The U.S. CISA has added CVE-2021-26829, a cross-site scripting vulnerability in OpenPLC ScadaBR, to its KEV catalog due to active exploitation. The threat actor TwoNet exploited this flaw to deface a honeypot and gain initial access, highlighting ongoing industrial system targeting. #CISA #OpenPLC #TwoNet #CVE202126829 #Honeypot
Keypoints
- CISA updated its KEV catalog to include CVE-2021-26829, a critical security flaw in OpenPLC ScadaBR.
- TwoNet exploited this vulnerability to deface a honeypot and conduct reconnaissance activities.
- The threat actor used default credentials and created a user account named βBARLATIβ during the breach.
- Active exploit operations are targeting regional infrastructure, notably in Brazil, via Google Cloud infrastructure.
- FCEB agencies are mandated to apply security fixes for this vulnerability by December 19, 2025.
Read More: https://thehackernews.com/2025/11/cisa-adds-actively-exploited-xss-bug.html