Blogs - Security
CVE / NIST CISA News CISA Blog Cybersecurity Advisories ICS Advisories ICS Medical Advisories 
Packet Storm Security 
The Hacker News 
NIST News
- What Time Is It on Mars? NIST Physicists Have the Answer. 2025-12-01This calculation is necessary for future space navigation and communication networks.Sarah Henderson
- Building a Sustainable Metals Infrastructure: NIST Report Highlights Key Strategies 2025-11-20Making metals processing more sustainable and resilient will support U.S industrial innovation and competitiveness.Sarah Henderson
- CAISI Evaluation of DeepSeek AI Models Finds Shortcomings and Risks 2025-09-30The Center for AI Standards and Innovation at NIST evaluated several leading models from DeepSeek, an AI company based in the People’s Republic of China.Sarah Henderson
- NIST Engineers Design 5 New Ways to Connect Concrete Pieces for More Resilient Buildings 2025-09-29One of the biggest challenges with precast concrete is connecting the concrete pieces at a job site.Sarah Henderson
- NIST Issues Broad Agency Announcement for Proposals to Advance Microelectronics Technologies 2025-09-24The CHIPS for America funding opportunity will support critical research, prototyping and commercial solutions that advance microelectronics technology in the United States.Sarah Henderson
- NIST Awards More Than $3 Million to Support Cybersecurity Workforce Development Across 13 States 2025-09-17There are currently more than 514,000 cybersecurity job openings in the U.S.Sarah Henderson
- In Quantum Sensing, What Beats Beating Noise? Meeting Noise Halfway. 2025-09-10A team including scientists at NIST may have found a new way of dealing with noise at the microscopic scales where quantum physics reigns.Sarah Henderson
- Champlain Towers South Investigation Nears Completion of Technical Work 2025-09-09Investigators share likely failure scenarios, advance indicators of building’s distress.Sarah Henderson
- NIST’s ‘Living Reference Material’ Could Accelerate R&D of Lifesaving Biological Drugs 2025-09-08The NIST reference material, called NISTCHO, will help the biopharmaceutical industry develop new drugs more quickly and ensure that they are safe and effective.Sarah Henderson
- Some Air Cleaners Release Harmful By-Products. Now We Have a Way to Measure Them. 2025-09-02Many types of air cleaners can generate small amounts of air pollution. Until now, there was no standard way to measure these negative by-products.Sarah Henderson
- NIST Revises Security and Privacy Control Catalog to Improve Software Update and Patch Releases 2025-08-27The catalog revision is part of NIST’s response to a recent executive order on strengthening the nation’s cybersecurity.Sarah Henderson
- New Technique for Measuring DNA Damage Could Improve Cancer Therapy and Radiological Emergency Response 2025-08-21The technology, which may someday be as portable as a smartphone, promises faster and more accurate measurements of radiation exposure, potentially saving lives in critical situations.Sarah Henderson
- NIST Researchers Develop More Accurate Formula for Measuring Particle Concentration 2025-08-20The new method will be useful in various fields, including nanomedicine, food science, environmental science and advanced manufacturing.Sarah Henderson
- NIST Guidelines Can Help Organizations Detect Face Photo Morphs, Deter Identity Fraud 2025-08-18Face morphing software, which combines photos of different people into a single image, is being used to commit identity fraud.Sarah Henderson
- NIST Awards Over $1.8 Million to Small Businesses Advancing AI, Semiconductors, Additive Manufacturing and More 2025-08-18The winning projects were competitively selected following a call for innovative proposals that address technical needs related to NIST’s research areas.Sarah Henderson
- NIST Finalizes ‘Lightweight Cryptography’ Standard to Protect Small Devices 2025-08-13Four related algorithms are now ready for use to protect data created and transmitted by the Internet of Things and other electronics.Sarah Henderson
- NIST to Provide Updates on Construction Safety Team Investigations in September Advisory Committee Meeting 2025-08-06The public meetings will include updates on NIST’s investigations into the impacts of Hurricane Maria and the partial collapse of the Champlain Towers South.Sarah Henderson
- New NIST Reference Material to Strengthen Quality Control for Biological Drugs 2025-07-31Impurities in these drugs can cause undesirable immune responses in patients and can significantly drive up costs for drug manufacturers.Sarah Henderson
- NIST Consortium and Draft Guidelines Aim to Improve Security in Software Development 2025-07-30NIST is soliciting comments from the public on the draft until Sept. 12, and the agency is planning a virtual event to showcase the project and gather feedback on Aug. 27.Sarah Henderson
- NIST Makes First Detection of Cannabis in Breath From Edibles 2025-07-24Currently there are no reliable roadside tests to determine when a person consumed cannabis or how intoxicated they are as a result.Sarah Henderson
NIST Events
- 19th Annual NICE Conference and Expo 2028-06-05The NICE Conference and Expo will take place June 5-7, 2028. Location to be announced. This event is supported by the National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology in the U.SSusana Barraza
- 18th Annual NICE Conference and Expo 2027-06-07The NICE Conference and Expo will take place June 7-9, 2027. Location to be announced. This event is supported by the National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology in the U.SSusana Barraza
- 2068 Mass Metrology Seminar 2026-10-19The Mass Metrology Seminar is a two-week, "hands-on" seminar. It incorporates approximately 30 percent lectures and 70 percent demonstrations and laboratory work in which the participant performs measurements by applying procedures and equationsYvonne A. Branden
- 2083 MidAmerica Measurement Assurance Program, MidMAP** 2026-09-22NIST Handbook 143, Program Handbook (2019) details the criteria used for OWM Laboratory Recognition. NIST Handbook 143, Section 4 and Table 2 notes that annual attendance at the RMAP training session is required for ongoing laboratory RecognitionPamela L Corey
- NIST Small Business Community of Interest Quarterly Calls 2026-09-16NIST's Small Business Cybersecurity Community of Interest (COI) has been established to convene the public and private sectors to share business insights, expertise, challenges, and perspectives to guide our work and assist NIST in addressing theVontress Henderson
- 2082 Southwest Assurance Program, SWAP** 2026-09-01NIST Handbook 143, Program Handbook (2019) details the criteria used for OWM Laboratory Recognition. NIST Handbook 143, Section 4 and Table 2 notes that annual attendance at the RMAP training session is required for ongoing laboratory RecognitionPamela L Corey
- 2064 Calibration Method Validation 2026-08-13This 2-hour webinar on Calibration Method Validation will examine the ISO/IEC 17025:2017 requirements for selection of calibration methods and for method validation and provide guidance on developing a process for validating a new or modifiedYvonne A. Branden
- 2070 Balance and Scale Calibration and Uncertainties 2026-08-03This 4-day seminar will cover the calibration and use of analytical weighing instruments (balances and laboratory/bench-top scales), including sources of weighing errors in analytical environments, methodologies for quantifying the errors, andYvonne A. Branden
- 2066 Fundamentals of Metrology 2026-07-27The 5-day Fundamentals of Metrology seminar is an intensive course that introduces participants to the concepts of measurement systems, units, good laboratory practices, data integrity, measurement uncertainty, measurement assurance, traceabilityYvonne A. Branden
- 2063 State Laboratory Annual Submission Process 2026-07-16The State Laboratory Annual Submission Process webinar provides guidance on how to successfully submit all required materials to develop a complete and timely Recognition Application according to NIST Handbook (HB) 143, State Weights and MeasuresYvonne A. Branden
- 2065 Volume Metrology Seminar 2026-07-06The 5-day OWM Volume Metrology Seminar is designed to enable metrologists to apply fundamental measurement concepts to volume calibrations. A large percentage of time is spent on hands-on measurements, applying procedures and equations discussed inYvonne A. Branden
- 2062 Documenting Traceability and Calibration Intervals 2026-06-25This 2-hour webinar covers the essential elements of metrological traceability and the documentary evidence required to support traceability and calibration intervals. It uses NISTIR 6969, GMP 11, and GMP 13 as the baseline for instructions and alsoYvonne A. Branden
- NIST Small Business Community of Interest Quarterly Calls 2026-06-10NIST's Small Business Cybersecurity Community of Interest (COI) has been established to convene the public and private sectors to share business insights, expertise, challenges, and perspectives to guide our work and assist NIST in addressing theVontress Henderson
- 2080 Northeastern Measurement Assurance Program, NEMAP** 2026-06-09NIST Handbook 143, Program Handbook (2019) details the criteria used for OWM Laboratory Recognition. NIST Handbook 143, Section 4 and Table 2 notes that annual attendance at the RMAP training session is required for ongoing laboratory RecognitionPamela L Corey
- 17th Annual NICE Conference and Expo 2026-06-01The NICE Conference and Expo will take place June 1-3, 2026. Location to be announced. This event is supported by the National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology in the U.SSusana Barraza
- 2059 Basic Uncertainty Concepts 2026-05-28This 2-hour webinar provides a very basic introduction to uncertainty calculations and reporting using the 8-step process published in NIST SOP 29 (NISTIR 6969), beginning with some definitions and concepts from the Guide to the Expression ofYvonne A. Branden
- 2081 Western Regional Assurance Program, WRAP** 2026-05-05NIST Handbook 143, Program Handbook (2019) details the criteria used for OWM Laboratory Recognition. NIST Handbook 143, Section 4 and Table 2 notes that annual attendance at the RMAP training session is required for ongoing laboratory RecognitionPamela L Corey
- 2056 Fundamentals of Metrology 2026-04-20The 5-day Fundamentals of Metrology seminar is an intensive course that introduces participants to the concepts of measurement systems, units, good laboratory practices, data integrity, measurement uncertainty, measurement assurance, traceabilityYvonne A. Branden
- 2079 Southeast Measurement Assurance Program, SEMAP** 2026-03-24NIST Handbook 143, Program Handbook (2019) details the criteria used for OWM Laboratory Recognition. NIST Handbook 143, Section 4 and Table 2 notes that annual attendance at the RMAP training session is required for ongoing laboratory RecognitionPamela L Corey
- 2057 Mass Metrology Seminar 2026-03-02The two-week Mass Metrology Seminar is a "hands-on" seminar that incorporates approximately 30 percent lectures and 70 percent demonstrations and laboratory work in which the participant performs measurements by applying procedures and equationsYvonne A. Branden
CISA Blog
- CISA Urges Critical Infrastructure to Be Air Aware 2025-11-19 CISA
- Helping OT Organizations to Establish Defensible Architecture and More Resilient Operations 2025-09-24 CISA
- The Mandate, Mission, and Momentum to lead the CVE Program into the Future belongs to CISA 2025-09-10 CISA
- The Joint SAFECOM-NCSWIC Project 25 (P25) User Needs Working Group (UNWG) releases the UNWG Video Series 2025-08-22 CISA
- Tackling the National Gap in Software Understanding 2025-08-20 CISA
- Securing Core Cloud Identity Infrastructure: Addressing Advanced Threats through Public-Private Collaboration 2025-07-15 CISA
- SAFECOM Releases the Emergency Communications System Lifecycle Planning Guide Suite Refresh 2025-07-02 CISA
- SAFECOM and National Council of Statewide Interoperability Coordinators (NCSWIC) develop Artificial Intelligence in Emergency Communications Centers Infographic 2025-05-20 CISA
- Building Resilient ICT Supply Chains: 8th Annual Supply Chain Integrity Month 2025-04-01 CISA
- April is Emergency Communications Month! 2025-04-01 CISA
CISA Blog
- CISA Urges Critical Infrastructure to Be Air Aware 2025-11-19 CISA
- Helping OT Organizations to Establish Defensible Architecture and More Resilient Operations 2025-09-24 CISA
- The Mandate, Mission, and Momentum to lead the CVE Program into the Future belongs to CISA 2025-09-10 CISA
- The Joint SAFECOM-NCSWIC Project 25 (P25) User Needs Working Group (UNWG) releases the UNWG Video Series 2025-08-22 CISA
- Tackling the National Gap in Software Understanding 2025-08-20 CISA
- Securing Core Cloud Identity Infrastructure: Addressing Advanced Threats through Public-Private Collaboration 2025-07-15 CISA
- SAFECOM Releases the Emergency Communications System Lifecycle Planning Guide Suite Refresh 2025-07-02 CISA
- SAFECOM and National Council of Statewide Interoperability Coordinators (NCSWIC) develop Artificial Intelligence in Emergency Communications Centers Infographic 2025-05-20 CISA
- Building Resilient ICT Supply Chains: 8th Annual Supply Chain Integrity Month 2025-04-01 CISA
- April is Emergency Communications Month! 2025-04-01 CISA
ICS Advisories
- MAXHUB Pivot 2025-12-04View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: MAXHUB Equipment: MAXHUB Pivot Vulnerability: Weak Password Recovery Mechanism for Forgotten Password 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to request a password reset and gain unauthorized access to the account. 3. TECHNICAL DETAILS 3.1 AFFECTED […]CISA
- Mitsubishi Electric GX Works2 2025-12-04View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: GX Works2 Vulnerability: Cleartext Storage of Sensitive Information 2. RISK EVALUATION Successful exploitation of this vulnerability could open project files protected by user authentication using disclosed credential information, and obtain or modify project information. 3. TECHNICAL DETAILS 3.1 AFFECTED […]CISA
- SolisCloud Monitoring Platform 2025-12-04View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: SolisCloud Equipment: Monitoring Platform (Cloud API & Device Control API) Vulnerability: Authorization Bypass Through User-Controlled Key 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access sensitive information by manipulating API requests. 3. TECHNICAL DETAILS 3.1 AFFECTED […]CISA
- Johnson Controls OpenBlue Mobile Web Application for OpenBlue Workplace 2025-12-04View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: OpenBlue Mobile Web Application for OpenBlue Workplace Vulnerability: Direct Request ('Forced Browsing') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS […]CISA
- Sunbird DCIM dcTrack and Power IQ 2025-12-04View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Sunbird Equipment: DCIM dcTrack, Power IQ Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access or steal credentials. 3. TECHNICAL DETAILS […]CISA
- Advantech iView 2025-12-04View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: iView Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose sensitive information, modify, or delete data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Advantech products are affected: iView: 5.7.05.7057 3.2 […]CISA
- Johnson Controls iSTAR 2025-12-04View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Low attack complexity Vendor: Johnson Controls Inc. Equipment: iSTAR eX, iSTAR Edge, iSTAR Ultra LT, iSTAR Ultra, iSTAR Ultra SE Vulnerability: Improper Validation of Certificate Expiration 2. RISK EVALUATION Successful exploitation of this vulnerability could result in the product failing to re-establish communication once the certificate […]CISA
- Industrial Video & Control Longwatch 2025-12-02View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Industrial Video & Control Equipment: Longwatch Vulnerability: IMPROPER CONTROL OF GENERATION OF CODE ('CODE INJECTION') 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to gain remote code execution with elevated privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED […]CISA
- Iskra iHUB and iHUB Lite 2025-12-02View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Iskra Equipment: iHUB and iHUB Lite Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to reconfigure devices, update firmware, and manipulate connected systems without any credentials. 3. TECHNICAL DETAILS 3.1 […]CISA
- Zenitel TCIV-3+ 2025-11-25View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Zenitel Equipment: TCIV-3+ Vulnerabilities: OS Command Injection, Out-of-bounds Write, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in arbitrary code execution or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of TCIV-3+ […]CISA
- Rockwell Automation Arena Simulation 2025-11-25View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Exploitable from a local network Vendor: Rockwell Automation Equipment: Arena Simulation Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow local attackers to execute arbitrary code on affected installations of Arena. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Rockwell Automation […]CISA
- Festo Compact Vision System, Control Block, Controller, and Operator Unit products 2025-11-25View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Festo Equipment: Compact Vision System, Control Block, Controller, and Operator Unit products Vulnerabilities: Exposure of Resource to Wrong Sphere, Initialization of a Resource with an Insecure Default 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker accessing […]CISA
- Opto 22 groov View 2025-11-25View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.1 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Opto 22 Equipment: groov View Vulnerability: Exposure of Sensitive Information Through Metadata 2. RISK EVALUATION Successful exploitation of this vulnerability could result in credential exposure, key exposure, and privilege escalation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of groov […]CISA
- Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share 2025-11-25View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Ashlar-Vellum Equipment: Cobalt, Xenon, Argon, Lithium, Cobalt Share Vulnerabilities: Out-of-Bounds Write, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Ashlar-Vellum […]CISA
- SiRcom SMART Alert (SiSA) 2025-11-25View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: SiRcom Equipment: SMART Alert (SiSA) Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could enable an attacker to remotely activate or manipulate emergency sirens. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of SiRcom […]CISA
- Festo Didactic products 2025-11-20View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Festo SE & Co. KG Equipment: Didactic products Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow the creation or overwriting of arbitrary files in the engineering system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Festo reports that […]CISA
- Emerson Appleton UPSMON-PRO 2025-11-20View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Emerson Equipment: Appleton UPSMON-PRO Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow remote attackers to execute arbitrary code on affected installations of Appleton UPSMON-PRO. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Emerson products are […]CISA
- Festo MSE6-C2M/D2M/E2M 2025-11-20View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Festo SE & Co. KG Equipment: MSE6-C2M/D2M/E2M Vulnerability: Hidden Functionality 2. RISK EVALUATION Successful exploitation of this vulnerability could lead to a complete loss of confidentiality, integrity, and availability. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Festo reports the following products are […]CISA
- ICAM365 CCTV Camera Multiple Models 2025-11-20View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: iCam365 Equipment: P201 and QC021 Vulnerabilities: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in unauthorized exposure of camera video streams and camera configuration data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following iCam365 camera […]CISA
- Automated Logic WebCTRL Premium Server 2025-11-20View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Low attack complexity Vendor: Automated Logic Equipment: WebCTRL Premium Server Vulnerabilities: Open Redirect, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to deceive a legitimate user into running malicious scripts or redirecting them to malicious websites. 3. TECHNICAL DETAILS […]CISA
ICS Medical Advisories
- Mirion Medical EC2 Software NMIS BioDose 2025-12-02View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mirion Medical Equipment: EC2 Software NMIS BioDose Vulnerabilities: Incorrect Permission Assignment for Critical Resource, Use of Client-Side Authentication, Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to modify program executables, gain access to […]CISA
- Vertikal Systems Hospital Manager Backend Services 2025-10-28View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Vertikal Systems Equipment: Hospital Manager Backend Services Vulnerabilities: Exposure of Sensitive System Information to an Unauthorized Control Sphere, Generation of Error Message Containing Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain unauthorized access […]CISA
- NIHON KOHDEN Central Monitor CNS-6201 2025-10-23View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: NIHON KOHDEN Equipment: Central Monitor CNS-6201 Vulnerability: NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following NIHON KOHDEN products are affected: Central […]CISA
- Oxford Nanopore Technologies MinKNOW 2025-10-21View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Oxford Nanopore Technologies Equipment: MinKNOW Vulnerabilities: Missing Authentication for Critical Function, Insufficiently Protected Credentials, Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disrupt sequencing operations and processes, exfiltrate and […]CISA
- FUJIFILM Healthcare Americas Synapse Mobility 2025-08-21View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: FUJIFILM Healthcare Americas Corporation Equipment: Synapse Mobility Vulnerability: External Control of Assumed-Immutable Web Parameter 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access information beyond their assigned roles. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following […]CISA
- Santesoft Sante PACS Server 2025-08-12View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Santesoft Equipment: Sante PACS Server Vulnerabilities: Path Traversal, Double Free, Cleartext Transmission of Sensitive Information, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to create arbitrary files, cause a denial-of-service condition, obtain sensitive information, and […]CISA
- Medtronic MyCareLink Patient Monitor 2025-07-24View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: Medtronic Equipment: MyCareLink Patient Monitor 24950, 24952 Vulnerabilities: Cleartext Storage of Sensitive Information, Empty Password in Configuration File, Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to system compromise, unauthorized access to sensitive data, and manipulation […]CISA
- Panoramic Corporation Digital Imaging Software 2025-07-17View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Panoramic Corporation Equipment: Digital Imaging Software Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a standard user to obtain NT Authority/SYSTEM privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Panoramic Corporation products are affected: […]CISA
- MicroDicom DICOM Viewer 2025-06-10View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: MicroDicom Equipment: DICOM Viewer Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following MicroDicom products are affected: […]CISA
- Santesoft Sante DICOM Viewer Pro 2025-05-29View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Santesoft Equipment: Sante DICOM Viewer Pro Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose information or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Santesoft products are affected: Sante DICOM […]CISA
- Pixmeo OsiriX MD 2025-05-08View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Pixmeo Equipment: OsiriX MD Vulnerabilities: Use After Free, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause memory corruption, resulting in a denial-of-service condition or to steal credentials. 3. TECHNICAL DETAILS […]CISA
- MicroDicom DICOM Viewer 2025-05-01View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: MicroDicom Equipment: DICOM Viewer Vulnerabilities: Out-of-Bounds Write, Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information, cause memory corruption, and execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following MicroDicom products […]CISA
- INFINITT Healthcare INFINITT PACS 2025-04-10View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: INFINITT Healthcare Equipment: INFINITT PACS Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Exposure of Sensitive System Information to an Unauthorized Control Sphere, 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to upload malicious […]CISA
- Santesoft Sante DICOM Viewer Pro 2025-03-20View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Santesoft Equipment: Sante DICOM Viewer Pro Vulnerability: Out-of-Bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause memory corruption that would result in execution of arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Santesoft […]CISA
- Philips Intellispace Cardiovascular (ISCV) 2025-03-13View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Philips Equipment: Intellispace Cardiovascular (ISCV) Vulnerabilities: Improper Authentication, Use of Weak Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to replay the session of the logged in ISCV user and gain access to patient records. 3. TECHNICAL […]CISA
- Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application 2025-02-27View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Dario Health Equipment: USB-C Blood Glucose Monitoring System Starter Kit Android Application, Application Database and Internet-based Server Infrastructure Vulnerabilities: Exposure of Private Personal Information to an Unauthorized Actor, Improper Output Neutralization For Logs, Storage of Sensitive Data In a Mechanism Without […]CISA
- Medixant RadiAnt DICOM Viewer 2025-02-20View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.7 ATTENTION: Low attack complexity Vendor: Medixant Equipment: RadiAnt DICOM Viewer Vulnerability: Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a machine-in-the-middle attack (MITM), resulting in malicious updates being delivered to the user. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS […]CISA
- Qardio Heart Health IOS and Android Application and QardioARM A100 2025-02-13View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.2 ATTENTION: Low attack complexity Vendor: Qardio Equipment: Heart Health IOS application, Heart Health Android Application, QardioARM A100 Vulnerabilities: Exposure of Private Personal Information to an Unauthorized Actor, Uncaught Exception, Files or Directories Accessible to External Parties 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an […]CISA
- Orthanc Server 2025-02-06View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Orthanc Equipment: Orthanc Server Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose sensitive information, modify records, or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following […]CISA
- MicroDicom DICOM Viewer 2025-02-06View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.7 ATTENTION: Low attack complexity Vendor: MicroDicom Equipment: DICOM Viewer Vulnerability: Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to alter network traffic and perform a machine-in-the-middle (MITM) attack. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following MicroDicom DICOM Viewer are […]CISA
The Hacker News
- Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks 2025-12-06Over 30 security vulnerabilities have been disclosed in various artificial intelligence (AI)-powered Integrated Development Environments (IDEs) that combine prompt injection primitives with legitimate features to achieve data exfiltration and remote code execution. The security shortcomings have been collectively named IDEsaster by security researcher Ari Marzouk (MaccariTA). They affect popular
- Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation 2025-12-06The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday formally added a critical security flaw impacting React Server Components (RSC) to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild. The vulnerability, CVE-2025-55182 (CVSS score: 10.0), relates to a case of remote code execution that could be triggered by […]
- Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails 2025-12-05A new agentic browser attack targeting Perplexity's Comet browser that's capable of turning a seemingly innocuous email into a destructive action that wipes a user's entire Google Drive contents, findings from Straiker STAR Labs show. The zero-click Google Drive Wiper technique hinges on connecting the browser to services like Gmail and Google Drive to automate […]
- Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch 2025-12-05A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity (XXE) injection attack. The vulnerability, tracked as CVE-2025-66516, is rated 10.0 on the CVSS scoring scale, indicating maximum severity. "Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an
- Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability 2025-12-05Two hacking groups with ties to China have been observed weaponizing the newly disclosed security flaw in React Server Components (RSC) within hours of it becoming public knowledge. The vulnerability in question is CVE-2025-55182 (CVSS score: 10.0), aka React2Shell, which allows unauthenticated remote code execution. It has been addressed in React versions 19.0.1, 19.1.2, and […]
- Intellexa Leaks Reveal Zero-Days and Ads-Based Vector for Predator Spyware Delivery 2025-12-05A human rights lawyer from Pakistan's Balochistan province received a suspicious link on WhatsApp from an unknown number, marking the first time a civil society member in the country was targeted by Intellexa's Predator spyware, Amnesty International said in a report. The link, the non-profit organization said, is a "Predator attack attempt based on the […]
- "Getting to Yes": An Anti-Sales Guide for MSPs 2025-12-05Most MSPs and MSSPs know how to deliver effective security. The challenge is helping prospects understand why it matters in business terms. Too often, sales conversations stall because prospects are overwhelmed, skeptical, or tired of fear-based messaging. That’s why we created ”Getting to Yes”: An Anti-Sales Guide for MSPs. This guide helps service providers transform […]
- CISA Reports PRC Hackers Using BRICKSTORM for Long-Term Access in U.S. Systems 2025-12-05The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People's Republic of China (PRC) to maintain long-term persistence on compromised systems. "BRICKSTORM is a sophisticated backdoor for VMware vSphere and Windows environments," the agency said. […]
- JPCERT Confirms Active Command Injection Attacks on Array AG Gateways 2025-12-05A command injection vulnerability in Array Networks AG Series secure access gateways has been exploited in the wild since August 2025, according to an alert issued by JPCERT/CC this week. The vulnerability, which does not have a CVE identifier, was addressed by the company on May 11, 2025. It's rooted in Array's DesktopDirect, a remote […]
- Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China 2025-12-04The threat actor known as Silver Fox has been spotted orchestrating a false flag operation to mimic a Russian threat group in attacks targeting organizations in China. The search engine optimization (SEO) poisoning campaign leverages Microsoft Teams lures to trick unsuspecting users into downloading a malicious setup file that leads to the deployment of ValleyRAT […]
- ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts— and 15 More Stories 2025-12-04Think your Wi-Fi is safe? Your coding tools? Or even your favorite financial apps? This week proves again how hackers, companies, and governments are all locked in a nonstop race to outsmart each other. Here’s a quick rundown of the latest cyber stories that show how fast the game keeps changing. DeFi exploit drains funds […]
- 5 Threats That Reshaped Web Security This Year [2025] 2025-12-04As 2025 draws to a close, security professionals face a sobering realization: the traditional playbook for web security has become dangerously obsolete. AI-powered attacks, evolving injection techniques, and supply chain compromises affecting hundreds of thousands of websites forced a fundamental rethink of defensive strategies. Here are the five threats that reshaped web security this year, […]
- GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections 2025-12-04Cybercriminals associated with a financially motivated group known as GoldFactory have been observed staging a fresh round of attacks targeting mobile users in Indonesia, Thailand, and Vietnam by impersonating government services. The activity, observed since October 2024, involves distributing modified banking applications that act as a conduit for Android malware, Group-IB said in a technical
- Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts 2025-12-04Cloudflare on Wednesday said it detected and mitigated the largest ever distributed denial-of-service (DDoS) attack that measured at 29.7 terabits per second (Tbps). The activity, the web infrastructure and security company said, originated from a DDoS botnet-for-hire known as AISURU, which has been linked to a number of hyper-volumetric DDoS attacks over the past year. […]
- Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution 2025-12-03A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remote code execution. The vulnerability, tracked as CVE-2025-55182, carries a CVSS score of 10.0. The vulnerability has been codenamed React2shell. It allows "unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent […]
- Discover the AI Tools Fueling the Next Cybercrime Wave — Watch the Webinar 2025-12-03Remember when phishing emails were easy to spot? Bad grammar, weird formatting, and requests from a "Prince" in a distant country? Those days are over. Today, a 16-year-old with zero coding skills and a $200 allowance can launch a campaign that rivals state-sponsored hackers. They don't need to be smart; they just need to subscribe […]
- Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation 2025-12-03Microsoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the company's November 2025 Patch Tuesday updates, according to ACROS Security's 0patch. The vulnerability in question is CVE-2025-9491 (CVSS score: 7.8/7.0), which has been described as a Windows Shortcut (LNK) file UI misinterpretation vulnerability that […]
- WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts 2025-12-03A critical security flaw impacting a WordPress plugin known as King Addons for Elementor has come under active exploitation in the wild. The vulnerability, CVE-2025-8489 (CVSS score: 9.8), is a case of privilege escalation that allows unauthenticated attackers to grant themselves administrative privileges by simply specifying the administrator user role during registration. It affects versions
- Brazil Hit by Banking Trojan Spread via WhatsApp Worm and RelayNFC NFC Relay Fraud 2025-12-03The threat actor known as Water Saci is actively evolving its tactics, switching to a sophisticated, highly layered infection chain that uses HTML Application (HTA) files and PDFs to propagate via WhatsApp a worm that deploys a banking trojan in attacks targeting users in Brazil. The latest wave is characterized by the attackers shifting from […]
- Chopping AI Down to Size: Turning Disruptive Technology into a Strategic Advantage 2025-12-03Most people know the story of Paul Bunyan. A giant lumberjack, a trusted axe, and a challenge from a machine that promised to outpace him. Paul doubled down on his old way of working, swung harder, and still lost by a quarter inch. His mistake was not losing the contest. His mistake was assuming that […]