(TLP:CLEAR) Supplemental Cyber Highlights – June 12, 2025
Created: Thursday, June 12, 2025 - 15:44
Categories: Cybersecurity, Security Preparedness
The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.
Critical Infrastructure Resilience
- Cyble finds escalating cyber threats in software supply chains across critical sectors | Industrial Cyber
- GAO finds gaps in CDM Program guidance, urges DHS to strengthen network security and data protection | Industrial Cyber
IT Vulnerability Security Updates
- Critical Vulnerability Patched in SAP NetWeaver | SecurityWeek
- NIST Publishes New Zero Trust Implementation Guidance – Infosecurity Magazine | Infosecurity Magazine
- Multiple Cisco Products Unauthenticated Remote Code Execution in Erlang/OTP SSH Server: April 2025 | CISCO
IT Malware, Threats & Risks
- Scattered Spider Uses Tech Vendor Impersonation to Target Helpdesks | Infosecurity Magazine
- SentinelOne Warns Cybersecurity Vendors of Chinese Attacks | Infosecurity Magazine
- Brute-force attacks target Apache Tomcat management panels | Bleeping Computer
- Researchers Detail Bitter APT’s Evolving Tactics as Its Geographic Scope Expands | The Hacker News
- New ‘SmartAttack’ Steals Air-Gapped Data Using Smartwatches | SecurityWeek
Ransomware
- Scattered Spider: Understanding Help Desk Scams and How to Defend Your Organization | The Hacker News
- Attackers exploit Fortinet flaws to deploy Qilin ransomware | Security Affairs
Cyber Resilience, General Awareness, & AI
- Enterprise SIEMs miss 79% of known MITRE ATT&CK techniques | Help Net Security
- SSH Keys: The Powerful Credential You Probably Ignore | Dark Reading
- Why DNS Security Is Your First Defense Against Cyber Attacks? | The Hacker News
- House committee sets CISA budget cut at $135M, not Trump’s $495M | CyberScoop
- 137 Key Cybersecurity Statistics for 2025 and Beyond | Huntress
- Zero-click AI data leak flaw uncovered in Microsoft 365 Copilot | Bleeping Computer