The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA Releases Four Industrial Control Systems Advisories
Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.
CSO Online has written an article discussing the complexities of crisis communication for local governments suffering from a ransomware incident.
Dark Reading has written an article discussing the simultaneous rise in total number of ransomware victims and fall in number of victims affected by major ransomware gangs, which suggests a growing number of smaller ransomware operators having success in the market.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
Alerts, Updates, and Bulletins:
Threat actors are increasingly exploiting legitimate online services to conduct attacks for stealing credentials and exfiltrating data while remaining undetected from unsuspecting victims, according to security researchers at Check Point.
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Security Intelligence has written an article discussing the trend of repeated targets in cyber attacks and why they occur. According to Cymulate, 67 percent of companies that suffered a cyber attack are attacked again within one year, which rises to 80 percent if it’s a ransomware attack.
Exploiting technical vulnerabilities is only part of the threat-scape – typically accomplished by the more sophisticated (or well-resourced) actors or groups. However, by volume, threat actors spend much more time and effort hitting us in our inboxes, via infected websites, and exploiting other human vectors, such as phones and MFA. Proofpoint’s 2023 Human Factor Report corroborates the countless incidents we see every day, that social engineering remains the most common technique with the vast majority using some element of psychological manipulation.
WaterISAC regularly provides awareness of recent CISA reporting. While direct relevance to your utility/organization on the details of each report may vary, activity alerts, advisories, and information like this are practical for general awareness and greater understanding of active threats and adversary capabilities.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, along with other cybersecurity alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA Releases Fourteen Industrial Control Systems Advisories
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
