CISA releases an ICS security advisory affecting a smart facility system. LockBit threatens to release Royal Mail data tomorrow. Cl0p ransomware expands to Linux-based systems. A vulnerability is identified in Toyota's GSPIMS. There’s an ESXiArgs update: new trackers and mitigation tools are available. Russia is running two new cyberespionage campaigns against Ukraine. Our guest is Roya Gordon from Nozomi Networks discusses the ICS Threat Landscape. And The Washington Post’s Tim Starks provides analysis on last night’s State of the Union.

For links to all of today's stories check out our CyberWire daily news briefing:
https://thecyberwire.com/newsletters/daily-briefing/12/26

Selected reading.
CISA Releases One Industrial Control Systems Advisory (CISA) 
LockBit group threatens to publish stolen Royal Mail data tomorrow (Computing) 
Cl0p Ransomware Targets Linux Systems with Flawed Encryption | Decryptor Available (SentinelOne)
Hacking into Toyota’s global supplier management network (Eaton Works)
Researcher breaches Toyota supplier portal with info on 14,000 partners (BleepingComputer)
Vulnerability Provided Access to Toyota Supplier Management Network (SecurityWeek)
CISA Releases ESXiArgs Ransomware Recovery Script (CISA)
ESXiArgs Ransomware Campaign Targets VMWare ESXi Vulnerability (SecurityScorecard)
Graphiron: New Russian Information Stealing Malware Deployed Against Ukraine (Symantec)
Remcos software deployed in spying attempt on Ukraine’s government, CERT says (The Record from Recorded Future News)
The State of the Union was light on cybersecurity (Washington Post)
Biden calls for action on privacy rights in State of the Union (CyberScoop)