Blogs – Security

CVE / NIST

CISA News

CISA Blog

Cybersecurity Advisories

ICS Advisories

ICS Medical Advisories

Packet Storm Security

The Hacker News

CAISI Evaluation of DeepSeek AI Models Finds Shortcomings and Risks 2025-09-30
The Center for AI Standards and Innovation at NIST evaluated several leading models from DeepSeek, an AI company based in the People’s Republic of China.
Sarah Henderson
NIST Engineers Design 5 New Ways to Connect Concrete Pieces for More Resilient Buildings 2025-09-29
One of the biggest challenges with precast concrete is connecting the concrete pieces at a job site.
Sarah Henderson
NIST Issues Broad Agency Announcement for Proposals to Advance Microelectronics Technologies 2025-09-24
The CHIPS for America funding opportunity will support critical research, prototyping and commercial solutions that advance microelectronics technology in the United States.
Sarah Henderson
NIST Awards More Than $3 Million to Support Cybersecurity Workforce Development Across 13 States 2025-09-17
There are currently more than 514,000 cybersecurity job openings in the U.S.
Sarah Henderson
In Quantum Sensing, What Beats Beating Noise? Meeting Noise Halfway. 2025-09-10
A team including scientists at NIST may have found a new way of dealing with noise at the microscopic scales where quantum physics reigns.
Sarah Henderson
Champlain Towers South Investigation Nears Completion of Technical Work 2025-09-09
Investigators share likely failure scenarios, advance indicators of building’s distress.
Sarah Henderson
NIST’s ‘Living Reference Material’ Could Accelerate R&D of Lifesaving Biological Drugs 2025-09-08
The NIST reference material, called NISTCHO, will help the biopharmaceutical industry develop new drugs more quickly and ensure that they are safe and effective.
Sarah Henderson
Some Air Cleaners Release Harmful By-Products. Now We Have a Way to Measure Them. 2025-09-02
Many types of air cleaners can generate small amounts of air pollution. Until now, there was no standard way to measure these negative by-products.
Sarah Henderson
NIST Revises Security and Privacy Control Catalog to Improve Software Update and Patch Releases 2025-08-27
The catalog revision is part of NIST’s response to a recent executive order on strengthening the nation’s cybersecurity.
Sarah Henderson
New Technique for Measuring DNA Damage Could Improve Cancer Therapy and Radiological Emergency Response 2025-08-21
The technology, which may someday be as portable as a smartphone, promises faster and more accurate measurements of radiation exposure, potentially saving lives in critical situations.
Sarah Henderson
NIST Researchers Develop More Accurate Formula for Measuring Particle Concentration 2025-08-20
The new method will be useful in various fields, including nanomedicine, food science, environmental science and advanced manufacturing.
Sarah Henderson
NIST Awards Over $1.8 Million to Small Businesses Advancing AI, Semiconductors, Additive Manufacturing and More 2025-08-18
The winning projects were competitively selected following a call for innovative proposals that address technical needs related to NIST’s research areas.
Sarah Henderson
NIST Guidelines Can Help Organizations Detect Face Photo Morphs, Deter Identity Fraud 2025-08-18
Face morphing software, which combines photos of different people into a single image, is being used to commit identity fraud.
Sarah Henderson
NIST Finalizes ‘Lightweight Cryptography’ Standard to Protect Small Devices 2025-08-13
Four related algorithms are now ready for use to protect data created and transmitted by the Internet of Things and other electronics.
Sarah Henderson
NIST to Provide Updates on Construction Safety Team Investigations in September Advisory Committee Meeting 2025-08-06
The public meetings will include updates on NIST’s investigations into the impacts of Hurricane Maria and the partial collapse of the Champlain Towers South.
Sarah Henderson
New NIST Reference Material to Strengthen Quality Control for Biological Drugs 2025-07-31
Impurities in these drugs can cause undesirable immune responses in patients and can significantly drive up costs for drug manufacturers.
Sarah Henderson
NIST Consortium and Draft Guidelines Aim to Improve Security in Software Development 2025-07-30
NIST is soliciting comments from the public on the draft until Sept. 12, and the agency is planning a virtual event to showcase the project and gather feedback on Aug. 27.
Sarah Henderson
NIST Makes First Detection of Cannabis in Breath From Edibles 2025-07-24
Currently there are no reliable roadside tests to determine when a person consumed cannabis or how intoxicated they are as a result.
Sarah Henderson
NIST’s Alex Maranghides Receives Service to America Medal 2025-07-17
The award recognizes Maranghides for 25 years of work investigating devastating wildfires in the United States and creating actionable guidelines on how to save lives and property.
Sarah Henderson
NIST Releases Trove of Genetic Data to Spur Cancer Research 2025-07-16
NIST and collaborating institutions have released extensive data about the genome of pancreatic cancer cells.
Sarah Henderson

19th Annual NICE Conference and Expo 2028-06-05
The NICE Conference and Expo will take place June 5-7, 2028. Location to be announced. This event is supported by the National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology in the U.S
Susana Barraza
18th Annual NICE Conference and Expo 2027-06-07
The NICE Conference and Expo will take place June 7-9, 2027. Location to be announced. This event is supported by the National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology in the U.S
Susana Barraza
2068 Mass Metrology Seminar 2026-10-19
The Mass Metrology Seminar is a two-week, "hands-on" seminar. It incorporates approximately 30 percent lectures and 70 percent demonstrations and laboratory work in which the participant performs measurements by applying procedures and equations
Yvonne A. Branden
2083 MidAmerica Measurement Assurance Program, MidMAP** 2026-09-22
NIST Handbook 143, Program Handbook (2019) details the criteria used for OWM Laboratory Recognition. NIST Handbook 143, Section 4 and Table 2 notes that annual attendance at the RMAP training session is required for ongoing laboratory Recognition
Pamela L Corey
NIST Small Business Community of Interest Quarterly Calls 2026-09-16
NIST's Small Business Cybersecurity Community of Interest (COI) has been established to convene the public and private sectors to share business insights, expertise, challenges, and perspectives to guide our work and assist NIST in addressing the
Vontress Henderson
2082 Southwest Assurance Program, SWAP** 2026-09-01
NIST Handbook 143, Program Handbook (2019) details the criteria used for OWM Laboratory Recognition. NIST Handbook 143, Section 4 and Table 2 notes that annual attendance at the RMAP training session is required for ongoing laboratory Recognition
Pamela L Corey
2064 Calibration Method Validation 2026-08-13
This 2-hour webinar on Calibration Method Validation will examine the ISO/IEC 17025:2017 requirements for selection of calibration methods and for method validation and provide guidance on developing a process for validating a new or modified
Yvonne A. Branden
2070 Balance and Scale Calibration and Uncertainties 2026-08-03
This 4-day seminar will cover the calibration and use of analytical weighing instruments (balances and laboratory/bench-top scales), including sources of weighing errors in analytical environments, methodologies for quantifying the errors, and
Yvonne A. Branden
2066 Fundamentals of Metrology 2026-07-27
The 5-day Fundamentals of Metrology seminar is an intensive course that introduces participants to the concepts of measurement systems, units, good laboratory practices, data integrity, measurement uncertainty, measurement assurance, traceability
Yvonne A. Branden
2063 State Laboratory Annual Submission Process 2026-07-16
The State Laboratory Annual Submission Process webinar provides guidance on how to successfully submit all required materials to develop a complete and timely Recognition Application according to NIST Handbook (HB) 143, State Weights and Measures
Yvonne A. Branden
2065 Volume Metrology Seminar 2026-07-06
The 5-day OWM Volume Metrology Seminar is designed to enable metrologists to apply fundamental measurement concepts to volume calibrations. A large percentage of time is spent on hands-on measurements, applying procedures and equations discussed in
Yvonne A. Branden
2062 Documenting Traceability and Calibration Intervals 2026-06-25
This 2-hour webinar covers the essential elements of metrological traceability and the documentary evidence required to support traceability and calibration intervals. It uses NISTIR 6969, GMP 11, and GMP 13 as the baseline for instructions and also
Yvonne A. Branden
NIST Small Business Community of Interest Quarterly Calls 2026-06-10
NIST's Small Business Cybersecurity Community of Interest (COI) has been established to convene the public and private sectors to share business insights, expertise, challenges, and perspectives to guide our work and assist NIST in addressing the
Vontress Henderson
2080 Northeastern Measurement Assurance Program, NEMAP** 2026-06-09
NIST Handbook 143, Program Handbook (2019) details the criteria used for OWM Laboratory Recognition. NIST Handbook 143, Section 4 and Table 2 notes that annual attendance at the RMAP training session is required for ongoing laboratory Recognition
Pamela L Corey
17th Annual NICE Conference and Expo 2026-06-01
The NICE Conference and Expo will take place June 1-3, 2026. Location to be announced. This event is supported by the National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology in the U.S
Susana Barraza
2059 Basic Uncertainty Concepts 2026-05-28
This 2-hour webinar provides a very basic introduction to uncertainty calculations and reporting using the 8-step process published in NIST SOP 29 (NISTIR 6969), beginning with some definitions and concepts from the Guide to the Expression of
Yvonne A. Branden
2081 Western Regional Assurance Program, WRAP** 2026-05-05
NIST Handbook 143, Program Handbook (2019) details the criteria used for OWM Laboratory Recognition. NIST Handbook 143, Section 4 and Table 2 notes that annual attendance at the RMAP training session is required for ongoing laboratory Recognition
Pamela L Corey
2056 Fundamentals of Metrology 2026-04-20
The 5-day Fundamentals of Metrology seminar is an intensive course that introduces participants to the concepts of measurement systems, units, good laboratory practices, data integrity, measurement uncertainty, measurement assurance, traceability
Yvonne A. Branden
2079 Southeast Measurement Assurance Program, SEMAP** 2026-03-24
NIST Handbook 143, Program Handbook (2019) details the criteria used for OWM Laboratory Recognition. NIST Handbook 143, Section 4 and Table 2 notes that annual attendance at the RMAP training session is required for ongoing laboratory Recognition
Pamela L Corey
2057 Mass Metrology Seminar 2026-03-02
The two-week Mass Metrology Seminar is a "hands-on" seminar that incorporates approximately 30 percent lectures and 70 percent demonstrations and laboratory work in which the participant performs measurements by applying procedures and equations
Yvonne A. Branden

International Standards Organization ISO 15118-2 2025-10-30
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.2 ATTENTION: Low Attack Complexity Standard: ISO 15118-2 Network and Application Protocol Requirements Equipment: EV Car Chargers Vulnerability: Improper Restriction of Communication Channel to Intended Endpoints 2. RISK EVALUATION Successful exploitation of this vulnerability could result in man-in-the-middle attacks. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following ISO […]
CISA
Hitachi Energy TropOS 2025-10-30
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: TropOS Vulnerabilities: OS Command Injection, Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow command injections and privilege escalation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports TropOS wireless devices are affected when […]
CISA
Schneider Electric EcoStruxure 2025-10-28
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EcoStruxure Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could result in the loss of real-time process data from the Modicon Controller. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric […]
CISA
AutomationDirect Productivity Suite 2025-10-23
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: AutomationDirect Equipment: Productivity Suite Vulnerabilities: Relative Path Traversal, Weak Password Recovery Mechanism for Forgotten Password, Incorrect Permission Assignment for Critical Resource, Binding to an Unrestricted IP Address 2. RISK EVALUATION Successful exploitation of these vulnerabilities could enable an attacker to execute […]
CISA
Delta Electronics ASDA-Soft 2025-10-23
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: ASDA-Soft Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to write data outside of the allocated memory buffer. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Delta Electronics reports the following versions of […]
CISA
ASKI Energy ALS-Mini-S8 and ALS-Mini-S4 2025-10-23
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: ASKI Energy Equipment: ALS-Mini-S8, ALS-mini-s4 IP Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain full control over the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following ASKI Energy […]
CISA
Veeder-Root TLS4B Automatic Tank Gauge System 2025-10-23
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Veeder-Root Equipment: TLS4B Automatic Tank Gauge System Vulnerabilities: Improper Neutralization of Special Elements used in a Command ('Command Injection'), Integer Overflow or Wraparound 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow attackers to execute system-level commands, gain full shell […]
CISA
CloudEdge Online Cameras and App 2025-10-21
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: CloudEdge Equipment: CloudEdge App, CloudEdge Online Cameras Vulnerability: Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain access to live video feed and camera control. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The […]
CISA
Rockwell Automation 1783-NATR 2025-10-21
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 1783-NATR Vulnerabilities: Missing Authentication for Critical Function, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Cross-Site Request Forgery (CSRF) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in a denial-of-service, data modification, or in […]
CISA
Siemens RUGGEDCOM ROS Devices 2025-10-21
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.7 ATTENTION: Exploitable remotely/low attack […]
CISA
Rockwell Automation Compact GuardLogix 5370 2025-10-21
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Compact GuardLogix 5370 Vulnerability: Uncaught Exception 2. RISK EVALUATION Successful exploitation of this vulnerability could result in a denial-of-service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Compact GuardLogix 5370 are affected: Compact GuardLogix 5370: Version […]
CISA
Raisecomm RAX701-GC Series 2025-10-21
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Raisecomm Equipment: RAX701-GC-WP-01 P200R002C52, RAX701-GC-WP-01 P200R002C53 Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to bypass authentication and gain unauthenticated root shell access to the affected devices. […]
CISA
Siemens SIMATIC S7-1200 CPU V1/V2 Devices 2025-10-21
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack […]
CISA
Siemens SIMATIC ET 200SP Communication Processors 2025-10-16
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack […]
CISA
Siemens SiPass Integrated 2025-10-16
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Low attack complexity […]
CISA
Rockwell Automation FactoryTalk Linx 2025-10-16
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Linx Vulnerabilities: Privilege Chaining 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow full access to all files, processes, and system resources. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports that the following versions of the […]
CISA
Hitachi Energy MACH GWS 2025-10-16
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MACH GWS Vulnerabilities: Incorrect Default Permissions, Improper Validation of Integrity Check Value, Improper Certificate Validation 2. RISK EVALUATION Exploiting these vulnerabilities could allow an attacker to tamper with system files, cause a denial of service, or perform a […]
CISA
Siemens TeleControl Server Basic 2025-10-16
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack […]
CISA
Rockwell Automation FactoryTalk ViewPoint 2025-10-16
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk ViewPoint Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthenticated attackers to achieve XML external entity injection, resulting in a temporary denial-of-service condition. 3. TECHNICAL DETAILS 3.1 […]
CISA
Siemens HyperLynx and Industrial Edge App Publisher 2025-10-16
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Exploitable remotely/low attack […]
CISA

Vertikal Systems Hospital Manager Backend Services 2025-10-28
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Vertikal Systems Equipment: Hospital Manager Backend Services Vulnerabilities: Exposure of Sensitive System Information to an Unauthorized Control Sphere, Generation of Error Message Containing Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain unauthorized access […]
CISA
NIHON KOHDEN Central Monitor CNS-6201 2025-10-23
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: NIHON KOHDEN Equipment: Central Monitor CNS-6201 Vulnerability: NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following NIHON KOHDEN products are affected: Central […]
CISA
Oxford Nanopore Technologies MinKNOW 2025-10-21
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Oxford Nanopore Technologies Equipment: MinKNOW Vulnerabilities: Missing Authentication for Critical Function, Insufficiently Protected Credentials, Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disrupt sequencing operations and processes, exfiltrate and […]
CISA
FUJIFILM Healthcare Americas Synapse Mobility 2025-08-21
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: FUJIFILM Healthcare Americas Corporation Equipment: Synapse Mobility Vulnerability: External Control of Assumed-Immutable Web Parameter 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access information beyond their assigned roles. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following […]
CISA
Santesoft Sante PACS Server 2025-08-12
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Santesoft Equipment: Sante PACS Server Vulnerabilities: Path Traversal, Double Free, Cleartext Transmission of Sensitive Information, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to create arbitrary files, cause a denial-of-service condition, obtain sensitive information, and […]
CISA
Medtronic MyCareLink Patient Monitor 2025-07-24
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: Medtronic Equipment: MyCareLink Patient Monitor 24950, 24952 Vulnerabilities: Cleartext Storage of Sensitive Information, Empty Password in Configuration File, Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to system compromise, unauthorized access to sensitive data, and manipulation […]
CISA
Panoramic Corporation Digital Imaging Software 2025-07-17
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Panoramic Corporation Equipment: Digital Imaging Software Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a standard user to obtain NT Authority/SYSTEM privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Panoramic Corporation products are affected: […]
CISA
MicroDicom DICOM Viewer 2025-06-10
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: MicroDicom Equipment: DICOM Viewer Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following MicroDicom products are affected: […]
CISA
Santesoft Sante DICOM Viewer Pro 2025-05-29
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Santesoft Equipment: Sante DICOM Viewer Pro Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose information or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Santesoft products are affected: Sante DICOM […]
CISA
Pixmeo OsiriX MD 2025-05-08
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Pixmeo Equipment: OsiriX MD Vulnerabilities: Use After Free, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause memory corruption, resulting in a denial-of-service condition or to steal credentials. 3. TECHNICAL DETAILS […]
CISA
MicroDicom DICOM Viewer 2025-05-01
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: MicroDicom Equipment: DICOM Viewer Vulnerabilities: Out-of-Bounds Write, Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information, cause memory corruption, and execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following MicroDicom products […]
CISA
INFINITT Healthcare INFINITT PACS 2025-04-10
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: INFINITT Healthcare Equipment: INFINITT PACS Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Exposure of Sensitive System Information to an Unauthorized Control Sphere, 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to upload malicious […]
CISA
Santesoft Sante DICOM Viewer Pro 2025-03-20
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Santesoft Equipment: Sante DICOM Viewer Pro Vulnerability: Out-of-Bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause memory corruption that would result in execution of arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Santesoft […]
CISA
Philips Intellispace Cardiovascular (ISCV) 2025-03-13
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Philips Equipment: Intellispace Cardiovascular (ISCV) Vulnerabilities: Improper Authentication, Use of Weak Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to replay the session of the logged in ISCV user and gain access to patient records. 3. TECHNICAL […]
CISA
Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application 2025-02-27
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Dario Health Equipment: USB-C Blood Glucose Monitoring System Starter Kit Android Application, Application Database and Internet-based Server Infrastructure Vulnerabilities: Exposure of Private Personal Information to an Unauthorized Actor, Improper Output Neutralization For Logs, Storage of Sensitive Data In a Mechanism Without […]
CISA
Medixant RadiAnt DICOM Viewer 2025-02-20
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.7 ATTENTION: Low attack complexity Vendor: Medixant Equipment: RadiAnt DICOM Viewer Vulnerability: Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a machine-in-the-middle attack (MITM), resulting in malicious updates being delivered to the user. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS […]
CISA
Qardio Heart Health IOS and Android Application and QardioARM A100 2025-02-13
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.2 ATTENTION: Low attack complexity Vendor: Qardio Equipment: Heart Health IOS application, Heart Health Android Application, QardioARM A100 Vulnerabilities: Exposure of Private Personal Information to an Unauthorized Actor, Uncaught Exception, Files or Directories Accessible to External Parties 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an […]
CISA
Orthanc Server 2025-02-06
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Orthanc Equipment: Orthanc Server Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose sensitive information, modify records, or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following […]
CISA
MicroDicom DICOM Viewer 2025-02-06
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.7 ATTENTION: Low attack complexity Vendor: MicroDicom Equipment: DICOM Viewer Vulnerability: Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to alter network traffic and perform a machine-in-the-middle (MITM) attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following MicroDicom DICOM Viewer are […]
CISA
Contec Health CMS8000 Patient Monitor (Update A) 2025-01-30
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Contec Health Equipment: CMS8000 Patient Monitor Vulnerabilities: Out-of-Bounds Write, Hidden Functionality, Privacy Leakage 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to remotely send specially formatted UDP requests or connect to an unknown external network that would […]
CISA

CISA Flags VMware Zero-Day Exploited by China-Linked Hackers in Active Attacks 2025-10-31
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Broadcom VMware Tools and VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild. The vulnerability in question is CVE-2025-41244 (CVSS score: 7.8), which could be exploited by an attacker to […]
A New Security Layer for macOS Takes Aim at Admin Errors Before Hackers Do 2025-10-31
A design firm is editing a new campaign video on a MacBook Pro. The creative director opens a collaboration app that quietly requests microphone and camera permissions. MacOS is supposed to flag that, but in this case, the checks are loose. The app gets access anyway. On another Mac in the same office, file sharing […]
Google's Built-In AI Defenses on Android Now Block 10 Billion Scam Messages a Month 2025-10-30
Google on Thursday revealed that the scam defenses built into Android safeguard users around the world from more than 10 billion suspected malicious calls and messages every month. The tech giant also said it has blocked over 100 million suspicious numbers from using Rich Communication Services (RCS), an evolution of the SMS protocol, thereby preventing […]
Russian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced Attacks 2025-10-30
The open-source command-and-control (C2) framework known as AdaptixC2 is being used by a growing number of threat actors, some of whom are related to Russian ransomware gangs. AdaptixC2 is an emerging extensible post-exploitation and adversarial emulation framework designed for penetration testing. While the server component is written in Golang, the GUI Client is written in […]
New "Brash" Exploit Crashes Chromium Browsers Instantly with a Single Malicious URL 2025-10-30
A severe vulnerability disclosed in Chromium's Blink rendering engine can be exploited to crash many Chromium-based browsers within a few seconds. Security researcher Jose Pino, who disclosed details of the flaw, has codenamed it Brash. "It allows any Chromium browser to collapse in 15-60 seconds by exploiting an architectural flaw in how certain DOM operations […]
The Death of the Security Checkbox: BAS Is the Power Behind Real Defense 2025-10-30
Security doesn’t fail at the point of breach. It fails at the point of impact. That line set the tone for this year’s Picus Breach and Simulation (BAS) Summit, where researchers, practitioners, and CISOs all echoed the same theme: cyber defense is no longer about prediction. It's about proof. When a new exploit drops, scanners […]
ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising 2025-10-30
The comfort zone in cybersecurity is gone. Attackers are scaling down, focusing tighter, and squeezing more value from fewer, high-impact targets. At the same time, defenders face growing blind spots — from spoofed messages to large-scale social engineering. This week’s findings show how that shrinking margin of safety is redrawing the threat landscape. Here’s what’s
PhantomRaven Malware Found in 126 npm Packages Stealing GitHub Tokens From Devs 2025-10-30
Cybersecurity researchers have uncovered yet another active software supply chain attack campaign targeting the npm registry with over 100 malicious packages that can steal authentication tokens, CI/CD secrets, and GitHub credentials from developers' machines. The campaign has been codenamed PhantomRaven by Koi Security. The activity is assessed to have begun in August 2025, when the […]
Experts Reports Sharp Increase in Automated Botnet Attacks Targeting PHP Servers and IoT Devices 2025-10-29
Cybersecurity researchers are calling attention to a spike in automated attacks targeting PHP servers, IoT devices, and cloud gateways by various botnets such as Mirai, Gafgyt, and Mozi. "These automated campaigns exploit known CVE vulnerabilities and cloud misconfigurations to gain control over exposed systems and expand botnet networks," the Qualys Threat Research Unit (TRU) said […]
New AI-Targeted Cloaking Attack Tricks AI Crawlers Into Citing Fake Info as Verified Facts 2025-10-29
Cybersecurity researchers have flagged a new security issue in agentic web browsers like OpenAI ChatGPT Atlas that exposes underlying artificial intelligence (AI) models to context poisoning attacks. In the attack devised by AI security company SPLX, a bad actor can set up websites that serve different content to browsers and AI crawlers run by ChatGPT […]
Discover Practical AI Tactics for GRC — Join the Free Expert Webinar 2025-10-29
Artificial Intelligence (AI) is rapidly transforming Governance, Risk, and Compliance (GRC). It's no longer a future concept—it's here, and it's already reshaping how teams operate. AI's capabilities are profound: it's speeding up audits, flagging critical risks faster, and drastically cutting down on time-consuming manual work. This leads to greater efficiency, higher accuracy, and a more
Preparing for the Digital Battlefield of 2026: Ghost Identities, Poisoned Accounts, & AI Agent Havoc 2025-10-29
BeyondTrust’s annual cybersecurity predictions point to a year where old defenses will fail quietly, and new attack vectors will surge. Introduction The next major breach won’t be a phished password. It will be the result of a massive, unmanaged identity debt. This debt takes many forms: it’s the “ghost” identity from a 2015 breach lurking […]
Russian Hackers Target Ukrainian Organizations Using Stealthy Living-Off-the-Land Tactics 2025-10-29
Organizations in Ukraine have been targeted by threat actors of Russian origin with an aim to siphon sensitive data and maintain persistent access to compromised networks. The activity, according to a new report from the Symantec and Carbon Black Threat Hunter Team, targeted a large business services organization for two months and a local government […]
10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux 2025-10-29
Cybersecurity researchers have discovered a set of 10 malicious npm packages that are designed to deliver an information stealer targeting Windows, Linux, and macOS systems. "The malware uses four layers of obfuscation to hide its payload, displays a fake CAPTCHA to appear legitimate, fingerprints victims by IP address, and downloads a 24MB PyInstaller-packaged information stealer […]
Active Exploits Hit Dassault and XWiki — CISA Confirms Critical Flaws Under Attack 2025-10-29
Threat actors are actively exploiting multiple security flaws impacting Dassault Systèmes DELMIA Apriso and XWiki, according to alerts issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and VulnCheck. The vulnerabilities are listed below - CVE-2025-6204 (CVSS score: 8.0) - A code injection vulnerability in Dassault Systèmes DELMIA Apriso that could allow an attacker […]
New TEE.Fail Side-Channel Attack Extracts Secrets from Intel and AMD DDR5 Secure Enclaves 2025-10-28
A group of academic researchers from Georgia Tech, Purdue University, and Synkhronix have developed a side-channel attack called TEE.Fail that allows for the extraction of secrets from the trusted execution environment (TEE) in a computer's main processor, including Intel's Software Guard eXtensions (SGX) and Trust Domain Extensions (TDX) and AMD's Secure Encrypted Virtualization with Secure
New Android Trojan 'Herodotus' Outsmarts Anti-Fraud Systems by Typing Like a Human 2025-10-28
Cybersecurity researchers have disclosed details of a new Android banking trojan called Herodotus that has been observed in active campaigns targeting Italy and Brazil to conduct device takeover (DTO) attacks. "Herodotus is designed to perform device takeover while making first attempts to mimic human behaviour and bypass behaviour biometrics detection," ThreatFabric said in a report […]
Researchers Expose GhostCall and GhostHire: BlueNoroff's New Malware Chains 2025-10-28
Threat actors tied to North Korea have been observed targeting the Web3 and blockchain sectors as part of twin campaigns tracked as GhostCall and GhostHire. According to Kaspersky, the campaigns are part of a broader operation called SnatchCrypto that has been underway since at least 2017. The activity is attributed to a Lazarus Group sub-cluster […]
Why Early Threat Detection Is a Must for Long-Term Business Growth 2025-10-28
In cybersecurity, speed isn’t just a win — it’s a multiplier. The faster you learn about emerging threats, the faster you adapt your defenses, the less damage you suffer, and the more confidently your business keeps scaling. Early threat detection isn’t about preventing a breach someday: it’s about protecting the revenue you’re supposed to earn […]
Is Your Google Workspace as Secure as You Think it is? 2025-10-28
The New Reality for Lean Security Teams If you’re the first security or IT hire at a fast-growing startup, you’ve likely inherited a mandate that’s both simple and maddeningly complex: secure the business without slowing it down. Most organizations using Google Workspace start with an environment built for collaboration, not resilience. Shared drives, permissive settings, […]

Heurist.org

Menu

Search our Website

Blogs – Security

Blogs - Security

NIST News

NIST Events

CISA Blog

CISA Blog

ICS Advisories

ICS Medical Advisories

Unknown Feed

The Hacker News