June 26, 2025
Summary: WaterISAC’s federal partners have shared new information indicating that nation state threat actors who routinely target critical infrastructure are actively researching the below vulnerabilities in Fortinet products, which could allow them to conduct future attacks.
Summary: This week, CISA, in partnership with the National Security Agency (NSA), released a joint guide on reducing memory-related vulnerabilities in modern software development. The joint guide titled “Memory Safe Languages: Reducing Vulnerabilities in Modern Software Development,” identifies the main obstacles in adopting memory safe languages, provides practical solutions to address these challenges, and emphas
Summary: On June 17 and 25, 2025, Citrix published security advisories for critical vulnerabilities impacting Citrix NetScaler ADC and NetScaler Gateway. The New York State Intelligence Center’s (NYSIC) Cyber Analysis Unit (CAU) has indicated that these products are now experiencing active exploitation in the wild.
Analyst Note: These vulnerabilities involve critical flaws in Citrix products similar to the 2023 Citrix Bleed incident (CVE-2023-4966), which saw heavy exploitation by ransomware gangs and nation-states.
Summary: Open-source reporting has revealed that in April, unidentified threat actors compromised the systems of a Norwegian dam and opened its water valve to full capacity. The valve ran at full capacity for four hours before being detected.
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:
ICS Advisories:
Summary: Many organizations unknowingly leave common vulnerabilities and weaknesses exposed to the internet, making them easy targets for exploitation. Misconfigured systems, default credentials, and outdated software are often publicly accessible through internet-based search and discovery platforms. By following CISA’s Internet Exposure Reduction Guidance, organizations can proactively identify and remove these exposures, reducing their online footprint and strengthening their cybersecurity posture.
Summary: Cybersecurity firm Censys recently released information regarding internet-exposed Human Machine Interfaces (HMIs) connected to water systems throughout the U.S. The blog post mentions that in October, Censys researchers identified nearly 400 web-based HMIs connected to U.S. water facilities that were exposed online. The systems were found to be in one of three states: Authenticated (credentials required), Read-only (viewable without control), and Unauthenticated (full access without credentials).
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
