The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
On May 8, 2025, CISA Released Five Industrial Control Systems Advisories for products used across multiple sectors. Please check these latest advisories for specific equipment used across your ICS/SCADA environments and address accordingly:
Summary: This week, CISA, the FBI, EPA, and the Department of Energy (DOE) published a fact sheet urging critical infrastructure entities with operational technology (OT) and industrial control systems (ICS) to implement five primary mitigations that will strengthen their cybersecurity. The authoring organizations urge critical infrastructure entities to review this fact sheet and act now to improve their cybersecurity posture against active cyber threat activities specifically and intentionally targeting internet connected OT and ICS.
Summary: The East Rio Hondo Water Supply Corporation (ERHWSC), a mid-sized rural water utility in southern Texas, completed Phase One of the Cyber Readiness Institute’s (CRI) Water Utility Pilot Project, sponsored by Microsoft. This case study outlines ERHWSC’s journey through the pilot program, the challenges it faced, and the impact the initiative had on the organization and the broader community it serves.
Summary: The FBI published a FLASH to disseminate indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with 5Socks and Anyproxy cyber criminal services’ targeting malware that affects end-of-life (EOL) routers. Threat actors exploit known vulnerabilities to compromise EOL routers, install malware, and use the routers in a botnet they control to launch coordinated attacks or sell access to the devices as proxy services.
Summary: In April of 2025, Rapid7 discovered and disclosed three new vulnerabilities affecting SonicWall Secure Mobile Access (“SMA”) 100 series appliances (SMA 200, 210, 400, 410, 500v). These vulnerabilities are tracked as CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821. An attacker with access to an SMA SSLVPN user account can chain these vulnerabilities to make a sensitive system directory writable, elevate their privileges to SMA administrator, and write an executable file to a system directory. This chain results in root-level remote code execution.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
Summary: The FBI has released a FLASH report to disseminate 42,000 phishing domains linked to the LabHost phishing-as-a-service (PhaaS) platform between November 2021 and April 2024. The FBI is releasing this information to maximize awareness and provide indicators of compromise that may be used for cyber defense purposes.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
