(TLP:CLEAR) Supplemental Cyber Highlights – April 3, 2025

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Resilience

• AMWA endorses legislation to encourage WaterISAC participation | AMWA
• Exclusive: Gen. Paul Nakasone says China is now our biggest cyber threat | The Record
• Salt Typhoon: Securing America’s Telecommunications from State-Sponsored Cyber Attacks | Committee on Oversight

IT Vulnerability Security Updates

• Remote Code Execution through file upload to “$SPLUNK_HOME/var/run/splunk/apptemp“ directory in Splunk Enterprise | Splunk
• Mozilla patches Firefox bug ‘exploited in the wild’, similar to bug attacking Chrome | TechCrunch
• Critical auth bypass bug in CrushFTP now exploited in attacks | Bleeping Computer

IT Malware, Threats & Risks

• Why global tensions are a cybersecurity problem for every business | Help Net Security
• CoffeeLoader: A Brew of Stealthy Techniques | Zscaler
• ClickFix: Another Deceptive Social Engineering Technique | Logpoint
• The Weaponization of PDFs : 68% of Cyberattacks begin in your inbox, with 22% of these hiding in PDFs | Check Point

Ransomware

• RansomHub affiliates linked to rival RaaS gangs | We Live Security
• RaaS Evolved: LockBit 3.0 vs LockBit 4.0 | Deep Instinct
• CrazyHunter: The Rising Threat of Open-Source Ransomware | W/ Labs

Cyber Resilience, General Awareness, & AI

• Continuation of the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities | Federal Register
• Malicious, Suspicious or Safe? Eliminating Guesswork in Classifying Email Threats | Proofpoint
• 10 best practices for vulnerability management according to CISOs | CSO Online
• AI-enabled phishing and fake worker attacks on the rise | SC Media