The following posts are useful for general awareness of current cyber threats, vulnerabilities, guidance, and other cyber-related news or updates. These resources have been curated by the WaterISAC analyst team as items of broad relevance and benefit that do not need supplemental analysis at this time.

Critical Infrastructure Resilience & OT/ICS Vulnerability Management

• Cybersecurity for Water and Wastewater Systems | USDA Rural Development
• MEDIA ADVISORY: Select Committee on the Chinese Communist Party Holds Hearing — " End the Typhoons: How to Deter Beijing’s Cyber Actions and Enhance America’s Lackluster Cyber Defenses” | The Select Committee on the CCP
• Ransomware as a Service Threat Grows Against Local Governments | StateTech
• ICS Environments and Patch Management: What to Do If You Can’t Patch | Tripwire
• OT/ICS cyber threats escalate as geopolitical conflicts intensify | Help Net Security

IT Vulnerability Security Updates

• Exploited VMware ESXi Flaws Put Many at Risk of Ransomware, Other Attacks | SecurityWeek
• Critical Kibana Vulnerability (CVE-2025-25012) Exposes Systems to Code Execution, Patch Now | SOCRadar
• Cisco Secure Client for Windows with Secure Firewall Posture Engine DLL Hijacking Vulnerability | CISCO
• Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability | CISCO

IT Malware, Threats & Risks

• A new campaign targeting ISP infrastructure with infostealers | Broadcom
• Likely DPRK Network Backstops on GitHub, Targets Companies Globally | Nisos
• Mass exploitation campaign hit 4,000+ ISP networks to deploy info stealers and crypto miners | Security Affairs
• Phishing campaign used to deliver Havoc malware | Broadcom

Ransomware

• Black Basta Leak Offers Glimpse Into Group’s Inner Workings | SecurityWeek
• Update: Black Basta Ransomware and Threat Group | Intel 471
• Exploring Blockchain Solutions for Ransomware Prevention | Alvaka
• Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware | Bleeping Computer
• Fake BianLian ransom notes mailed to US CEOs in postal mail scam | Bleeping Computer

Cyber Resilience, General Awareness, & AI

• US charges Chinese hackers and government officials in a broad cybercrime campaign | AP News
• Former top NSA cyber official: Probationary firings ‘devastating’ to cyber, national security | CyberScoop
• Technology Alone Isn’t the Answer to Cyber Threats: Time to Rethink Security Culture | Group-IB
• Agentic AI: Redefining the Future of Autonomy in Business | Tripwire

Related WaterISAC PIRs: 6, 7, 8, 10, 11, 12