VulnHub

Real-time Cybersecurity News

Nearly 4,000 US industrial devices exposed to Iranian cyberattacks

BleepingComputer
Actively Exploited
Critical

Overview

Iranian-linked hackers have targeted U.S. critical infrastructure by exploiting vulnerabilities in nearly 4,000 internet-connected programmable logic controllers (PLCs) made by Rockwell Automation. These devices are essential for controlling various industrial processes, making them prime targets for cyberattacks that could disrupt operations. The exposure of these PLCs raises significant concerns about the security of critical infrastructure, as successful attacks could lead to severe disruptions in industries such as manufacturing and energy. Researchers are urging companies using these devices to take immediate action to strengthen their cybersecurity measures and protect against potential intrusions. This incident serves as a reminder of the ongoing risks posed by state-sponsored cyber activities and the need for enhanced defenses in industrial environments.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Programmable Logic Controllers (PLCs) by Rockwell Automation
  • Action Required: Companies should enhance cybersecurity measures, including network segmentation, regular software updates, and monitoring for unusual activity.
  • Timeline: Newly disclosed

Original Article Summary

The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufactured by Rockwell Automation. [...]

Impact

Programmable Logic Controllers (PLCs) by Rockwell Automation

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Companies should enhance cybersecurity measures, including network segmentation, regular software updates, and monitoring for unusual activity.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Critical.

Read Original Article

Related Coverage

GlassWorm evolves with Zig dropper to infect multiple developer tools

Security Affairs

The GlassWorm campaign has evolved significantly since its inception in 2025, now utilizing a Zig-based dropper embedded in a fake Integrated Development Environment (IDE) extension. This method targets developer tools, allowing attackers to compromise systems through malicious software packages. Initially starting with harmful npm packages, the campaign has escalated to large-scale supply chain attacks affecting platforms like GitHub, npm, and Visual Studio Code. Additionally, the attackers have deployed Remote Access Trojans (RATs) via counterfeit browser extensions. This evolution raises concerns for developers and organizations, as it highlights the growing sophistication of supply chain threats in the software development ecosystem.

Apr 11, 2026

FBI Recovers Deleted Signal Messages Through iPhone Notifications

Hackread – Cybersecurity News, Data Breaches, AI and More

Recent court proceedings have revealed that messages sent via the Signal app can still be accessed by the FBI through iPhone notification data, even after users have deleted them. This discovery raises significant concerns about privacy and the effectiveness of end-to-end encryption, as it suggests that deleted messages may not be entirely erased from device records. The implications of this finding are serious for Signal users, particularly those who rely on the app for confidential communications. The case highlights the potential vulnerabilities in how smartphones handle notifications and data retention, prompting users to reconsider the security of their communications. It also raises questions about the extent to which law enforcement can retrieve deleted digital information, which could affect how individuals perceive their privacy in the digital age.

Apr 11, 2026

CVE-2026-39987: Marimo RCE exploited in hours after disclosure

Security Affairs

A serious vulnerability in the open-source Python notebook tool Marimo, identified as CVE-2026-39987, has been exploited within just 10 hours of its disclosure on April 8, 2026. This flaw has a CVSS score of 9.3, indicating its severity and potential impact. Researchers from the Sysdig Threat Research Team reported that attackers began exploiting this vulnerability almost immediately, raising alarms about the security of systems using Marimo. This incident underscores the urgency for users and organizations relying on this tool to take immediate action to protect their systems from potential breaches. Quick exploitation of such vulnerabilities demonstrates the need for timely patching and awareness in the cybersecurity community.

Apr 11, 2026

ShinyHunters Claims Rockstar Games Snowflake Breach via Anodot

Hackread – Cybersecurity News, Data Breaches, AI and More

ShinyHunters, a known hacking group, claims to have gained access to data from Rockstar Games' Snowflake platform due to a breach involving Anodot, a data analytics company. They have threatened to leak this data on April 14 unless their ransom demands are met. This incident raises concerns about the security of sensitive information related to Rockstar, a major player in the gaming industry. If the breach is legitimate, it could expose user data and proprietary information, impacting both the company and its customers. The situation is still developing, and Rockstar Games has not yet confirmed the breach or provided details on any potential data compromise.

Apr 11, 2026

US Treasury to offer free cybersecurity intelligence to crypto firms

SCM feed for Latest

The U.S. Treasury Department's Office of Cybersecurity and Critical Infrastructure Protection has announced a new initiative aimed at sharing cyber threat intelligence with cryptocurrency firms. This program is designed to help these companies better identify, prevent, and respond to cyber threats, especially as attacks on the crypto sector grow more frequent and sophisticated. The initiative comes in response to increasing concerns over security vulnerabilities in the cryptocurrency market, which has become a prime target for cybercriminals. By providing free intelligence resources, the Treasury hopes to strengthen the security posture of these firms and protect consumers. This move reflects a broader recognition of the need for enhanced security measures in the rapidly evolving digital currency landscape.

Apr 10, 2026

Hims Breach Exposes the Most Sensitive Kinds of PHI

darkreading

Hims, a telehealth company, has suffered a data breach that exposes sensitive personal health information (PHI) of its users. The breach could reveal details about users' conditions, such as baldness, obesity, or erectile dysfunction. The attackers may misuse this data for identity theft, targeted phishing scams, or other malicious activities. This incident raises serious concerns about the protection of personal health data in the telehealth sector, highlighting the ongoing challenges companies face in safeguarding sensitive information. Users of Hims should be vigilant about potential phishing attempts and monitor their accounts for unusual activity.

Apr 10, 2026