CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Increased ICS Vulnerability Exploits and Hacktivist Activity in 2025

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

In 2025, cyber threat actors, including both cybercriminals and hacktivists, significantly increased their attacks on industrial control systems (ICS) and operational technology (OT) environments. The number of ICS vulnerability disclosures nearly doubled compared to 2024, with Siemens and Schneider Electric being the most affected vendors. Ransomware attacks also surged, particularly targeting manufacturing and healthcare sectors, while hacktivist groups focused on energy, utilities, and transportation sectors. The report predicts continued targeting of exposed HMI and SCADA systems in 2026.

Timeline

  1. 15.01.2026 17:00 1 articles · 4h ago

    ICS Vulnerability Disclosures and Exploits Surge in 2025

    In 2025, ICS vulnerability disclosures nearly doubled compared to 2024, with 2451 vulnerabilities reported across 152 vendors. Siemens and Schneider Electric were the most affected, with Siemens reporting 1175 vulnerabilities and Schneider 163, though Schneider had a higher percentage of critical vulnerabilities. Ransomware attacks increased by 37%, targeting manufacturing and healthcare sectors, while hacktivist groups focused on energy, utilities, and transportation sectors. The report predicts continued targeting of exposed HMI and SCADA systems in 2026.

    Show sources
    Open in new tab

Information Snippets

  • ICS vulnerability disclosures increased from 1690 in 2024 to 2451 in 2025, with 152 vendors affected in 2025 compared to 103 in 2024.

    First reported: 15.01.2026 17:00
    1 source, 1 article
    Show sources

  • August 2025 saw a significant spike in ICS vulnerability disclosures, with 802 vulnerabilities reported that month alone.

    First reported: 15.01.2026 17:00
    1 source, 1 article
    Show sources

  • Siemens had the most ICS vulnerabilities reported (1175), followed by Schneider Electric (163), though Schneider had a higher percentage of high and critical vulnerabilities (70% vs. less than 40% for Siemens).

    First reported: 15.01.2026 17:00
    1 source, 1 article
    Show sources

  • Manufacturing and healthcare sectors were the most targeted by ransomware attacks in 2025, with 600 and 477 entities affected, respectively.

    First reported: 15.01.2026 17:00
    1 source, 1 article
    Show sources

  • Hacktivist groups like Z-Pentest, Dark Engine, and Sector 16 increasingly targeted ICS and OT environments, with Z-Pentest being the most active.

    First reported: 15.01.2026 17:00
    1 source, 1 article
    Show sources

  • Cyble identified 5967 ransomware attacks in 2025, a 37% increase from 2024, and 57 new ransomware groups emerged.

    First reported: 15.01.2026 17:00
    1 source, 1 article
    Show sources

  • Hacktivism was driven by geopolitical conflicts, including the Israel-Iran conflict and India-Pakistan tensions, leading to 1.5 million intrusion attempts.

    First reported: 15.01.2026 17:00
    1 source, 1 article
    Show sources