Summary: WaterISAC is pleased to share that the American Water Works Association (AWWA), with the help of many subject matter experts (SMEs) within the water sector including WaterISAC, has released significant updates and revisions to its cybersecurity resources to aid utilities in building their cyber resilience. This comes as water and wastewater systems in the U.S.
Summary: Proof-of-Concept (PoC) exploits have been released for a vulnerability in Fortinet FortiWeb that WaterISAC drew awareness to in last week’s SRU.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
ICS Advisories:
On July 17, 2025, CISA Released Three Industrial Control Systems Advisories for products used across multiple sectors, please check these latest advisories for specific equipment used across your ICS/SCADA environments and address accordingly:
Summary: Fortinet recently released its “2025 State of Operational Technology and Cybersecurity Report” which draws on data from a global survey of more than 550 OT professionals conducted by an independent research firm. The report highlights key areas where organizations need to bolster their defenses, especially as IT and OT environments become interconnected and exposed.
Summary: Due to several security research companies’ findings of active exploitation of a high-severity vulnerability in Citrix devices affecting NetScaler ADC and Gateway (CVE-2025-5777) dubbed CitrixBleed 2, members are encouraged to check for probing or compromise of these devices.
Summary: WaterISAC is sharing a cross-sector report co-authored by several leading Information Sharing and Analysis Centers (ISACs), including WaterISAC, that focuses on the continuing threat of North Korea IT workers on U.S. organizations. The report brings further awareness to what appears to be an enduring threat that many communities and sectors may not fully understand or appreciate the extent of.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
ICS Advisories:
On July 10, 2025, CISA Released Thirteen Industrial Control Systems Advisories for products used across multiple sectors, please check these latest advisories for specific equipment used across your ICS/SCADA environments and address accordingly:
June 26, 2025
Summary: WaterISAC’s federal partners have shared new information indicating that nation state threat actors who routinely target critical infrastructure are actively researching the below vulnerabilities in Fortinet products, which could allow them to conduct future attacks.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
