The scope of the Salt Typhoon Campaign is continues to increase as senior White House officials revealed last week that telecommunications companies in dozens of countries have been breached by Salt Typhoon, eight of which are major internet service providers (ISPs) located in the U.S.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience & OT Vulnerability Management
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
Today, CISA, in partnership with the National Security Agency (NSA), the FBI, and international partners, released “Enhanced Visibility and Hardening Guidance for Communications Infrastructure” to provide best practices to protect against a People’s Republic of China (PRC)-affiliated threat actor that has compromised networks of major global telecommunications providers.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
Researchers at Nozomi Networks Labs have recently discovered 20 distinct vulnerabilities in Advantech EKI wireless access points. These access points are known for their resilience in challenging environments and are thus used in diverse sectors, including the water sector.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience & OT Vulnerability Management
The 2024 State of the Internet Report from Censys reveals data of over 145,000 internet-exposed ICS devices globally, with more than one-third located in the U.S. alone.
As artificial intelligence (AI) tools continue to proliferate among nearly all sectors and organizations, risks associated with their use will also continue to multiply. OWASP – the Open Worldwide Application Security Project – recently updated its list of the top dangers facing large language models (LLMs). The “OWASP Top 10 for LLM Applications 2025” explores the latest risks, vulnerabilities, and mitigations for developing and securing generative AI and LLMs across the development, deployment, and management lifecycle.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
