Quarterly Threat Report: OT\ICS: Hidden Equipment with Quiet Risks - Q3 2025

This in-depth quarterly report uncovers how the convergence of operational technology and IT networks is exposing critical infrastructure systems—like access control, fire safety, HVAC, and UPS—to sophisticated cyber threats, and outlines actionable strategies for resilience.

As physical systems like access control, fire alarms, HVAC, and UPS equipment become increasingly integrated into enterprise networks and cloud platforms, they introduce new and often overlooked cybersecurity risks. The Q3 2025 OT/ICS Threat Report from UltraViolet Cyber reveals how attackers are exploiting vulnerabilities in these systems—ranging from hardcoded credentials and unencrypted communications to insecure APIs and firmware flaws—to bypass traditional defenses and disrupt operations.

Real-world incidents in 2025 have shown how these threats can lead to physical damage, safety hazards, and systemic outages. The report emphasizes the urgent need for organizations to treat facilities management technologies as critical components of their cybersecurity strategy. Key recommendations include asset inventories, network segmentation, encrypted protocols, strong authentication, and centralized monitoring.

Read the full report to explore detailed threat analyses, CVEs, and actionable protective measures: