Cybersecurity firm Forescout has discovered that hundreds of industrial control systems and operational technology environments are dangerously exposed to the internet through unsecured VNC and RDP servers. Their research found 670 VNC servers providing direct access to ICS and OT control panels without any authentication, with nearly 60,000 VNC servers total lacking password protection and over 19,000 RDP servers vulnerable to the notorious BlueKeep exploit. The threat is already active, as Russia-linked hackers and the Redheberg botnet have been actively targeting these exposed systems, with recent attacks on water facilities in Israel and a groundwater pumping station.