President Biden has signed an executive order (EO) aimed at regulating generative AI systems, recognizing their transformative potential and potential risks. The order focuses on ensuring the safe and responsible use of AI, including with respect to critical infrastructure.
FIRST, the Forum of Incident Response and Security Teams, will release this week version 4.0 of the Common Vulnerability Scoring System (CVSS). CVSS is an open framework that allows organizations and researchers to communicate specific characteristics and severities of software vulnerabilities.
CISA has introduced a valuable toolset designed to assist companies with their logging requirements. "Logging Made Easy (LME)," LME is a reimagined offering by CISA, that transforms a well-established log management solution into a reliable, centralized log management alternative.
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
ICS/OT/SCADA Vulnerabilities & Threats
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
ICS/OT/SCADA Vulnerabilities & Threats
The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:
ICS Vulnerability Advisories:
The FBI’s Internet Crime Complaint Center (IC3) is issuing an updated Public Service Announcement (PSA) to help organizations better understand and guard against the inadvertent recruitment, hiring, and facilitation of Democratic People's Republic of Korea (DPRK, a.k.a. North Korea) information technology (IT) workers.
Last week, CISA, the National Security Agency (NSA), the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint guide, “Phishing Guidance: Stopping the Attack Cycle at Phase One.” The joint guide outlines phishing techniques threat actors commonly employ and provides guidance for network defenders to help reduce the impact of phishing attacks.
The following posts are useful for general awareness of current threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
1620 I Street, NW, Suite 500
Washington, DC 20006
1-866-H2O-ISAC (1-866-426-4722)
© 2025 WaterISAC. All Rights Reserved.
