Blogs – Security

CVE / NIST

CISA News

CISA Blog

Cybersecurity Advisories

ICS Advisories

ICS Medical Advisories

Packet Storm Security

The Hacker News

NIST Allocates Over $3 Million to Small Businesses Advancing AI, Biotechnology, Semiconductors, Quantum and More 2026-02-10
NIST is allocating funding to eight small businesses in seven states under the Small Business Innovation Research (SBIR) program.
Sarah Henderson
Space: The Final Frontier for Standards 2026-02-09
Seven NIST reference materials, including house dust and freeze-dried human liver tissue, have been flown to the International Space Station.
Sarah Henderson
CAISI Issues Request for Information About Securing AI Agent Systems 2026-01-12
The Center for AI Standards and Innovation (CAISI) at the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has published a Request for Information (RFI) seeking insights from industry, academia, and the security
Peter Cihon
NIST Launches Centers for AI in Manufacturing and Critical Infrastructure 2025-12-22
NIST has expanded its collaboration with the nonprofit MITRE Corporation as part of its efforts to ensure U.S. leadership in artificial intelligence.
Sarah Henderson
NIST Physicists Bring Unruly Molecules to the Quantum Party 2025-12-18
Molecules can serve as versatile building blocks for quantum technologies, but they are much harder to control than atoms.
Sarah Henderson
Securing Smart Speakers for Home Health Care: NIST Offers New Guidelines 2025-12-17
Cybersecurity and privacy risks can threaten patient confidentiality.
Sarah Henderson
Draft NIST Guidelines Rethink Cybersecurity for the AI Era 2025-12-16
New guidelines can help an organization determine ways to incorporate AI into its operations while mitigating cybersecurity risks.
Sarah Henderson
Department of Commerce Announces Transition of Baldrige Performance Excellence Program 2025-12-11
Beginning with the 2026 award cycle, the Alliance for Performance Excellence and the Baldrige Foundation will take on most operations for the program.
Sarah Henderson
What Time Is It on Mars? NIST Physicists Have the Answer. 2025-12-01
This calculation is necessary for future space navigation and communication networks.
Sarah Henderson
Building a Sustainable Metals Infrastructure: NIST Report Highlights Key Strategies 2025-11-20
Making metals processing more sustainable and resilient will support U.S industrial innovation and competitiveness.
Sarah Henderson
CAISI Evaluation of DeepSeek AI Models Finds Shortcomings and Risks 2025-09-30
The Center for AI Standards and Innovation at NIST evaluated several leading models from DeepSeek, an AI company based in the People’s Republic of China.
Sarah Henderson
NIST Engineers Design 5 New Ways to Connect Concrete Pieces for More Resilient Buildings 2025-09-29
One of the biggest challenges with precast concrete is connecting the concrete pieces at a job site.
Sarah Henderson
NIST Issues Broad Agency Announcement for Proposals to Advance Microelectronics Technologies 2025-09-24
The CHIPS for America funding opportunity will support critical research, prototyping and commercial solutions that advance microelectronics technology in the United States.
Sarah Henderson
NIST Awards More Than $3 Million to Support Cybersecurity Workforce Development Across 13 States 2025-09-17
There are currently more than 514,000 cybersecurity job openings in the U.S.
Sarah Henderson
In Quantum Sensing, What Beats Beating Noise? Meeting Noise Halfway. 2025-09-10
A team including scientists at NIST may have found a new way of dealing with noise at the microscopic scales where quantum physics reigns.
Sarah Henderson
Champlain Towers South Investigation Nears Completion of Technical Work 2025-09-09
Investigators share likely failure scenarios, advance indicators of building’s distress.
Sarah Henderson
NIST’s ‘Living Reference Material’ Could Accelerate R&D of Lifesaving Biological Drugs 2025-09-08
The NIST reference material, called NISTCHO, will help the biopharmaceutical industry develop new drugs more quickly and ensure that they are safe and effective.
Sarah Henderson
Some Air Cleaners Release Harmful By-Products. Now We Have a Way to Measure Them. 2025-09-02
Many types of air cleaners can generate small amounts of air pollution. Until now, there was no standard way to measure these negative by-products.
Sarah Henderson
NIST Revises Security and Privacy Control Catalog to Improve Software Update and Patch Releases 2025-08-27
The catalog revision is part of NIST’s response to a recent executive order on strengthening the nation’s cybersecurity.
Sarah Henderson
New Technique for Measuring DNA Damage Could Improve Cancer Therapy and Radiological Emergency Response 2025-08-21
The technology, which may someday be as portable as a smartphone, promises faster and more accurate measurements of radiation exposure, potentially saving lives in critical situations.
Sarah Henderson

2068 Mass Metrology Seminar 2026-10-19
The Mass Metrology Seminar is a two-week, "hands-on" seminar. It incorporates approximately 30 percent lectures and 70 percent demonstrations and laboratory work in which the participant performs measurements by applying procedures and equations
Yvonne A. Branden
NIST OWM Info Hour: The Critical Role of Device Audit Trails 2026-10-15
“Device Audit Trails are an alternative to lead and wire seals. They are the guardians of trust-capturing every action, proving integrity, and turning compliance from a checkbox into accountability.” At the completion of this Info Hour, you will be
Pamela L Corey
2095 Lab Metrology Info Hour - 2026 Recognition Q&A 2026-10-14
We will review OWM 2026 annual submission requirements for state laboratory program participants, including an overview and examples of the special technical assessment topic to supplement the training provided during the 2026 RMAPs. This session is
Pamela L Corey
2083 MidAmerica Measurement Assurance Program, MidMAP** 2026-09-22
NIST Handbook 143, Program Handbook (2019) details the criteria used for OWM Laboratory Recognition. NIST Handbook 143, Section 4 and Table 2 notes that annual attendance at the RMAP training session is required for ongoing laboratory Recognition
Pamela L Corey
NIST OWM Info Hour: Examination Procedure Outlines - A Guide for Evaluating Commercial Devices to NIST Handbook 44 Requirements 2026-09-17
Examination Procedure Outlines or EPOs are a guide for evaluating commercial weighing and measuring devices to NIST Handbook 44 requirements. Designed to assist the field official, EPOs are also useful for sectors that design, sell, service, and use
Pamela L Corey
NIST Small Business Community of Interest Quarterly Calls 2026-09-16
NIST's Small Business Cybersecurity Community of Interest (COI) has been established to convene the public and private sectors to share business insights, expertise, challenges, and perspectives to guide our work and assist NIST in addressing the
Vontress Henderson
2094 Lab Metrology Info Hour - Review of critical updates to ASTM documentary standards and Q&A 2026-09-10
This review of updates to relevant documentary standards, either completed or underway, will focus on ASTM E617-23, Standard Specification for Laboratory Weights and Precision Mass Standards and ASTM E898-20, Standard Practice for Calibration of Non
Pamela L Corey
NIST OWM Info Hour: Portable Digital Density Meters used for the Commercial Inspection of Packaged Liquid Foodstuffs and Beverages 2026-09-03
In 2025, NIST OWM provided an Info Hour to review comparison data of portable digital density meters (PDDM) to NIST HB 133 test procedures for determining the density of homogeneous liquid food products for liquid package inspections. The results
Pamela L Corey
2082 Southwest Assurance Program, SWAP** 2026-09-01
NIST Handbook 143, Program Handbook (2019) details the criteria used for OWM Laboratory Recognition. NIST Handbook 143, Section 4 and Table 2 notes that annual attendance at the RMAP training session is required for ongoing laboratory Recognition
Pamela L Corey
NIST OWM Info Hour: Suitability of Separate Elements-Weighing Devices 2026-08-20
This Info Hour will provide information, followed by a discussion identifying how to navigate HB 44 to determine the compatibility of indicating and weighing/load-receiving elements for weighing systems that incorporate separate elements. This is
Pamela L Corey
2064 Calibration Method Validation 2026-08-13
This 2-hour webinar on Calibration Method Validation will examine the ISO/IEC 17025:2017 requirements for selection of calibration methods and for method validation and provide guidance on developing a process for validating a new or modified
Yvonne A. Branden
2070 Balance and Scale Calibration and Uncertainties 2026-08-03
This 4-day seminar will cover the calibration and use of analytical weighing instruments (balances and laboratory/bench-top scales), including sources of weighing errors in analytical environments, methodologies for quantifying the errors, and
Yvonne A. Branden
2066 Fundamentals of Metrology 2026-07-27
The 5-day Fundamentals of Metrology seminar is an intensive course that introduces participants to the concepts of measurement systems, units, good laboratory practices, data integrity, measurement uncertainty, measurement assurance, traceability
Yvonne A. Branden
NIST OWM Info Hour: OWM Proficiency Testing Program for U.S. State Weights and Measures Laboratories 2026-07-23
This Info Hour will provide attendees with an overview of the OWM’s proficiency testing (PT) program, describe how the program operates, and demonstrate the vital role it plays in evaluating the competency and traceability of participating
Pamela L Corey
2063 State Laboratory Annual Submission Process 2026-07-16
The State Laboratory Annual Submission Process webinar provides guidance on how to successfully submit all required materials to develop a complete and timely Recognition Application according to NIST Handbook (HB) 143, State Weights and Measures
Yvonne A. Branden
2065 Volume Metrology Seminar 2026-07-06
The 5-day OWM Volume Metrology Seminar is designed to enable metrologists to apply fundamental measurement concepts to volume calibrations. A large percentage of time is spent on hands-on measurements, applying procedures and equations discussed in
Yvonne A. Branden
2062 Documenting Traceability and Calibration Intervals 2026-06-25
This 2-hour webinar covers the essential elements of metrological traceability and the documentary evidence required to support traceability and calibration intervals. It uses NISTIR 6969, GMP 11, and GMP 13 as the baseline for instructions and also
Yvonne A. Branden
NIST OWM Info Hour: OWM EVSE Metrology Training Program 2026-06-18
Learn about the Department of Energy National Energy Technology Laboratory (NETL)-supported effort at the NIST Office of Weights and Measures (OWM) to develop a comprehensive 5-day electric vehicle supply equipment (EVSE) metrology training program
Pamela L Corey
NIST Small Business Community of Interest Quarterly Calls 2026-06-10
NIST's Small Business Cybersecurity Community of Interest (COI) has been established to convene the public and private sectors to share business insights, expertise, challenges, and perspectives to guide our work and assist NIST in addressing the
Vontress Henderson
2080 Northeastern Measurement Assurance Program, NEMAP** 2026-06-09
NIST Handbook 143, Program Handbook (2019) details the criteria used for OWM Laboratory Recognition. NIST Handbook 143, Section 4 and Table 2 notes that annual attendance at the RMAP training session is required for ongoing laboratory Recognition
Pamela L Corey

Siemens COMOS 2026-02-12
View CSAF Summary COMOS is affected by multiple vulnerabilities that could allow an attacker to execute arbitrary code or cause denial of service condition, data infiltration or perform access control violations. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and […]
CISA
Siemens Solid Edge 2026-02-12
View CSAF Summary Solid Edge uses PS/IGES Parasolid Translator Component that contains an out of bounds read that could be triggered when the application reads files in IGS file formats. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially […]
CISA
Siemens Desigo CC Product Family and SENTRON Powermanager 2026-02-12
View CSAF Summary Versions V6.0 through V8 QU1 of the Desigo CC product family (Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS), as well as the Desigo CC-based SENTRON Powermanager, are affected by a vulnerability in the underlying third-party component WIBU Systems CodeMeter Runtime. Successful exploitation of this vulnerability could lead to code […]
CISA
Siemens SINEC OS 2026-02-12
View CSAF Summary SINEC OS before V3.3 contains third-party components with multiple vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions. The following versions of Siemens SINEC OS are affected: RUGGEDCOM RST2428P (6GK6242-6PA00) vers:intdot/may_split(). This happens before the VMA lock and rmap locks are taken, which […]
CISA
Siemens Siveillance Video Management Servers 2026-02-12
View CSAF Summary The Webhooks implementation of Siveillance Video Management Servers contains a vulnerability that could allow an authenticated remote attacker with read-only privileges to achieve full access to Webhooks API. Siemens has released new versions for the affected products and recommends to update to the latest versions. The following versions of Siemens Siveillance Video […]
CISA
Siemens NX 2026-02-12
View CSAF Summary Siemens NX is affected by multiple file parsing vulnerabilities that could be triggered when the application reads files in CGM format. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens […]
CISA
Siemens Polarion 2026-02-12
View CSAF Summary Polarion before V2506 contains a vulnerability that could allow authenticated remote attackers to conduct cross-site scripting attacks. Siemens has released new versions for the affected products and recommends to update to the latest versions. The following versions of Siemens Polarion are affected: Polarion V2404 vers:intdot/
CISA
Siemens SINEC NMS 2026-02-12
View CSAF Summary Multiple Siemens products are affected by two local privilege escalation vulnerabilities which could allow an low privileged attacker to load malicious DLLs, potentially leading to arbitrary code execution with elevated privileges. Siemens has released new versions for the affected products and recommends to update to the latest versions. The following versions of […]
CISA
Airleader Master 2026-02-12
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to obtain remote code execution. The following versions of Airleader Master are affected: Airleader Master
CISA
Hitachi Energy SuprOS 2026-02-12
View CSAF Summary Hitachi Energy is aware of a vulnerability that affects the SuprOS product versions listed in this document. An attacker successfully exploiting this vulnerability can cause confidentiality, integrity and availability impacts. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation. The following versions of Hitachi Energy SuprOS are affected: SuprOS […]
CISA
Yokogawa FAST/TOOLS 2026-02-10
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to redirected users to malicious sites, decrypt communications, perform a man-in-the-middle (MITM) attack, execute malicious scripts, steal files, and perform other various attacks. The following versions of Yokogawa FAST/TOOLS are affected: FAST/TOOLS >=R9.01|=R9.01|
CISA
ZLAN Information Technology Co. ZLAN5143D 2026-02-10
View CSAF Summary Successful exploitation of these vulnerabilities could result in an attacker bypassing authentication, or resetting the device password. The following versions of ZLAN Information Technology Co. ZLAN5143D are affected: ZLAN5143D v1.600 (CVE-2026-25084, CVE-2026-24789) CVSS Vendor Equipment Vulnerabilities v3 9.8 ZLAN Information Technology Co. ZLAN Information Technology Co. ZLAN5143D Missing Authentication for Critical Function […]
CISA
AVEVA PI Data Archive 2026-02-10
View CSAF Summary Successful exploitation of this vulnerability could result in a denial-of-service condition. The following versions of AVEVA PI Data Archive are affected: PI Data Archive PI Server
CISA
AVEVA PI to CONNECT Agent 2026-02-10
View CSAF Summary Successful exploitation of this vulnerability could result in an unauthorized access to the proxy server. The following versions of AVEVA PI to CONNECT Agent are affected: PI to CONNECT Agent
CISA
Mitsubishi Electric MELSEC iQ-R Series 2026-02-05
View CSAF Summary Successful exploitation of this vulnerability may allow an attacker to read device data or part of a control program from the affected product, write device data in the affected product, or cause a denial-of-service condition on the affected product. The following versions of Mitsubishi Electric MELSEC iQ-R Series are affected: MELSEC iQ-R […]
CISA
o6 Automation GmbH Open62541 2026-02-05
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition and memory corruption. The following versions of o6 Automation GmbH Open62541 are affected: Open62541 >=1.5-rc1|=1.5-rc1|
CISA
Ilevia EVE X1 Server 2026-02-05
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary shell commands and the disclosure of sensitive system information. The following versions of Ilevia EVE X1 Server are affected: EVE X1
CISA
Hitachi Energy FOX61x 2026-02-05
View CSAF Summary Hitachi Energy is aware of a vulnerability that affects FOX61x product versions listed in this document. Successful exploitation of this vulnerability can lead to forgery attacks potentially causing impact on confidentiality, integrity and availability for the product. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation. Note: This is […]
CISA
TP-Link Systems Inc. VIGI Series IP Camera 2026-02-05
View CSAF Summary Successful exploitation of this vulnerability could result in unauthorized users gaining administrative access to affected closed circuit television cameras. The following versions of TP-Link Systems Inc. VIGI Series IP Camera are affected: VIGI Cx45 Series Models C345, C445
CISA
Hitachi Energy XMC20 2026-02-05
View CSAF Summary Hitachi Energy is aware of a vulnerability that affects XMC20 product versions listed in this document. Successful exploitation of this vulnerability can lead to forgery attacks potentially causing impact on confidentiality, integrity and availability for the product. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation. Note: This is […]
CISA

ZOLL ePCR IOS Mobile Application 2026-02-09
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to protected health information (PHI) or device telemetry. The following versions of ZOLL ePCR IOS Mobile Application are affected: ePCR IOS Mobile Application 2.6.7 (CVE-2025-12699) CVSS Vendor Equipment Vulnerabilities v3 5.5 ZOLL ZOLL ePCR IOS Mobile Application Insertion of […]
CISA
WHILL Model C2 Electric Wheelchairs and Model F Power Chairs 2025-12-30
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker within Bluetooth range to take control over the product. The following versions of WHILL Model C2 Electric Wheelchairs and Model F Power Chairs are affected: Model C2 Electric WheelChair (CVE-2025-14346) Model F Power Chair (CVE-2025-14346) CVSS Vendor Equipment Vulnerabilities v3 9.8 WHILL Inc. […]
CISA
Grassroots DICOM (GDCM) 2025-12-11
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION: Low attack complexity Vendor: Grassroots Equipment: DICOM (GDCM) Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to craft a malicious DICOM file and, if opened, could crash the application resulting in a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED […]
CISA
Varex Imaging Panoramic Dental Imaging Software 2025-12-11
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Varex Imaging Equipment: Panoramic Dental Imaging Software Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a standard user to obtain NT Authority/SYSTEM privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following AJAT dental imaging software […]
CISA
Mirion Medical EC2 Software NMIS BioDose 2025-12-02
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mirion Medical Equipment: EC2 Software NMIS BioDose Vulnerabilities: Incorrect Permission Assignment for Critical Resource, Use of Client-Side Authentication, Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to modify program executables, gain access to […]
CISA
Vertikal Systems Hospital Manager Backend Services 2025-10-28
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Vertikal Systems Equipment: Hospital Manager Backend Services Vulnerabilities: Exposure of Sensitive System Information to an Unauthorized Control Sphere, Generation of Error Message Containing Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain unauthorized access […]
CISA
NIHON KOHDEN Central Monitor CNS-6201 2025-10-23
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: NIHON KOHDEN Equipment: Central Monitor CNS-6201 Vulnerability: NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following NIHON KOHDEN products are affected: Central […]
CISA
Oxford Nanopore Technologies MinKNOW 2025-10-21
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Oxford Nanopore Technologies Equipment: MinKNOW Vulnerabilities: Missing Authentication for Critical Function, Insufficiently Protected Credentials, Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disrupt sequencing operations and processes, exfiltrate and […]
CISA
FUJIFILM Healthcare Americas Synapse Mobility 2025-08-21
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: FUJIFILM Healthcare Americas Corporation Equipment: Synapse Mobility Vulnerability: External Control of Assumed-Immutable Web Parameter 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access information beyond their assigned roles. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following […]
CISA
Santesoft Sante PACS Server 2025-08-12
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Santesoft Equipment: Sante PACS Server Vulnerabilities: Path Traversal, Double Free, Cleartext Transmission of Sensitive Information, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to create arbitrary files, cause a denial-of-service condition, obtain sensitive information, and […]
CISA
Medtronic MyCareLink Patient Monitor 2025-07-24
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: Medtronic Equipment: MyCareLink Patient Monitor 24950, 24952 Vulnerabilities: Cleartext Storage of Sensitive Information, Empty Password in Configuration File, Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to system compromise, unauthorized access to sensitive data, and manipulation […]
CISA
Panoramic Corporation Digital Imaging Software 2025-07-17
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Panoramic Corporation Equipment: Digital Imaging Software Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a standard user to obtain NT Authority/SYSTEM privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Panoramic Corporation products are affected: […]
CISA
MicroDicom DICOM Viewer 2025-06-10
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: MicroDicom Equipment: DICOM Viewer Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following MicroDicom products are affected: […]
CISA
Santesoft Sante DICOM Viewer Pro 2025-05-29
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Santesoft Equipment: Sante DICOM Viewer Pro Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose information or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Santesoft products are affected: Sante DICOM […]
CISA
Pixmeo OsiriX MD 2025-05-08
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Pixmeo Equipment: OsiriX MD Vulnerabilities: Use After Free, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause memory corruption, resulting in a denial-of-service condition or to steal credentials. 3. TECHNICAL DETAILS […]
CISA
MicroDicom DICOM Viewer 2025-05-01
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: MicroDicom Equipment: DICOM Viewer Vulnerabilities: Out-of-Bounds Write, Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information, cause memory corruption, and execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following MicroDicom products […]
CISA
INFINITT Healthcare INFINITT PACS 2025-04-10
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: INFINITT Healthcare Equipment: INFINITT PACS Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Exposure of Sensitive System Information to an Unauthorized Control Sphere, 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to upload malicious […]
CISA
Santesoft Sante DICOM Viewer Pro 2025-03-20
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Santesoft Equipment: Sante DICOM Viewer Pro Vulnerability: Out-of-Bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause memory corruption that would result in execution of arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Santesoft […]
CISA
Philips Intellispace Cardiovascular (ISCV) 2025-03-13
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Philips Equipment: Intellispace Cardiovascular (ISCV) Vulnerabilities: Improper Authentication, Use of Weak Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to replay the session of the logged in ISCV user and gain access to patient records. 3. TECHNICAL […]
CISA
Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application 2025-02-27
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Dario Health Equipment: USB-C Blood Glucose Monitoring System Starter Kit Android Application, Application Database and Internet-based Server Infrastructure Vulnerabilities: Exposure of Private Personal Information to an Unauthorized Actor, Improper Output Neutralization For Logs, Storage of Sensitive Data In a Mechanism Without […]
CISA

Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs 2026-02-13
A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL. Google Threat Intelligence Group (GTIG) described the hack group as possibly affiliated with Russian intelligence services. The threat actor is assessed to have targeted defense, military, government, and energy organizations within the Ukrainian regional and
Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations 2026-02-13
Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have trained their sights on the defense industrial base (DIB) sector, according to findings from Google Threat Intelligence Group (GTIG). The tech giant's threat intelligence division said the adversarial targeting of the sector is centered around four key themes: striking […]
UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors 2026-02-13
A previously unknown threat actor tracked as UAT-9921 has been observed leveraging a new modular framework called VoidLink in its campaigns targeting the technology and financial services sectors, according to findings from Cisco Talos. "This threat actor seems to have been active since 2019, although they have not necessarily used VoidLink over the duration of […]
Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History 2026-02-13
Cybersecurity researchers have discovered a malicious Google Chrome extension that's designed to steal data associated with Meta Business Suite and Facebook Business Manager. The extension, named CL Suite by @CLMasters (ID: jkphinfhmfkckkcnifhjiplhfoiefffl), is marketed as a way to scrape Meta Business Suite data, remove verification pop-ups, and generate two-factor authentication (2FA) codes.
npm’s Update to Harden Their Supply Chain, and Points to Consider 2026-02-13
In December 2025, in response to the Sha1-Hulud incident, npm completed a major authentication overhaul intended to reduce supply-chain attacks. While the overhaul is a solid step forward, the changes don’t make npm projects immune from supply-chain attacks. npm is still susceptible to malware attacks – here’s what you need to know for a safer […]
Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability 2026-02-13
Threat actors have started to exploit a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products, according to watchTowr. "Overnight we observed first in-the-wild exploitation of BeyondTrust across our global sensors," Ryan Dewhurst, head of threat intelligence at watchTowr, said in a post on X. "Attackers are abusing
Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support 2026-02-12
Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence (AI) model Gemini to conduct reconnaissance on its targets, as various hacking groups continue to weaponize the tool for accelerating various phases of the cyber attack life cycle, enabling information operations, and even conducting model extraction […]
Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems 2026-02-12
Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group. The coordinated campaign has been codenamed graphalgo in reference to the first package published in the npm registry. It's assessed to be active […]
ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories 2026-02-12
Threat activity this week shows one consistent signal — attackers are leaning harder on what already works. Instead of flashy new exploits, many operations are built around quiet misuse of trusted tools, familiar workflows, and overlooked exposures that sit in plain sight. Another shift is how access is gained versus how it’s used. Initial entry […]
The CTEM Divide: Why 84% of Security Programs Are Falling Behind 2026-02-12
A new 2026 market intelligence study of 128 enterprise security decision-makers (available here) reveals a stark divide forming between organizations – one that has nothing to do with budget size or industry and everything to do with a single framework decision. Organizations implementing Continuous Threat Exposure Management (CTEM) demonstrate 50% better attack surface visibility, 23-point
83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure 2026-02-12
A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile (EPMM) can be traced back to a single IP address on bulletproof hosting infrastructure offered by PROSPERO. Threat intelligence firm GreyNoise said it recorded 417 exploitation sessions from 8 unique source IP addresses between February 1 and […]
Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Other Devices 2026-02-12
Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in sophisticated cyber attacks. The vulnerability, tracked as CVE-2026-20700 (CVSS score: 7.8), has been described as a memory corruption issue in dyld, Apple's Dynamic Link Editor. Successful exploitation of the vulnerability […]
First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials 2026-02-11
Cybersecurity researchers have discovered what they said is the first known malicious Microsoft Outlook add-in detected in the wild. In this unusual supply chain attack detailed by Koi Security, an unknown attacker claimed the domain associated with a now-abandoned legitimate add-in to serve a fake Microsoft login page, stealing over 4,000 credentials in the process. […]
APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities 2026-02-11
Indian defense sector and government-aligned organizations have been targeted by multiple campaigns that are designed to compromise Windows and Linux environments with remote access trojans capable of stealing sensitive data and ensuring continued access to infected machines. The campaigns are characterized by the use of malware families like Geta RAT, Ares RAT, and DeskRAT, which […]
Over 60 Software Vendors Issue Security Fixes Across OS, Cloud, and Network Platforms 2026-02-11
It's Patch Tuesday, which means a number of software vendors have released patches for various security vulnerabilities impacting their products and services. Microsoft issued fixes for 59 flaws, including six actively exploited zero-days in various Windows components that could be abused to bypass security features, escalate privileges, and trigger a denial-of-service (DoS) condition. Elsewhere
Exposed Training Open the Door for Crypto-Mining in Fortune 500 Cloud Environments 2026-02-11
Intentionally vulnerable training applications are widely used for security education, internal testing, and product demonstrations. Tools such as OWASP Juice Shop, DVWA, Hackazon, and bWAPP are designed to be insecure by default, making them useful for learning how common attack techniques work in controlled environments. The issue is not the applications themselves, but how they […]
Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Days 2026-02-11
Microsoft on Tuesday released security updates to address a set of 59 flaws across its software, including six vulnerabilities that it said have been exploited in the wild. Of the 59 flaws, five are rated Critical, 52 are rated Important, and two are rated Moderate in severity. Twenty-five of the patched vulnerabilities have been classified […]
SSHStalker Botnet Uses IRC C2 to Control Linux Systems via Legacy Kernel Exploits 2026-02-11
Cybersecurity researchers have disclosed details of a new botnet operation called SSHStalker that relies on the Internet Relay Chat (IRC) communication protocol for command-and-control (C2) purposes. "The toolset blends stealth helpers with legacy-era Linux exploitation: Alongside log cleaners (utmp/wtmp/lastlog tampering) and rootkit-class artifacts, the actor keeps a large back-catalog of
North Korea-Linked UNC1069 Uses AI Lures to Attack Cryptocurrency Organizations 2026-02-11
The North Korea-linked threat actor known as UNC1069 has been observed targeting the cryptocurrency sector to steal sensitive data from Windows and macOS systems with the ultimate goal of facilitating financial theft. "The intrusion relied on a social engineering scheme involving a compromised Telegram account, a fake Zoom meeting, a ClickFix infection vector, and reported […]
DPRK Operatives Impersonate Professionals on LinkedIn to Infiltrate Companies 2026-02-10
The information technology (IT) workers associated with the Democratic People's Republic of Korea (DPRK) are now applying to remote positions using real LinkedIn accounts of individuals they're impersonating, marking a new escalation of the fraudulent scheme. "These profiles often have verified workplace emails and identity badges, which DPRK operatives hope will make their fraudulent

Heurist.org

Menu

Search our Website

Blogs – Security

Blogs - Security

NIST News

NIST Events

CISA Blog

CISA Blog

ICS Advisories

ICS Medical Advisories

Unknown Feed

The Hacker News