The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its list of exploited vulnerabilities (KEVs), reporting a new vulnerability affecting OpenPLC ScadaBR , due to ongoing active exploitation indications. This security flaw, identified as CVE-2021-26829 with a CVSS score of 5.4, affects Windows and Linux versions of the software due to a cross-site scripting (XSS) vulnerability in the system_settings.shtm page. Just over a month after Forescout reported that a pro-Russian hacktivist group known as TwoNet had targeted its honeypot in September 2025, mistaking it for a water treatment plant, the security flaw was added to the KEV catalog. Affected versions include: “The