(TLP:CLEAR) Supplemental Cyber Highlights – May 22, 2025
Created: Thursday, May 22, 2025 - 14:58
Categories: Cybersecurity, OT-ICS Security, Security Preparedness
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
- Critical Flaw Allows Remote Hacking of AutomationDirect Industrial Gateway | SecurityWeek
- ‘Whatever we did was not enough’: How Salt Typhoon slipped through the government’s blind spots | CyberScoop
- A cyberattack was responsible for the week-long outage affecting Cellcom wireless network | Security Affairs
- DHS releases GNSS Test Vector Suite to boost PNT security for critical infrastructure | Industrial Cyber
- Experts found rogue devices, including hidden cellular radios, in Chinese-made power inverters used worldwide | Security Affairs
- Up to 25% of Internet-Exposed ICS Are Honeypots: Researchers | SecurityWeek
IT Vulnerability Security Updates
- Critical Zero-Days Found in Versa Networks SD-WAN/SASE Platform | Infosecurity Magazine
- Cisco Patches High-Severity DoS, Privilege Escalation Vulnerabilities | SecurityWeek
- Flawed WordPress theme may allow admin account takeover on 22,000+ sites (CVE-2025-4322) | Help Net Security
- A critical flaw in OpenPGP.js lets attackers spoof message signatures | Security Affairs
IT Malware, Threats & Risks
- Asia Produces More APT Actors, as Focus Expands Globally | Dark Reading
- Hazy Hawk gang exploits DNS misconfigs to hijack trusted domains | Bleeping Computer
- Duping Cloud Functions: An emerging serverless attack vector | Cisco Talos
Ransomware
- Breaking Down Ransomware Attacks and How to Stay Ahead | Huntress
- OT Ransomware on the Rise: What You Need to Know and How to Prepare | SANS
Cyber Resilience, General Awareness, & AI