Summary: On Tuesday, CISA, in collaboration with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and other international and U.S. partners, released new guidance for organizations seeking to procure Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
Summary: Security cameras represent some of the most common IoT devices installed in business and commercial environments. The proliferation of Internet of Things (IoT) devices - more specifically, security cameras - has forced organizations to rethink how they protect their physical hardware.
Summary: Yesterday, CISA and the FBI released a joint Cybersecurity Advisory (CSA) detailing the tactics, techniques, and procedures (TTPs), and indicators of compromise (IOCs) linked to threat actors deploying LummaC2 malware. This malware poses a serious threat, capable of infiltrating networks and exfiltrating sensitive information of vulnerable individuals’ and organizations’ computer networks across U.S. critical infrastructure sectors.
Summary: A joint Cybersecurity Advisory (CSA) was just released by over 20 federal and international partner agencies to highlight a Russian state-sponsored campaign targeting Western logistics entities and technology companies. The CSA provides an overview of targets, initial access tactics, techniques, and procedures (TTPS), and indicators of compromise (IOCs) that are associated with the campaign.
Summary: New insights have been shed into the problems that allowed the Chinese advanced persistent threat group known as Salt Typhoon to infiltrate several telecommunications companies’ networks over the last year. CyberScoop gives a detailed analysis of how telecoms may never fully eradicate the threat actor fromtheir networks.
Summary: Researchers at Cisco Talos have observed exploitation of CVE-2025-0994, a remote code execution (RCE) vulnerability in Cityworks software, by a Chinese advanced persistent threat known as UAT-6382.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
