Watering hole attacks are security exploitations that involve attackers who compromise organisations by infecting the websites they regularly use. In this case, the attackers observe the organisation to identify the websites they often use. Subsequently, they infect these websites with malware. Hackers who target specific organisations may only attack particular IP addresses, making it harder for them to be detected. In most cases, the websites are infected via zero-day vulnerabilities on their software or browsers. The best defence against watering hole attacks is installing the latest and most advanced software patches to address existing vulnerabilities. Additionally, companies should conduct regular website monitoring to detect and prevent suspicious traffic.