with the Dashboard Server enabled and its port reachable by the attacker. Cobots in manufacturing, logistics, automotive, and healthcare are typical deployments.
Fix
Apply Universal Robots' patch for CVE-2026-8153. Disable the Dashboard Server where not strictly needed. Place cobot controllers on a separate OT VLAN with strict ACLs from corporate networks.

Iran-linked hackers breached US gas station fuel-tank gauges - online ATG systems with no password protection

US officials believe Iranian-affiliated actors broke into internet-exposed automatic tank gauge (ATG) systems at gas stations across multiple states, then changed the displayed fuel levels without altering the actual amounts. The intrusions caused no shortages, but falsified ATG readings could theoretically hide a real fuel leak. ATGs have been a known soft target for over a decade. The activity tracks with a broader Iranian push during the war that began in late February: disruptions at US oil, gas, and water sites, shipping delays at Stryker, and the leak of FBI Director Kash Patel's emails. Attribution is preliminary because intruders left almost no forensic evidence.

Check
Inventory ATG and fuel-management endpoints. Search Shodan for your /27s on port 10001 (Veeder-Root) and similar ATG signatures. Pull access logs from internet-reachable OT controllers for unexpected reads or display changes.
Affected
US fuel retailers and distributors operating ATG systems (Veeder-Root, Franklin Electric INCON, Gilbarco) exposed to the internet with weak credentials. Same pattern applies to water utilities and other internet-facing ICS endpoints.
Fix
Remove ATG and OT management interfaces from the public internet. Put them behind VPN with MFA, segment OT from IT networks, and document manual gauging procedures for outages.