Summary: Yesterday, CISA published a blog post reemphasizing their efforts to close the software understanding gap. This comes out of a national effort to enhance the ability to construct and analyze software to understand its functionality, safety, and security before organizations place it into use, both as producers and consumers of software.
Summary: Check Point Research recently published its Q2 2025 Ransomware Report showing shifts in the ransomware threat landscape. Based on leak site data and threat intelligence, the report indicates that attackers are mixing AI with classic extortion tactics.
The below vulnerabilities have been identified by WaterISAC analysts as important for water and wastewater utilities to prioritize in their vulnerability management efforts. WaterISAC shares critical vulnerabilities that affect widely used products and may be under active exploitation. WaterISAC draws additional awareness in alerts and advisories when vulnerabilities are confirmed to be impacting, or have a high likelihood of impacting, water and wastewater utilities.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
Summary: SC Media recently published an article showing that a significant percentage of past employees use and share employer passwords after leaving the company. In a survey conducted by Password Manager, 1,200 U.S. workers were asked questions about password use.
Summary: Yesterday, CISA, the EPA, and other federal partners released comprehensive guidance to help operational technology (OT) owners and operators across all critical infrastructure sectors create and maintain OT asset inventories and supplemental taxonomies.
Analyst Note: An asset inventory is a regularly updated, structured list of an organization's systems, hardware, and software. It includes a categorization system—a taxonomy—that classifies assets based on their importance and function.
The below vulnerabilities have been identified by WaterISAC analysts as important for water and wastewater utilities to prioritize in their vulnerability management efforts. WaterISAC shares critical vulnerabilities that affect widely used products and may be under active exploitation. WaterISAC draws additional awareness in alerts and advisories when vulnerabilities are confirmed to be impacting, or have a high likelihood of impacting, water and wastewater utilities.
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
Summary: WaterISAC and EPA have released the latest quarterly edition of the National Security Information Sharing Bulletin (ISB), developed for water and wastewater utilities. Each issue focuses on key security and resilience topics, including cybersecurity, physical security, and natural disasters.
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
