A series of cyberattacks on Poland's water plants in 2025 resulted in hackers gaining access to industrial control systems at five facilities, allowing them to modify equipment settings. The breaches, confirmed by Poland's Internal Security Agency, are suspected to be the work of Russia-linked advanced persistent threat groups. The attacks demonstrate a significant escalation in hybrid warfare tactics, with state-sponsored hackers targeting critical infrastructure. The incidents occurred at facilities located in various parts of the country, including Jabłonna, and are considered one of the most egregious examples of state-linked hacking in Europe. The ability to alter equipment settings poses a significant threat to public health and safety. This incident matters to cybersecurity practitioners because it signals an evolution in attack methods, which may lead to downstream regulatory and supply-chain effects1.