(TLP:CLEAR) Supplemental Cyber Highlights – May 1, 2025

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Resilience

• Oregon DEQ won’t say if ransomware group took employee data in cyberattack | DataBreaches.Net
• Emera, Nova Scotia Power respond to cybersecurity breach; incident response teams mobilized | Industrial Cyber
• The Persistent Threat of Salt Typhoon: Tracking Exposures of Potentially Targeted Devices | Censys
• Complaints about ransomware attacks on US infrastructure rise 9%, FBI says | Reuters
• Noem calls for reauthorization of cyberthreat information sharing law during RSA keynote | The Record
• Krebs: People should be ‘outraged’ at efforts to shrink federal cyber efforts | The Record

IT Vulnerability Security Updates

• SEIKO EPSON Printer Vulnerabilities Let Attackers Execute Arbitrary Code | Cyber Security News
• SAP fixes suspected NetWeaver zero-day exploited in attacks | Bleeping Computer

IT Malware, Threats & Risks

• Phishing Domains Associated with LabHost PhaaS Platform Users | FBI
• The Rapid Evolution of CLEARFAKE Delivery | Kroll
• Cloudflare mitigates record number of DDoS attacks in 2025 | Bleeping Computer
• Scams 2.0: How Technology Is Powering the Next Generation of Fraud | Tripwire

Ransomware

• Phishing in Teams: the new ransomware frontline | Expel
• Ransomware debris: an analysis of the RansomHub operation | Group-IB
• A closer look at Fog ransomware | Barracuda
• Phorpiex Botnet Delivers LockBit Ransomware with Automated Tactics | Infosecurity Magazine
• DragonForce expands ransomware model with white-label branding scheme | Bleeping Computer

Cyber Resilience, General Awareness, & AI

• VeriSource cops to 4 million accounts lost in 2024 data breach | SC Media
• This Email Sounds Like It Came From Your Boss. But It Didn’t. | Symantec
• NVIDIA Riva Vulnerabilities Leave AI-Powered Speech and Translation Services at Risk | Trend Micro
• Fortinet Threat Report: AI Fuels Record Surge in Automated Cyberattacks | Security Info Watch
• Risks of Using AI Models Developed by Competing Nations | Dark Reading
• Microsoft Confirms $1.50 Windows Security Update Hotpatch Fee Starts July 1 | Forbes
• Key Takeaways from the 2025 Global Threat Landscape Report | Fortinet
• Selecting a Protective DNS Service | CISA & NSA
• How Organizations Can Leverage Cyber Insurance Effectively | Dark Reading
• Advanced Cryptography | Deciding when to use Advanced Cryptography to protect your data | UK National Cybersecurity Centre
• Exposure Management Works When the CIO and CSO Are in Sync | Tenable