Cybersecurity

(TLP:CLEAR) CISA Releases New Guidance for Reducing Memory-Related Vulnerabilities

Summary: This week, CISA, in partnership with the National Security Agency (NSA), released a joint guide on reducing memory-related vulnerabilities in modern software development. The joint guide titled “Memory Safe Languages: Reducing Vulnerabilities in Modern Software Development,” identifies the main obstacles in adopting memory safe languages, provides practical solutions to address these challenges, and emphas

Read more about (TLP:CLEAR) CISA Releases New Guidance for Reducing Memory-Related Vulnerabilities

(TLP: CLEAR) Multiple Vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway Under Active Exploitation

Summary: On June 17 and 25, 2025, Citrix published security advisories for critical vulnerabilities impacting Citrix NetScaler ADC and NetScaler Gateway. The New York State Intelligence Center’s (NYSIC) Cyber Analysis Unit (CAU) has indicated that these products are now experiencing active exploitation in the wild.

Analyst Note: These vulnerabilities involve critical flaws in Citrix products similar to the 2023 Citrix Bleed incident (CVE-2023-4966), which saw heavy exploitation by ransomware gangs and nation-states.

Read more about (TLP: CLEAR) Multiple Vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway Under Active Exploitation

(TLP:CLEAR) Threat Actors' Breach of Norwegian Dam Cause Valve to Open at Full Capacity

Summary: Open-source reporting has revealed that in April, unidentified threat actors compromised the systems of a Norwegian dam and opened its water valve to full capacity. The valve ran at full capacity for four hours before being detected.

Read more about (TLP:CLEAR) Threat Actors' Breach of Norwegian Dam Cause Valve to Open at Full Capacity

(TLP:CLEAR) Supplemental Cyber Highlights – June 26, 2025

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Resilience

Read more about (TLP:CLEAR) Supplemental Cyber Highlights – June 26, 2025

(TLP:CLEAR) CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – June 26, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:

ICS Advisories:

Read more about (TLP:CLEAR) CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – June 26, 2025

(TLP:CLEAR) Supplemental Cyber Highlights – June 19, 2025

Critical Infrastructure Resilience

Read more about (TLP:CLEAR) Supplemental Cyber Highlights – June 19, 2025

(TLP:CLEAR) CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – June 19, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS security advisories, along with additional alerts, updates, and bulletins:

ICS Advisories:

Read more about (TLP:CLEAR) CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – June 19, 2025

(TLP:CLEAR) CISA Shares Internet Exposure Reduction Guidance

Summary: Many organizations unknowingly leave common vulnerabilities and weaknesses exposed to the internet, making them easy targets for exploitation. Misconfigured systems, default credentials, and outdated software are often publicly accessible through internet-based search and discovery platforms. By following CISA’s Internet Exposure Reduction Guidance, organizations can proactively identify and remove these exposures, reducing their online footprint and strengthening their cybersecurity posture.

Read more about (TLP:CLEAR) CISA Shares Internet Exposure Reduction Guidance

(TLP:CLEAR) Censys Identified Nearly 400 Internet-Exposed HMIs Connected to U.S. Water Facilities

Summary: Cybersecurity firm Censys recently released information regarding internet-exposed Human Machine Interfaces (HMIs) connected to water systems throughout the U.S. The blog post mentions that in October, Censys researchers identified nearly 400 web-based HMIs connected to U.S. water facilities that were exposed online. The systems were found to be in one of three states: Authenticated (credentials required), Read-only (viewable without control), and Unauthenticated (full access without credentials).

Read more about (TLP:CLEAR) Censys Identified Nearly 400 Internet-Exposed HMIs Connected to U.S. Water Facilities

(TLP:CLEAR) Supplemental Cyber Highlights – June 12, 2025

Critical Infrastructure Resilience

Read more about (TLP:CLEAR) Supplemental Cyber Highlights – June 12, 2025

You are here

Cybersecurity

(TLP:CLEAR) CISA Releases New Guidance for Reducing Memory-Related Vulnerabilities

(TLP: CLEAR) Multiple Vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway Under Active Exploitation

(TLP:CLEAR) Threat Actors' Breach of Norwegian Dam Cause Valve to Open at Full Capacity

(TLP:CLEAR) Supplemental Cyber Highlights – June 26, 2025

(TLP:CLEAR) CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – June 26, 2025

(TLP:CLEAR) Supplemental Cyber Highlights – June 19, 2025

(TLP:CLEAR) CISA ICS Advisories, Additional Alerts, Updates, and Bulletins – June 19, 2025

(TLP:CLEAR) CISA Shares Internet Exposure Reduction Guidance

(TLP:CLEAR) Censys Identified Nearly 400 Internet-Exposed HMIs Connected to U.S. Water Facilities

(TLP:CLEAR) Supplemental Cyber Highlights – June 12, 2025

Pages

You are here

Cybersecurity

Pages

Footer Email Signup