Skip to main content
blackhat.ie
All Sectors

Critical Infrastructure

ireland

Energy, water, telecoms, transport

NIS2 Essential Entity

Compliance tags are AI-generated and should not be cited as regulatory evidence without independent review.

Total (30d)

67

Critical

16

High

21

Medium

29

67 threats in last 30 days( 45% vs prior period)
Top Threat Actors
MuddyWaterIran7 mentionsCharming KittenIran3 mentionsSandwormRussia2 mentionsTurlaRussia2 mentionsVolt TyphoonChina2 mentions
Top ATT&CK Techniques
T1190Exploit Public-Facing Application90x

Deploy WAF rules, patch public-facing apps within 48h of CVE disclosure, segment DMZ from internal networks, and run authenticated vulnerability scans weekly.

T1078Valid Accounts27x

Enforce MFA on all accounts, implement conditional access policies, audit privileged accounts quarterly, and monitor for impossible-travel logins.

T1059Command and Scripting Interpreter18x

Disable unused scripting interpreters, enforce PowerShell Constrained Language Mode, log all script block execution via ScriptBlockLogging.

T1498Network Denial of Service10x

Deploy upstream DDoS mitigation (Cloudflare/AWS Shield), configure rate limiting on public endpoints, and maintain a DDoS response runbook.

T1071Application Layer Protocol7x

Inspect TLS traffic at the proxy (break-and-inspect), deploy network IDS/IPS signatures for known C2 frameworks, and baseline normal DNS/HTTP patterns.

T1486Data Encrypted for Impact5x

Maintain offline/immutable backups tested monthly, enable ASR rules against ransomware, and deploy behavioural detection for mass file encryption patterns.

T1078.001Valid Accounts4x

Enforce MFA on all accounts, implement conditional access policies, audit privileged accounts quarterly, and monitor for impossible-travel logins.

T10683x
T1204User Execution3x

Block execution of downloaded files via Mark-of-the-Web + SmartScreen, train users on social engineering, and sandbox browser downloads.

T1566Phishing3x

Enforce DMARC (p=reject), SPF, and DKIM on all domains; block executable attachments at the mail gateway; conduct quarterly phishing simulations.

Compliance Exposure
NIS2-Art21-2e(150)NIS2-Art21-2b(52)DORA-Art17-23(21)NIS2-Art21-2c(7)NIS2-Art21-2a(4)NIS2-Art21-2d(2)GDPR-Breach(1)DORA-Art5-16(1)NIS2-Art21-2f(1)NIS2-Art21-2g(1)
Technologies
SCADAICSOTPLCsSiemensABBSchneider

Recent Intelligence

Unauth Log Download Vuln

A vulnerability in the firmware of Phoenix Contact's CHARX SEC-3xxx charging controllers allows unauthenticated adjacent attackers to download log files, potentially disclosing restricted information. This affects users of these charging controllers, who should take immediate action to update their firmware. Affected parties should visit the provided link for more details on CVSS scores, affected products, and timelines.

3/6/2026High

ABB T-MAC Plus XSS Vulnerability

A cross-site scripting vulnerability was discovered in ABB T-MAC Plus 4.0-24, affecting an unknown function and allowing remote attacks. Users of this software should be cautious of potential manipulation. No exploit is currently available.

3/6/2026Medium

ABB T-MAC Plus Vulnerability

A critical vulnerability has been identified in ABB T-MAC Plus 4.

3/6/2026Critical

ABB T-MAC Plus Vulnerability

A vulnerability has been reported in ABB T-MAC Plus 4.0-24, allowing remote access to files or directories. Users of this software are advised to monitor for updates and apply patches as soon as they become available. No exploit is currently available, but the vulnerability is considered problematic.

3/6/2026Medium

Phoenix Contact CHARX SEC info disclosure

A vulnerability in Phoenix Contact CHARX SEC devices allows information disclosure when exploited. The vulnerability affects CHARX SEC-3000, CHARX SEC

3/6/2026Medium

EIPStackGroup OpENer Vulnerability

A security vulnerability has been detected in EIPStackGroup OpENer, affecting the SendRRData Handler component, which can be remotely exploited. Users of EIPStackGroup OpENer up to version 2.3.0 are affected and should take action to mitigate the vulnerability. The project has been informed of the issue but has not yet responded.

3/6/2026Medium

Anthropic Expands AI-Based Vulnerability Hunting

Anthropic has expanded its Project Glasswing initiative to include 150 additional companies, focusing on critical infrastructure such as power, water, and healthcare. This move aims to enhance vulnerability identification, but raises concerns about the ability of vendors to triage and patch issues in a timely manner. Organizations should be prepared to adapt to

3/6/2026Medium

Gallagher Credentials Exposure

A vulnerability in Gallagher Command Centre Service installers may expose Service Account credentials, affecting sites that use custom Service Accounts. To mitigate, affected sites should change the Service Account password and delete installer log files. This vulnerability has a severity score of 8.1, indicating a high risk.

25/5/2026High

Besen EV Charging Station Vulnerability

A vulnerability in the Besen BS20 EV Charging Station's BLE/UDP component allows for insufficiently protected credentials, affecting users with the device on their local network. To mitigate this risk, users should ensure their local network is secure and monitor for updates from Besen. The vulnerability was reported to Besen in April 2026 and is currently under review.

24/5/2026Medium

Besen EV Charger Vulnerability

A vulnerability was discovered in the Besen BS20 EV Charging Station, affecting an unknown functionality of the Firmware Version Check component, allowing improper restriction of rendered UI layers. The vulnerability can be exploited remotely and has been reported to Besen, who are reviewing the issue as of April 2026. Users of the affected charging station should be aware of the potential risk and monitor for updates.

24/5/2026Medium

Advantech WebAccess/SCADA Vulnerability

A vulnerability has been discovered in Advantech WebAccess and SCADA, affecting the Create New Project User Handler component. This issue allows for cross-site scripting attacks when the decryption argument is manipulated. Users of affected systems should review their security configurations and monitor for suspicious activity.

22/5/2026Medium

CVE-2026-1815: Session Expiration Vuln

A vulnerability has been discovered in the Turkiye Electricity Transmission Corporation Mobile Application, allowing for session expiration via remote manipulation. Users of the application are affected, and upgrading to a newer version is recommended. No exploit is currently available.

21/5/2026Medium

Honeywell Module Vulnerability

A vulnerability in Honeywell International Control Network Module up to version 110.2 exposes file and directory information. This issue affects users of the Control Network Module, potentially

21/5/2026Medium

Honeywell Control Module Vulnerable

A critical vulnerability has been discovered in Honeywell International Control Network Module, affecting versions up to 110.2, allowing for remote command injection attacks. Users of this module are advised to take immediate action to mitigate potential exploitation. The vulnerability can be exploited remotely, and although no public exploit is available, users should prioritize patching

21/5/2026Critical

CODESYS Info Disclosure Vulnerability

A remote, authenticated attacker can exploit a vulnerability in CODESYS to disclose sensitive information. Users of CODESYS are affected and should take immediate action to patch the vulnerability. The CERT-Bund advisory recommends updating to the latest version of CODESYS to mitigate the issue.

21/5/2026Medium

Microsoft Patches Zero-Days

Microsoft has released patches for two zero-day vulnerabilities, UnDefend and RedSun Defender, which could be exploited to elevate privileges or create a denial-of-service condition. Users of affected systems are advised to apply the patches as soon as possible. The vulnerabilities could impact any Windows system that has not been updated.

21/5/2026High

Water Utility Hacked via Zombie Account

A water utility's system was compromised after a former employee's account was not deactivated, allowing hackers to gain control. The incident highlights the importance of timely account management and access revocation. Affected organizations should review their account de

21/5/2026High

Taiko AG1000-01A Auth Bypass

A critical authentication bypass vulnerability has been discovered in the Taiko AG1000-01A SMS Alert Gateway, affecting versions Rev 7.3 and Rev 8. This vulnerability allows unauthenticated attackers to access internal application pages without session management or server-side authentication checks, potentially leading to unauthorized modification of device configuration and disruption of monitoring and control functions. Users of affected devices should take immediate action to mitigate this vulnerability.

20/5/2026Critical

Kieback & Peter DDC520 Vulnerability

A cross-site scripting vulnerability has been discovered in Kieback & Peter DDC520 up to version

20/5/2026Medium

ZKTeco CCTV Camera Vulnerability

A critical vulnerability has been discovered in certain ZKTeco CCTV camera models, exposing sensitive information through an unauthenticated export service. This affects users of these camera models, potentially allowing unauthorized access to camera account credentials and other critical data

20/5/2026Critical
All SectorsLatest Intelligence