Supplemental Cyber Highlights – January 9, 2025

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Resilience

• The Role of Cybersecurity in Protecting Critical Infrastructure: Focus on Energy and Water Sectors | SOC Radar
• Cyber Threats Rising: US Critical Infrastructure Under Increasing Attack in 2025 | Tripwire
• CISA’s Greene details focus on strengthening cybersecurity resilience with KEV Catalog, CPGs, PRNI initiatives | Industrial Cyber
• Ransomware Targeting Infrastructure Hits Telecom Namibia | Dark Reading

IT Vulnerability Security Updates

• CVE-2025-0282: Ivanti Connect Secure Zero-Day Vulnerability Exploited In The Wild | Tenable
• SonicWall urges admins to patch exploitable SSLVPN bug immediately | Bleeping Computer
• Palo Alto Networks Patches High-Severity Vulnerability in Retired Migration Tool | SecurityWeek
• BIOS flaws expose iSeq DNA sequencers to bootkit attacks | Bleeping Computer
• Android patches several vulnerabilities in first security update of 2025 | CyberScoop
• Chrome 131, Firefox 134 Updates Patch High-Severity Vulnerabilities | SecurityWeek
• GFI KerioControl Firewall Vulnerability Exploited in the Wild | SecurityWeek

IT Malware, Threats & Risks

• Top 5 Malware Threats to Prepare Against in 2025 | The Hacker News
• The top target for phishing campaigns | Help Net Security
• Microsoft moves to disrupt hacking-as-a-service scheme that’s bypassing AI safety measures | CyberScoop

Cyber Resilience, General Awareness, & AI

• The ongoing evolution of the CIS Critical Security Controls | Help Net Security
• AI-supported spear phishing fools more than 50% of targets | Malwarebytes Labs