CyberScoop reports that tech manufacturers have been urged by the Cybersecurity and Infrastructure Security Agency to remove default passwords from their software and devices following the widespread exploitation of Unitronics' programmable logic controllers that impacted water utilities across the U.S. "Studies by CISA show that the use of default credentials, such as passwords, is a top weakness that threat actors exploit to gain access to systems, including those within U.S. critical infrastructure," said CISA.