Cisa

Threat Intelligence 2026-04-09
CISA AA26-097A: CyberAv3ngers Exploit Rockwell PLCs Across US Water, Energy, and Government Systems
Six US agencies issue joint advisory after Iranian-affiliated CyberAv3ngers compromise Rockwell Allen-Bradley PLCs in water, energy, and government sectors, manipulating SCADA displays and control logic.
ics ot-security iran plc rockwell-automation cisa critical-infrastructure scada
vulnerabilities 2026-04-05
CVE-2026-4681: CVSS 10.0 Deserialization RCE in PTC Windchill Has German Police Knocking on Doors
A maximum-severity deserialization flaw in PTC Windchill and FlexPLM (CVE-2026-4681, CVSS 10.0) prompted German federal police to physically visit companies and wake up sysadmins. No patch yet. Here's what you need to know.
CVE-2026-4681 PTC Windchill FlexPLM deserialization RCE ICS CISA BSI
vulnerabilities 2026-04-02
CVE-2026-1579: Critical PX4 Autopilot Flaw Gives Attackers Full Drone Control via MAVLink
CISA advisory for CVE-2026-1579 reveals a CVSS 9.8 authentication bypass in PX4 Autopilot that lets unauthenticated attackers gain shell access to drones over MAVLink.
cve ics drones mavlink cisa ot-security

CISA AA26-097A: CyberAv3ngers Exploit Rockwell PLCs Across US Water, Energy, and Government Systems