• Neeve
  • Posts
  • 💧 Hacktivists Breach Canada Water

💧 Hacktivists Breach Canada Water

Hacktivists penetrate Canadian water treatment, energy, and agricultural systems gaining ICS control. Shadow AI becomes second-most prevalent shadow IT threat with 27% using unapproved tools

Author

Alison Bridge
November 04, 2025

Welcome to your essential briefing on threats at the intersection of cybersecurity and critical infrastructure, brought to you by Neeve, the edge cloud security platform for smart buildings, making built spaces secure, intelligent, and sustainable.

This Week’s Cyber Insights

💧 Hacktivists Successfully Breach Canada's Critical Infrastructure

Hacktivists have successfully penetrated critical infrastructure systems across Canada, specifically targeting water treatment facilities, energy systems, and agricultural controls.

  • Multiple breaches confirmed across water, energy, and agricultural systems

  • Hacktivists gained control over industrial control systems

  • The intrusions create potential for dangerous conditions affecting public safety

  • Security agencies are calling for immediate defensive action.

🤔 The Bigger Picture: 

These coordinated attacks on multiple infrastructure types show how vulnerable interconnected systems can be. Building operators should immediately review access controls and network segmentation for their industrial systems.

⚡ CISA Issues High-Severity Alert for Hitachi Energy TropOS

ASKI Energy's ALS-Mini-S8 and ALS-Mini-S4 devices contain a critical vulnerability with a CVSS v4 score of 9.9, exposing systems to remote exploitation due to missing authentication controls.

  • CVSS v4 vulnerability score of 9.9 indicates extremely high risk

  • Missing authentication for critical functions enables unauthorized access

  • Vulnerability is remotely exploitable with low attack complexity

  • Both ALS-Mini-S8 and ALS-Mini-S4 models are affected

  • Organizations must prioritize immediate remediation to prevent exploitation

🤔 The Bigger Picture: 

Energy management systems in smart buildings using these devices face immediate compromise risk. Facility operators should conduct urgent assessments of their ASKI Energy deployments and implement network segmentation as a temporary measure.

🕵️ Shadow AI Now Second-Most Prevalent Form of Shadow IT

A new 1Password report surveying over 5,000 IT professionals and knowledge workers reveals shadow AI has become the second-most prevalent form of shadow IT in corporate environments, with over a quarter of workers using unapproved AI applications.

  • 27% of polled workers use AI-based applications that their employer did not buy or approve, while 37% follow company AI policies only "most of the time."

  • A non-negligible percentage of workers isn't even aware their company has an AI policy at all, suggesting organizations lack detailed AI usage policies and enforcement mechanisms.

  • Dutch security company Eye Security released "Prompt Injection for Good," an open-source tool that embeds compliance warnings into company documents to trigger alerts when employees use personal AI tools with corporate data.

  • The defensive prompt injection concept allows organizations to test prompts embedded in documents and email signatures, displaying CISO-written disclaimers about risks and consequences when employees upload corporate docs to unsanctioned AI platforms.

  • The prototype framework syncs with popular AI platforms and provides bulk testing capabilities, allowing defenders to continuously test and adjust their prompts as LLMs and guardrails get updated.

🤔 The Bigger Picture: 

Building automation credentials, facility security protocols, and operational technology configurations stored in corporate documents could be inadvertently uploaded to unsanctioned AI platforms by well-meaning employees. Facility operators should implement continuous monitoring for unsanctioned AI tools, establish clear policies that employees actually understand, and consider defensive prompt injection techniques to protect sensitive infrastructure data before it leaves your network.

Further Alerts & Insights

🏛️ Toronto Embeds Security Across Municipal Operations

City of Toronto Deputy CISO Andree Noel discusses how the municipality strengthens cyber defense by embedding security into strategic objectives and digital governance. The Office of the CISO, established in January 2020, uses data-driven metrics including incident response targets, compliance rates, and cyber awareness training to guide leadership in advancing municipal cyber resilience.

🏭 CISA Warns of Exploited DELMIA Factory Software Flaws

CISA added two DELMIA Apriso manufacturing execution system vulnerabilities (CVE-2025-6204 and CVE-2025-6205) to its Known Exploited Vulnerabilities list after detecting active exploitation. The flaws can be chained together to create privileged accounts and execute arbitrary code remotely, affecting releases 2020 through 2025—federal agencies must patch within three weeks.

🇯🇵 Japan Issues OT Security Guidance for Semiconductor Factories

Japan's Ministry of Economy, Trade and Industry published 130-page OT security guidance for semiconductor manufacturers, available in Japanese and English. The document leverages Japan's Cyber/Physical Security Framework and NIST CSF 2.0, covering asset management, vulnerability assessment, incident response, and physical access restrictions for chipmakers facing threats from profit-driven cybercriminals and state-sponsored actors.

🇮🇳 AI-Driven Cybercrime Threatens India's Economic Growth

Sophisticated hackers are leveraging advanced AI tools to exploit vulnerabilities in Indian corporations through increasingly prevalent ransomware attacks. The escalating threat of AI-driven cybercrime poses a significant risk to India's $5 trillion economy ambition, highlighting the urgent need for improved cybersecurity measures to protect critical infrastructure and economic stability.