VulnHub

Real-time Cybersecurity News

Internet-exposed Modbus ICS devices threaten critical infrastructure

SCM feed for Latest
Critical

Overview

Researchers have identified 179 industrial control devices connected to the internet that are using the Modbus protocol, which lacks basic security features like encryption and authentication. These devices, spread across 20 countries, are often part of critical infrastructure systems such as power grids. The presence of these exposed devices poses a significant risk, as they can be targeted by attackers looking to disrupt essential services. This situation raises alarms about the security practices in place for industrial systems, especially considering the potential consequences of a successful attack. Companies operating such systems need to reassess their security measures to protect against unauthorized access.

Key Takeaways

  • Affected Systems: Modbus ICS devices used in power grids and industrial systems
  • Action Required: Companies should implement proper security measures, including firewalls and network segmentation, to limit exposure of Modbus devices to the internet.
  • Timeline: Newly disclosed

Original Article Summary

Internet-facing industrial control devices connected to the default Modbus port, commonly used by power grids and other industrial systems, reached 179 across 20 countries despite the protocol's absence of encryption and authentication, indicating a significant risk to critical infrastructure entities, Cybernews reports.

Impact

Modbus ICS devices used in power grids and industrial systems

Exploitation Status

The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.

Timeline

Newly disclosed

Remediation

Companies should implement proper security measures, including firewalls and network segmentation, to limit exposure of Modbus devices to the internet.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Critical.

Read Original Article

Related Coverage

New ‘LucidRook’ malware used in targeted attacks on NGOs, universities

BleepingComputer

Researchers have discovered a new malware known as LucidRook, which is written in Lua and is being deployed in targeted spear-phishing campaigns aimed at non-governmental organizations (NGOs) and universities in Taiwan. This malware is particularly concerning because it represents a shift in tactics, focusing on sectors often involved in sensitive and impactful work. Attackers are leveraging deceptive emails to compromise their targets, potentially leading to data breaches or other security incidents. The targeting of educational and humanitarian organizations indicates that attackers are seeking valuable information that could be exploited for various malicious purposes. Organizations in these sectors need to be vigilant and enhance their security measures to defend against such threats.

Apr 9, 2026

Iranian attacks on US critical infrastructure puts 3,900 devices in crosshairs

CyberScoop

Researchers from Censys have identified a significant cybersecurity threat posed by Iranian government-backed actors targeting critical infrastructure in the United States. This campaign is specifically aimed at energy, water, and government services, putting approximately 3,900 exposed devices at risk. The focus on these vital sectors raises alarms about potential disruptions to essential services. The implications of such attacks could be severe, affecting both public safety and national security. As the situation develops, organizations operating in these sectors need to enhance their cybersecurity measures to protect against potential intrusions.

Apr 9, 2026

Contagious Interview campaign expands further

SCM feed for Latest

The North Korean hacking group behind the Contagious Interview campaign has expanded its operations, releasing over a dozen new malicious packages across various programming ecosystems, including npm, PyPI, Go Modules, crates.io, and Packagist. Since the campaign began in January 2025, more than 1,700 harmful packages have been identified. These malicious packages are designed to compromise systems and facilitate malware installation, posing a significant risk to developers and organizations that rely on these ecosystems for software development. Users need to be cautious about the packages they download and verify their sources to avoid falling victim to these attacks.

Apr 9, 2026

Iranian cyberattacks to continue amid ceasefire

SCM feed for Latest

The Iranian hacking group Handala has announced that it will continue its cyberattacks against Israel and plans to resume operations against the United States. This declaration comes during a fragile two-week ceasefire between Iran and both the U.S. and Israel. The group’s ongoing cyber threats pose significant risks to critical infrastructure and data security in these regions. Continuous cyber operations could disrupt services and heighten tensions in an already volatile geopolitical landscape, making it crucial for organizations in these countries to bolster their cybersecurity measures. The situation is particularly concerning given the potential for escalation in both cyber and traditional military engagements.

Apr 9, 2026

Russia's 'Fancy Bear' APT Continues Its Global Onslaught

darkreading

The Russian cyber espionage group known as Fancy Bear is reportedly continuing its global attacks, targeting various organizations around the world. Experts warn that while victims may not possess the same level of technical sophistication as the attackers, they must take proactive steps to protect themselves. Essential measures include regularly patching software vulnerabilities and implementing zero trust security models to enhance defenses. The ongoing activity of Fancy Bear underscores the need for organizations, regardless of size or technical expertise, to prioritize cybersecurity practices to mitigate risks. As these attacks evolve, awareness and preparedness are crucial for safeguarding sensitive data and systems.

Apr 9, 2026

Eurail data breach impacted 308,777 people

Security Affairs

In December 2025, hackers successfully breached Eurail's systems, resulting in the theft of personal information belonging to 308,777 travelers. The compromised data includes names and passport numbers, raising significant concerns about potential identity theft and the misuse of sensitive information. Eurail is now in the process of notifying those affected by the breach, emphasizing the urgent need for vigilance among individuals whose data may be at risk. This incident underscores the ongoing vulnerability of companies to cyberattacks and the importance of implementing stronger security measures to protect customer information.

Apr 9, 2026