A Mexican water utility disclosed eleven days of read-only access enabled by LLM-assisted reconnaissance. European sectoral SOCs face the same threat class within months. Behavioral baselines tuned to manual probing no longer detect the new tempo.
Schneider Electric disclosed a CVSS 9.8 pre-authentication remote code execution flaw in Modicon M340 and M580 PLCs on 22 April. Working exploit code appeared seventy-two hours later. EU operators should patch within fourteen days, not the ninety-day cycle NIS2 minimum language permits.