The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
As Phishing-as-a-Service (PhaaS) offerings have lowered the barrier to entry for low-skilled threat actors, “Adversary-in-the-Middle” (AitM) attacks have become much less technical to execute. Open-source toolkits such as “EvilGinx3,” make phishing campaigns accessible to the most novice threat actors. With such frameworks, actors can easily create custom Office 365 login pages; mimic other popular websites such as Amazon, LinkedIn, Facebook, and X (formerly Twitter) to conduct opportunistic or highly targeted phishing campaigns.
Do you ever get the feeling users still don’t believe or understand how easy it is for threat actors to find information to use against them and/or our organizations? Or about how trivial it is for threat actors to blend in with normal activity? Are you fascinated or flabbergasted that the most simplistic good ol’ fashioned social engineering tricks (cyber or physical) are still successful after all these years?
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Incidents & Threats
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
CISA Releases One Industrial Control Systems Advisory
Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
‘Tis the season for fresh starts. To that end, WaterISAC is announcing the rebranding of its monthly Cyber Threat Briefing. While it will certainly continue to offer briefings on active threats and vulnerabilities or relevant incidents as appropriate, the slight name change will more closely embody the varied cyber resilience content this monthly webinar has been providing.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
IT Vulnerabilities
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
