Mackay Sugar, Australia's second-largest sugar producer, has shut down two of its Queensland mills after a cybersecurity incident, halting production and stopping sugarcane harvesting at the peak of the season. The company confirmed the attack on Wednesday and has brought in outside cybersecurity experts and local authorities to investigate and restore systems. It has not yet said who was responsible or whether data was stolen, but the operational shutdown is consistent with a ransomware attack. The incident is the latest example of attackers disrupting food and agriculture operations, a sector whose industrial systems are increasingly targeted for maximum pressure.
Universal Robots, the Danish maker of the PolyScope 5 collaborative-robot controllers used across manufacturing, logistics, automotive, and healthcare, has patched CVE-2026-8153, a CVSS 9.8 OS command injection in the Dashboard Server interface. The server accepts user-controlled input and passes it to the underlying Linux OS without proper neutralization, so anyone with network access to the Dashboard Server port can achieve unauthenticated remote code execution on the robot controller - effectively a Linux machine wired directly into physical machinery. Vera Mens of Claroty Team82 discovered and reported the flaw through CISA and CERT/CC's VINCE coordination. Exploitation requires the Dashboard Server to be enabled in the UI.
US officials believe Iranian-affiliated actors broke into internet-exposed automatic tank gauge (ATG) systems at gas stations across multiple states, then changed the displayed fuel levels without altering the actual amounts. The intrusions caused no shortages, but falsified ATG readings could theoretically hide a real fuel leak. ATGs have been a known soft target for over a decade. The activity tracks with a broader Iranian push during the war that began in late February: disruptions at US oil, gas, and water sites, shipping delays at Stryker, and the leak of FBI Director Kash Patel's emails. Attribution is preliminary because intruders left almost no forensic evidence.