(TLP:CLEAR) Supplemental Cyber Highlights – May 15, 2025

The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Resilience

• Update to How CISA Shares Cyber-Related Alerts and Notifications | CISA
• Risky Bulletin: EU launches its own vulnerability database | Risky Business News

IT Vulnerability Security Updates

• Chrome 136 Update Patches Vulnerability With ‘Exploit in the Wild’ | SecurityWeek
• New Chrome Vulnerability Enables Cross-Origin Data Leak via Loader Referrer Policy | The Hacker News
• Asus DriverHub Vulnerabilities Expose Users to Remote Code Execution Attacks | SecurityWeek

IT Malware, Threats & Risks

• Google says hackers behind UK retail cyber campaign now also targeting US | The Record
• Phishing Campaign Mimics Email Quarantine Notifications: 32,000 Emails Target 6,358 Customers | Check Point
• Agentic AI used by threat actors to turbocharge cyberattacks | SC Media

Ransomware

• For Ransomware, Time (to Ransom) is Money | Huntress
• Ransomware spreads faster, not smarter | Help Net Security  
• How Interlock Ransomware Affects the Defense Industrial Base Supply Chain | Security Affairs
• Ransomware Reloaded: Why 2025 Is the Most Dangerous Year Yet | Check Point

Cyber Resilience, General Awareness, & AI

• Insider risk management needs a human strategy | Help Net Security  
• Six Ways Exposure Management Helps You Get Your Arms Around Your Security Tools | Tenable
• 73% of CISOs admit security incidents due to unknown or unmanaged assets | CSO Online
• Why security teams cannot rely solely on AI guardrails | Help Net Security