(TLP:CLEAR) Supplemental Cyber Highlights – April 17, 2025

Author: Chase Snow

Created: Thursday, April 17, 2025 - 13:11

Categories: Cybersecurity, OT-ICS Security, Security Preparedness

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Resilience

Water Corp still grappling with ransomware fall-out | The Tribune
Hacktivists Target Critical Infrastructure, Move Into Ransomware | Cyble
People’s Republic of China activity targeting network edge routers: Observations and mitigation strategies | Canadian Centre for Cyber Security
Cyber threats against energy sector surge as global tensions mount | Help Net Security
Industrial Cybersecurity in 2025: Insights from a Live Game Show-Style Panel | Industrial Cyber

IT Vulnerability Security Updates

Critical Erlang/OTP SSH Flaw Exposes Many Devices to Remote Hacking | SecurityWeek
Vulnerabilities Patched in Atlassian, Cisco Products | SecurityWeek
Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence | The Hacker News

IT Malware, Threats & Risks

Network Edge Devices the Biggest Entry Point for Attacks on SMBs | Infosecurity Magazine
Identity Attacks Now Comprise a Third of Intrusions | Infosecurity Magazine
The Sophos Annual Threat Report: Cybercrime on Main Street 2025 | Sophos
Q1 2025 Global Cyber Attack Report from Check Point Software: An Almost 50% Surge in Cyber Threats Worldwide, with a Rise of 126% in Ransomware Attacks | Check Point
Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit | SecurityWeek

Ransomware

Are Ransomware Victims Paying Less? Insights from the Latest Stay Ahead of Ransomware Live Stream | SANS
Unpacking IABs: The Middlemen Fueling Ransomware Attacks | Information Security Buzz
Black Basta: The Fallen Ransomware Gang That Lives On | Wired

Cyber Resilience, General Awareness, & AI

US Senators Push for Stronger Cybercrime and Computer Fraud Legislation | Tripwire
Google blocked over 5 billion ads in 2024 amid rise in AI-powered scams | Bleeping Computer
CISA extends MITRE-backed CVE contract hours before its lapse | NextGov