(TLP:CLEAR) Supplemental Cyber Highlights – June 19, 2025

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Resilience

• Cantwell demands answers from AT&T, Verizon over Chinese Salt Typhoon breach | Industrial Cyber
• Security flaws in government apps go unpatched for years | Help Net Security
• Virtual Routes highlights Europe’s water systems under siege from cyber attacks, provides policy recommendations | Industrial Cyber
• US offers $10 million for intel on Iran-linked hacker in ICS malware campaign against critical infrastructure  | Industrial Cyber
• US critical networks are prime targets for cyberattacks. They’re preparing for Iran to strike. | Politico
• NIST flags rising cybersecurity challenges as IT and OT systems increasingly converge through IoT integration | Industrial Cyber

IT Vulnerability Security Updates

• Chaining two LPEs to get “root”: Most Linux distros vulnerable (CVE-2025-6018, CVE-2025-6019) | Help Net Security
• Tenable Fixes Three High-Severity Flaws in Nessus | Infosecurity Magazine
• Critical Vulnerability Patched in Citrix NetScaler  | SecurityWeek
• Code Execution Vulnerabilities Patched in Veeam, BeyondTrust Products  | SecurityWeek

IT Malware, Threats & Risks

• CISOs brace for a surge in domain-based cyber threats | Help Net Security
• Israel-Iran conflict raises cyber risk for U.S. companies | Axios

Ransomware

• Anubis Ransomware Packs a Wiper to Permanently Delete Files | SecurityWeek
• CYFIRMA flags intensifying ransomware risk to healthcare sector led by US for-profit firms | Industrial Cyber

Cyber Resilience, General Awareness, & AI

• CIS Benchmarks June 2025 Update | Center for Internet Security
• What CISOs need to know about agentic AI | Help Net Security