Hey everyone! It's been a bit quiet on the news front over the last 24 hours, but we've got one significant update concerning an actively exploited SCADA vulnerability and a look at some sustained exploitation efforts. Let's dive in:
Actively Exploited SCADA XSS Added to CISA KEV ⚠️
- CISA has added CVE-2021-26829, a cross-site scripting (XSS) vulnerability in OpenPLC ScadaBR (affecting Windows through v1.12.4 and Linux through v0.9.1), to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation.
- This flaw was recently leveraged by the pro-Russian hacktivist group TwoNet, who targeted a Forescout honeypot (mistaking it for a water treatment facility). After gaining initial access via default credentials, they exploited the XSS to deface the HMI login page and disable logs/alarms.
- Separately, VulnCheck has identified a long-running exploit operation, active for about a year, originating from Google Cloud OAST infrastructure and primarily targeting Brazil. This operation scans for over 200 CVEs, including a custom variant of a Fastjson RCE flaw, demonstrating sustained, regionally-focused attack efforts.
📰 The Hacker News | https://thehackernews.com/2025/11/cisa-adds-actively-exploited-xss-bug.html
#CyberSecurity #ThreatIntelligence #Vulnerability #CVE #XSS #SCADA #ICS #CISA #KEV #Hacktivism #TwoNet #Exploitation #InfoSec #IncidentResponse
