Blogs - Security
CVE / NIST CISA News CISA Blog Cybersecurity Advisories ICS Advisories ICS Medical Advisories 
Packet Storm Security 
The Hacker News 
NIST News
- 2 Health Care Organizations Will Receive 2025 Baldrige National Quality Awards 2026-02-19The award highlights organizations that focus on resilience.Sarah Henderson
- NIST Releases New Forensic Genetic Reference Material to Help Crime Laboratories Analyze Challenging Cases 2026-02-17The reference material is the first to include mixtures of high-quality and degraded DNA from different individuals.Sarah Henderson
- Announcing the "AI Agent Standards Initiative" for Interoperable and Secure Innovation 2026-02-17The Initiative will ensure that the next generation of AI is widely adopted with confidence, can function securely on behalf of its users, and can interoperate smoothly across the digital ecosystem.Peter Cihon
- NIST Allocates Over $3 Million to Small Businesses Advancing AI, Biotechnology, Semiconductors, Quantum and More 2026-02-10NIST is allocating funding to eight small businesses in seven states under the Small Business Innovation Research (SBIR) program.Sarah Henderson
- Space: The Final Frontier for Standards 2026-02-09Seven NIST reference materials, including house dust and freeze-dried human liver tissue, have been flown to the International Space Station.Sarah Henderson
- CAISI Issues Request for Information About Securing AI Agent Systems 2026-01-12The Center for AI Standards and Innovation (CAISI) at the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has published a Request for Information (RFI) seeking insights from industry, academia, and the securityPeter Cihon
- NIST Launches Centers for AI in Manufacturing and Critical Infrastructure 2025-12-22NIST has expanded its collaboration with the nonprofit MITRE Corporation as part of its efforts to ensure U.S. leadership in artificial intelligence.Sarah Henderson
- NIST Physicists Bring Unruly Molecules to the Quantum Party 2025-12-18Molecules can serve as versatile building blocks for quantum technologies, but they are much harder to control than atoms.Sarah Henderson
- Securing Smart Speakers for Home Health Care: NIST Offers New Guidelines 2025-12-17Cybersecurity and privacy risks can threaten patient confidentiality.Sarah Henderson
- Draft NIST Guidelines Rethink Cybersecurity for the AI Era 2025-12-16New guidelines can help an organization determine ways to incorporate AI into its operations while mitigating cybersecurity risks.Sarah Henderson
- Department of Commerce Announces Transition of Baldrige Performance Excellence Program 2025-12-11Beginning with the 2026 award cycle, the Alliance for Performance Excellence and the Baldrige Foundation will take on most operations for the program.Sarah Henderson
- What Time Is It on Mars? NIST Physicists Have the Answer. 2025-12-01This calculation is necessary for future space navigation and communication networks.Sarah Henderson
- Building a Sustainable Metals Infrastructure: NIST Report Highlights Key Strategies 2025-11-20Making metals processing more sustainable and resilient will support U.S industrial innovation and competitiveness.Sarah Henderson
- CAISI Evaluation of DeepSeek AI Models Finds Shortcomings and Risks 2025-09-30The Center for AI Standards and Innovation at NIST evaluated several leading models from DeepSeek, an AI company based in the People’s Republic of China.Sarah Henderson
- NIST Engineers Design 5 New Ways to Connect Concrete Pieces for More Resilient Buildings 2025-09-29One of the biggest challenges with precast concrete is connecting the concrete pieces at a job site.Sarah Henderson
- NIST Issues Broad Agency Announcement for Proposals to Advance Microelectronics Technologies 2025-09-24The CHIPS for America funding opportunity will support critical research, prototyping and commercial solutions that advance microelectronics technology in the United States.Sarah Henderson
- NIST Awards More Than $3 Million to Support Cybersecurity Workforce Development Across 13 States 2025-09-17There are currently more than 514,000 cybersecurity job openings in the U.S.Sarah Henderson
- In Quantum Sensing, What Beats Beating Noise? Meeting Noise Halfway. 2025-09-10A team including scientists at NIST may have found a new way of dealing with noise at the microscopic scales where quantum physics reigns.Sarah Henderson
- Champlain Towers South Investigation Nears Completion of Technical Work 2025-09-09Investigators share likely failure scenarios, advance indicators of building’s distress.Sarah Henderson
- NIST’s ‘Living Reference Material’ Could Accelerate R&D of Lifesaving Biological Drugs 2025-09-08The NIST reference material, called NISTCHO, will help the biopharmaceutical industry develop new drugs more quickly and ensure that they are safe and effective.Sarah Henderson
NIST Events
- NIST OWM Info Hour: The Critical Role of Device Audit Trails 2026-10-15“Device Audit Trails are an alternative to lead and wire seals. They are the guardians of trust-capturing every action, proving integrity, and turning compliance from a checkbox into accountability.” At the completion of this Info Hour, you will bePamela L Corey
- 2095 Lab Metrology Info Hour - 2026 Recognition Q&A 2026-10-14We will review OWM 2026 annual submission requirements for state laboratory program participants, including an overview and examples of the special technical assessment topic to supplement the training provided during the 2026 RMAPs. This session isPamela L Corey
- 2083 MidAmerica Measurement Assurance Program, MidMAP** 2026-09-22NIST Handbook 143, Program Handbook (2019) details the criteria used for OWM Laboratory Recognition. NIST Handbook 143, Section 4 and Table 2 notes that annual attendance at the RMAP training session is required for ongoing laboratory RecognitionPamela L Corey
- NIST OWM Info Hour: Examination Procedure Outlines - A Guide for Evaluating Commercial Devices to NIST Handbook 44 Requirements 2026-09-17Examination Procedure Outlines or EPOs are a guide for evaluating commercial weighing and measuring devices to NIST Handbook 44 requirements. Designed to assist the field official, EPOs are also useful for sectors that design, sell, service, and usePamela L Corey
- NIST Small Business Community of Interest Quarterly Calls 2026-09-16NIST's Small Business Cybersecurity Community of Interest (COI) has been established to convene the public and private sectors to share business insights, expertise, challenges, and perspectives to guide our work and assist NIST in addressing theVontress Henderson
- 2094 Lab Metrology Info Hour - Review of critical updates to ASTM documentary standards and Q&A 2026-09-10This review of updates to relevant documentary standards, either completed or underway, will focus on ASTM E617-23, Standard Specification for Laboratory Weights and Precision Mass Standards and ASTM E898-20, Standard Practice for Calibration of NonPamela L Corey
- NIST OWM Info Hour: Portable Digital Density Meters used for the Commercial Inspection of Packaged Liquid Foodstuffs and Beverages 2026-09-03In 2025, NIST OWM provided an Info Hour to review comparison data of portable digital density meters (PDDM) to NIST HB 133 test procedures for determining the density of homogeneous liquid food products for liquid package inspections. The resultsPamela L Corey
- Synergy Conference 2026-09-01NIST will be hosting the annual Synergy IRASTRO meeting in 2026 - a collaboration between the Faint Photonics Group at NIST, the Max Planck Institute in Goettingen, Germany, and the University of Aarhus in Denmark. The purpose of the meeting is toCrissy Robinson
- 2082 Southwest Assurance Program, SWAP** 2026-09-01NIST Handbook 143, Program Handbook (2019) details the criteria used for OWM Laboratory Recognition. NIST Handbook 143, Section 4 and Table 2 notes that annual attendance at the RMAP training session is required for ongoing laboratory RecognitionPamela L Corey
- NIST OWM Info Hour: Suitability of Separate Elements-Weighing Devices 2026-08-20This Info Hour will provide information, followed by a discussion identifying how to navigate HB 44 to determine the compatibility of indicating and weighing/load-receiving elements for weighing systems that incorporate separate elements. This isPamela L Corey
- 2064 Calibration Method Validation 2026-08-13This 2-hour webinar on Calibration Method Validation will examine the ISO/IEC 17025:2017 requirements for selection of calibration methods and for method validation and provide guidance on developing a process for validating a new or modifiedYvonne A. Branden
- 2070 Balance and Scale Calibration and Uncertainties 2026-08-03This 4-day seminar will cover the calibration and use of analytical weighing instruments (balances and laboratory/bench-top scales), including sources of weighing errors in analytical environments, methodologies for quantifying the errors, andYvonne A. Branden
- 2066 Fundamentals of Metrology 2026-07-27The 5-day Fundamentals of Metrology seminar is an intensive course that introduces participants to the concepts of measurement systems, units, good laboratory practices, data integrity, measurement uncertainty, measurement assurance, traceabilityYvonne A. Branden
- NIST OWM Info Hour: OWM Proficiency Testing Program for U.S. State Weights and Measures Laboratories 2026-07-23This Info Hour will provide attendees with an overview of the OWM’s proficiency testing (PT) program, describe how the program operates, and demonstrate the vital role it plays in evaluating the competency and traceability of participatingPamela L Corey
- 2063 State Laboratory Annual Submission Process 2026-07-16The State Laboratory Annual Submission Process webinar provides guidance on how to successfully submit all required materials to develop a complete and timely Recognition Application according to NIST Handbook (HB) 143, State Weights and MeasuresYvonne A. Branden
- 2065 Volume Metrology Seminar 2026-07-06The 5-day OWM Volume Metrology Seminar is designed to enable metrologists to apply fundamental measurement concepts to volume calibrations. A large percentage of time is spent on hands-on measurements, applying procedures and equations discussed inYvonne A. Branden
- 2062 Documenting Traceability and Calibration Intervals 2026-06-25This 2-hour webinar covers the essential elements of metrological traceability and the documentary evidence required to support traceability and calibration intervals. It uses NISTIR 6969, GMP 11, and GMP 13 as the baseline for instructions and alsoYvonne A. Branden
- Iris Experts Group Annual Meeting 2026-06-25The Iris Experts Group is a forum for the discussion of technical questions of interest to USG agencies and their staff that are employing or may employ iris recognition to carry out their mission. This is the annual meeting. The presentationsCrissy Robinson
- NIST OWM Info Hour: OWM EVSE Metrology Training Program 2026-06-18Learn about the Department of Energy National Energy Technology Laboratory (NETL)-supported effort at the NIST Office of Weights and Measures (OWM) to develop a comprehensive 5-day electric vehicle supply equipment (EVSE) metrology training programPamela L Corey
- NIST Small Business Community of Interest Quarterly Calls 2026-06-10NIST's Small Business Cybersecurity Community of Interest (COI) has been established to convene the public and private sectors to share business insights, expertise, challenges, and perspectives to guide our work and assist NIST in addressing theVontress Henderson
CISA Blog
- The End is Just the Beginning of Better Security: Enhanced Vulnerability Management with OpenEoX 2026-02-13 CISA
- Super Bowl LX: Strengthening Preparation, Building Resilience, Fostering Partnerships 2026-02-09 CISA
- NCSWIC releases the “‘What is a PACE Plan” video 2025-12-05 CISA
- CISA Urges Critical Infrastructure to Be Air Aware 2025-11-19 CISA
- Helping OT Organizations to Establish Defensible Architecture and More Resilient Operations 2025-09-24 CISA
- The Mandate, Mission, and Momentum to lead the CVE Program into the Future belongs to CISA 2025-09-10 CISA
- The Joint SAFECOM-NCSWIC Project 25 (P25) User Needs Working Group (UNWG) releases the UNWG Video Series 2025-08-22 CISA
- Tackling the National Gap in Software Understanding 2025-08-20 CISA
- Securing Core Cloud Identity Infrastructure: Addressing Advanced Threats through Public-Private Collaboration 2025-07-15 CISA
- SAFECOM Releases the Emergency Communications System Lifecycle Planning Guide Suite Refresh 2025-07-02 CISA
CISA Blog
- The End is Just the Beginning of Better Security: Enhanced Vulnerability Management with OpenEoX 2026-02-13 CISA
- Super Bowl LX: Strengthening Preparation, Building Resilience, Fostering Partnerships 2026-02-09 CISA
- NCSWIC releases the “‘What is a PACE Plan” video 2025-12-05 CISA
- CISA Urges Critical Infrastructure to Be Air Aware 2025-11-19 CISA
- Helping OT Organizations to Establish Defensible Architecture and More Resilient Operations 2025-09-24 CISA
- The Mandate, Mission, and Momentum to lead the CVE Program into the Future belongs to CISA 2025-09-10 CISA
- The Joint SAFECOM-NCSWIC Project 25 (P25) User Needs Working Group (UNWG) releases the UNWG Video Series 2025-08-22 CISA
- Tackling the National Gap in Software Understanding 2025-08-20 CISA
- Securing Core Cloud Identity Infrastructure: Addressing Advanced Threats through Public-Private Collaboration 2025-07-15 CISA
- SAFECOM Releases the Emergency Communications System Lifecycle Planning Guide Suite Refresh 2025-07-02 CISA
ICS Advisories
- EnOcean SmartServer IoT 2026-02-19View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to remotely execute arbitrary code and bypass ASLR. The following versions of EnOcean SmartServer IoT are affected: SmartServer IoTCISA
- Valmet DNA Engineering Web Tools 2026-02-19View CSAF Summary Successful exploitation of this vulnerability could allow an unauthenticated attacker to manipulate the web maintenance services URL to achieve arbitrary file read access. The following versions of Valmet DNA Engineering Web Tools are affected: Valmet DNA Engineering Web ToolsCISA
- Jinan USR IOT Technology Limited (PUSR) USR-W610 2026-02-19View CSAF Summary Successful exploitation of these vulnerabilities could result in authentication being disabled, a denial-of-service condition, or an attacker stealing valid user credentials, including administrator credentials. The following versions of Jinan USR IOT Technology Limited (PUSR) USR-W610 are affected: USR-W610CISA
- Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller 2026-02-19View CSAF Summary Successful exploitation of this vulnerability could result in an over- or under-odorization event. The following versions of Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller are affected: OdorEyes EcoSystem Pulse Bypass System with XL4 Controller vers:all/* (CVE-2026-24790) CVSS Vendor Equipment Vulnerabilities v3 8.2 Welker Welker OdorEyes EcoSystem Pulse Bypass System with […]CISA
- Siemens Simcenter Femap and Nastran 2026-02-17View CSAF Summary Siemens Simcenter Femap and Nastran is affected by multiple file parsing vulnerabilities that could be triggered when the application reads files in NDB and XDB formats. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead […]CISA
- Delta Electronics ASDA-Soft 2026-02-17View CSAF Summary Successful exploitation of this vulnerability may allow an attacker to write arbitrary data beyond the bounds of a stack-allocated buffer, leading to the corruption of a structured exception handler (SEH). The following versions of Delta Electronics ASDA-Soft are affected: ASDA-SoftCISA
- GE Vernova Enervista UR Setup 2026-02-17View CSAF Summary Successful exploitation of these vulnerabilities may allow code execution with elevated privileges. The following versions of GE Vernova Enervista UR Setup are affected: Enervista UR SetupCISA
- Honeywell CCTV Products 2026-02-17View CSAF Summary Successful exploitation of this vulnerability could lead to account takeovers and unauthorized access to camera feeds; an unauthenticated attacker may change the recovery email address, potentially leading to further network compromise. The following versions of Honeywell CCTV Products are affected: I-HIB2PI-UL 2MP IP 6.1.22.1216 (CVE-2026-1670) SMB NDAA MVO-3 WDR_2MP_32M_PTZ_v2.0 (CVE-2026-1670) PTZ WDR […]CISA
- Siemens Desigo CC Product Family and SENTRON Powermanager 2026-02-12View CSAF Summary Versions V6.0 through V8 QU1 of the Desigo CC product family (Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS), as well as the Desigo CC-based SENTRON Powermanager, are affected by a vulnerability in the underlying third-party component WIBU Systems CodeMeter Runtime. Successful exploitation of this vulnerability could lead to code […]CISA
- Siemens Solid Edge 2026-02-12View CSAF Summary Solid Edge uses PS/IGES Parasolid Translator Component that contains an out of bounds read that could be triggered when the application reads files in IGS file formats. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially […]CISA
- Siemens SINEC OS 2026-02-12View CSAF Summary SINEC OS before V3.3 contains third-party components with multiple vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions. The following versions of Siemens SINEC OS are affected: RUGGEDCOM RST2428P (6GK6242-6PA00) vers:intdot/may_split(). This happens before the VMA lock and rmap locks are taken, which […]CISA
- Siemens Siveillance Video Management Servers 2026-02-12View CSAF Summary The Webhooks implementation of Siveillance Video Management Servers contains a vulnerability that could allow an authenticated remote attacker with read-only privileges to achieve full access to Webhooks API. Siemens has released new versions for the affected products and recommends to update to the latest versions. The following versions of Siemens Siveillance Video […]CISA
- Siemens NX 2026-02-12View CSAF Summary Siemens NX is affected by multiple file parsing vulnerabilities that could be triggered when the application reads files in CGM format. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens […]CISA
- Hitachi Energy SuprOS 2026-02-12View CSAF Summary Hitachi Energy is aware of a vulnerability that affects the SuprOS product versions listed in this document. An attacker successfully exploiting this vulnerability can cause confidentiality, integrity and availability impacts. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation. The following versions of Hitachi Energy SuprOS are affected: SuprOS […]CISA
- Siemens SINEC NMS 2026-02-12View CSAF Summary Multiple Siemens products are affected by two local privilege escalation vulnerabilities which could allow an low privileged attacker to load malicious DLLs, potentially leading to arbitrary code execution with elevated privileges. Siemens has released new versions for the affected products and recommends to update to the latest versions. The following versions of […]CISA
- Siemens Polarion 2026-02-12View CSAF Summary Polarion before V2506 contains a vulnerability that could allow authenticated remote attackers to conduct cross-site scripting attacks. Siemens has released new versions for the affected products and recommends to update to the latest versions. The following versions of Siemens Polarion are affected: Polarion V2404 vers:intdot/CISA
- Airleader Master 2026-02-12View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to obtain remote code execution. The following versions of Airleader Master are affected: Airleader MasterCISA
- Siemens COMOS 2026-02-12View CSAF Summary COMOS is affected by multiple vulnerabilities that could allow an attacker to execute arbitrary code or cause denial of service condition, data infiltration or perform access control violations. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and […]CISA
- Yokogawa FAST/TOOLS 2026-02-10View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to redirected users to malicious sites, decrypt communications, perform a man-in-the-middle (MITM) attack, execute malicious scripts, steal files, and perform other various attacks. The following versions of Yokogawa FAST/TOOLS are affected: FAST/TOOLS >=R9.01|=R9.01|CISA
- ZLAN Information Technology Co. ZLAN5143D 2026-02-10View CSAF Summary Successful exploitation of these vulnerabilities could result in an attacker bypassing authentication, or resetting the device password. The following versions of ZLAN Information Technology Co. ZLAN5143D are affected: ZLAN5143D v1.600 (CVE-2026-25084, CVE-2026-24789) CVSS Vendor Equipment Vulnerabilities v3 9.8 ZLAN Information Technology Co. ZLAN Information Technology Co. ZLAN5143D Missing Authentication for Critical Function […]CISA
ICS Medical Advisories
- ZOLL ePCR IOS Mobile Application 2026-02-09View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to protected health information (PHI) or device telemetry. The following versions of ZOLL ePCR IOS Mobile Application are affected: ePCR IOS Mobile Application 2.6.7 (CVE-2025-12699) CVSS Vendor Equipment Vulnerabilities v3 5.5 ZOLL ZOLL ePCR IOS Mobile Application Insertion of […]CISA
- WHILL Model C2 Electric Wheelchairs and Model F Power Chairs 2025-12-30View CSAF Summary Successful exploitation of this vulnerability could allow an attacker within Bluetooth range to take control over the product. The following versions of WHILL Model C2 Electric Wheelchairs and Model F Power Chairs are affected: Model C2 Electric WheelChair (CVE-2025-14346) Model F Power Chair (CVE-2025-14346) CVSS Vendor Equipment Vulnerabilities v3 9.8 WHILL Inc. […]CISA
- Grassroots DICOM (GDCM) 2025-12-11View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION: Low attack complexity Vendor: Grassroots Equipment: DICOM (GDCM) Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to craft a malicious DICOM file and, if opened, could crash the application resulting in a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED […]CISA
- Varex Imaging Panoramic Dental Imaging Software 2025-12-11View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Varex Imaging Equipment: Panoramic Dental Imaging Software Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a standard user to obtain NT Authority/SYSTEM privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following AJAT dental imaging software […]CISA
- Mirion Medical EC2 Software NMIS BioDose 2025-12-02View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mirion Medical Equipment: EC2 Software NMIS BioDose Vulnerabilities: Incorrect Permission Assignment for Critical Resource, Use of Client-Side Authentication, Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to modify program executables, gain access to […]CISA
- Vertikal Systems Hospital Manager Backend Services 2025-10-28View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Vertikal Systems Equipment: Hospital Manager Backend Services Vulnerabilities: Exposure of Sensitive System Information to an Unauthorized Control Sphere, Generation of Error Message Containing Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain unauthorized access […]CISA
- NIHON KOHDEN Central Monitor CNS-6201 2025-10-23View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: NIHON KOHDEN Equipment: Central Monitor CNS-6201 Vulnerability: NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following NIHON KOHDEN products are affected: Central […]CISA
- Oxford Nanopore Technologies MinKNOW 2025-10-21View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Oxford Nanopore Technologies Equipment: MinKNOW Vulnerabilities: Missing Authentication for Critical Function, Insufficiently Protected Credentials, Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disrupt sequencing operations and processes, exfiltrate and […]CISA
- FUJIFILM Healthcare Americas Synapse Mobility 2025-08-21View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: FUJIFILM Healthcare Americas Corporation Equipment: Synapse Mobility Vulnerability: External Control of Assumed-Immutable Web Parameter 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access information beyond their assigned roles. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following […]CISA
- Santesoft Sante PACS Server 2025-08-12View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Santesoft Equipment: Sante PACS Server Vulnerabilities: Path Traversal, Double Free, Cleartext Transmission of Sensitive Information, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to create arbitrary files, cause a denial-of-service condition, obtain sensitive information, and […]CISA
- Medtronic MyCareLink Patient Monitor 2025-07-24View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: Medtronic Equipment: MyCareLink Patient Monitor 24950, 24952 Vulnerabilities: Cleartext Storage of Sensitive Information, Empty Password in Configuration File, Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to system compromise, unauthorized access to sensitive data, and manipulation […]CISA
- Panoramic Corporation Digital Imaging Software 2025-07-17View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Panoramic Corporation Equipment: Digital Imaging Software Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a standard user to obtain NT Authority/SYSTEM privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Panoramic Corporation products are affected: […]CISA
- MicroDicom DICOM Viewer 2025-06-10View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: MicroDicom Equipment: DICOM Viewer Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following MicroDicom products are affected: […]CISA
- Santesoft Sante DICOM Viewer Pro 2025-05-29View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Santesoft Equipment: Sante DICOM Viewer Pro Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose information or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Santesoft products are affected: Sante DICOM […]CISA
- Pixmeo OsiriX MD 2025-05-08View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Pixmeo Equipment: OsiriX MD Vulnerabilities: Use After Free, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause memory corruption, resulting in a denial-of-service condition or to steal credentials. 3. TECHNICAL DETAILS […]CISA
- MicroDicom DICOM Viewer 2025-05-01View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: MicroDicom Equipment: DICOM Viewer Vulnerabilities: Out-of-Bounds Write, Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information, cause memory corruption, and execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following MicroDicom products […]CISA
- INFINITT Healthcare INFINITT PACS 2025-04-10View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: INFINITT Healthcare Equipment: INFINITT PACS Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Exposure of Sensitive System Information to an Unauthorized Control Sphere, 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to upload malicious […]CISA
- Santesoft Sante DICOM Viewer Pro 2025-03-20View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Santesoft Equipment: Sante DICOM Viewer Pro Vulnerability: Out-of-Bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause memory corruption that would result in execution of arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Santesoft […]CISA
- Philips Intellispace Cardiovascular (ISCV) 2025-03-13View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Philips Equipment: Intellispace Cardiovascular (ISCV) Vulnerabilities: Improper Authentication, Use of Weak Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to replay the session of the logged in ISCV user and gain access to patient records. 3. TECHNICAL […]CISA
- Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application 2025-02-27View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Dario Health Equipment: USB-C Blood Glucose Monitoring System Starter Kit Android Application, Application Database and Internet-based Server Infrastructure Vulnerabilities: Exposure of Private Personal Information to an Unauthorized Actor, Improper Output Neutralization For Logs, Storage of Sensitive Data In a Mechanism Without […]CISA
The Hacker News
- BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration 2026-02-20Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products to conduct a wide range of malicious actions, including deploying VShell and The vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), allows attackers to execute operating system commands in the context of the
- Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems 2026-02-20In yet another software supply chain attack, the open-source, artificial intelligence (AI)-powered coding assistant Cline CLI was updated to stealthily install OpenClaw, a self-hosted autonomous AI agent that has become exceedingly popular in the past few months. "On February 17, 2026, at 3:26 AM PT, an unauthorized party used a compromised npm publish token to […]
- ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware 2026-02-20Cybersecurity researchers have disclosed details of a new ClickFix campaign that abuses compromised legitimate sites to deliver a previously undocumented remote access trojan (RAT) called MIMICRAT (aka AstarionRAT). "The campaign demonstrates a high level of operational sophistication: compromised sites spanning multiple industries and geographies serve as delivery infrastructure, a multi-stage
- Identity Cyber Scores: The New Metric Shaping Cyber Insurance in 2026 2026-02-20With one in three cyber-attacks now involving compromised employee accounts, insurers and regulators are placing far greater emphasis on identity posture when assessing cyber risk. For many organizations, however, these assessments remain largely opaque. Elements such as password hygiene, privileged access management, and the extent of multi-factor authentication (MFA) coverage are
- Ukrainian National Sentenced to 5 Years in North Korea IT Worker Fraud Case 2026-02-20A 29-year-old Ukrainian national has been sentenced to five years in prison in the U.S. for his role in facilitating North Korea's fraudulent information technology (IT) worker scheme. In November 2025, Oleksandr "Alexander" Didenko pleaded guilty to wire fraud conspiracy and aggravated identity theft for stealing the identities of U.S. citizens and selling them to […]
- FBI Reports 1,900 ATM Jackpotting Incidents Since 2020, $20M Lost in 2025 2026-02-20The U.S. Federal Bureau of Investigation (FBI) has warned of an increase in ATM jackpotting incidents across the country, leading to losses of more than $20 million in 2025. The agency said 1,900 ATM jackpotting incidents have been reported since 2020, out of which 700 took place last year. In December 2025, the U.S. Department […]
- Former Google Engineers Indicted Over Trade Secret Transfers to Iran 2026-02-20Two former Google engineers and one of their husbands have been indicted in the U.S. for allegedly committing trade secret theft from the search giant and other tech firms and transferring the information to unauthorized locations, including Iran. Samaneh Ghandali, 41, and her husband Mohammadjavad Khosravi (aka Mohammad Khosravi), 40, along with her sister Soroor […]
- PromptSpy Android Malware Abuses Gemini AI to Automate Recent-Apps Persistence 2026-02-19Cybersecurity researchers have discovered what they say is the first Android malware that abuses Gemini, Google's generative artificial intelligence (AI) chatbot, as part of its execution flow and achieves persistence. The malware has been codenamed PromptSpy by ESET. The malware is equipped to capture lockscreen data, block uninstallation efforts, gather device information, take screenshots,
- INTERPOL Operation Red Card 2.0 Arrests 651 in African Cybercrime Crackdown 2026-02-19An international cybercrime operation against online scams has led to 651 arrests and recovered more than $4.3 million as part of an effort led by law enforcement agencies from 16 African countries. The initiative, codenamed Operation Red Card 2.0, took place between December 8, 2025 and January 30, 2026, according to INTERPOL. It targeted infrastructure […]
- Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center 2026-02-19Microsoft has disclosed a now-patched security flaw in Windows Admin Center that could allow an attacker to escalate their privileges. Windows Admin Center is a locally deployed, browser-based management tool set that lets users manage their Windows Clients, Servers, and Clusters without the need for connecting to the cloud. The high-severity vulnerability, tracked as CVE-2026-26119, […]
- ThreatsDay Bulletin: OpenSSL RCE, Foxit 0-Days, Copilot Leak, AI Password Flaws & 20+ Stories 2026-02-19The cyber threat space doesn’t pause, and this week makes that clear. New risks, new tactics, and new security gaps are showing up across platforms, tools, and industries — often all at the same time. Some developments are headline-level. Others sit in the background but carry long-term impact. Together, they shape how defenders need to […]
- From Exposure to Exploitation: How AI Collapses Your Response Window 2026-02-19We’ve all seen this before: a developer deploys a new cloud workload and grants overly broad permissions just to keep the sprint moving. An engineer generates a "temporary" API key for testing and forgets to revoke it. In the past, these were minor operational risks, debts you’d eventually pay down during a slower cycle. In […]
- Fake IPTV Apps Spread Massiv Android Malware Targeting Mobile Banking Users 2026-02-19Cybersecurity researchers have disclosed details of a new Android trojan called Massiv that's designed to facilitate device takeover (DTO) attacks for financial theft. The malware, according to ThreatFabric, masquerades as seemingly harmless IPTV apps to deceive victims, indicating that the activity is primarily singling out users looking for the online TV applications. "This new threat, […]
- CRESCENTHARVEST Campaign Targets Iran Protest Supporters With RAT Malware 2026-02-19Cybersecurity researchers have disclosed details of a new campaign dubbed CRESCENTHARVEST, likely targeting supporters of Iran's ongoing protests to conduct information theft and long-term espionage. The Acronis Threat Research Unit (TRU) said it observed the activity after January 9, with the attacks designed to deliver a malicious payload that serves as a remote access trojan […]
- Citizen Lab Finds Cellebrite Tool Used on Kenyan Activist’s Phone in Police Custody 2026-02-18New research from the Citizen Lab has found signs that Kenyan authorities used a commercial forensic extraction tool manufactured by Israeli company Cellebrite to break into a prominent dissident's phone, making it the latest case of abuse of the technology targeting civil society. The interdisciplinary research unit at the University of Toronto's Munk School of […]
- Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution 2026-02-18Cybersecurity researchers have disclosed a critical security flaw in the Grandstream GXP1600 series of VoIP phones that could allow an attacker to seize control of susceptible devices. The vulnerability, tracked as CVE-2026-2329, carries a CVSS score of 9.3 out of a maximum of 10.0. It has been described as a case of unauthenticated stack-based buffer […]
- Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs 2026-02-18Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code (VS Code) extensions that, if successfully exploited, could allow threat actors to steal local files and execute code remotely. The extensions, which have been collectively installed more than 125 million times, are Live Server, Code Runner, Markdown Preview Enhanced, and
- Cybersecurity Tech Predictions for 2026: Operating in a World of Permanent Instability 2026-02-18In 2025, navigating the digital seas still felt like a matter of direction. Organizations charted routes, watched the horizon, and adjusted course to reach safe harbors of resilience, trust, and compliance. In 2026, the seas are no longer calm between storms. Cybersecurity now unfolds in a state of continuous atmospheric instability: AI-driven threats that adapt in […]
- Dell RecoverPoint for VMs Zero-Day CVE-2026-22769 Exploited Since Mid-2024 2026-02-18A maximum severity security vulnerability in Dell RecoverPoint for Virtual Machines has been exploited as a zero-day by a suspected China-nexus threat cluster dubbed UNC6201 since mid-2024, according to a new report from Google Mandiant and Google Threat Intelligence Group (GTIG). The activity involves the exploitation of CVE-2026-22769 (CVSS score: 10.0), a case of hard-coded […]
- 3 Ways to Start Your Intelligent Workflow Program 2026-02-18Security, IT, and engineering teams today are under relentless pressure to accelerate outcomes, cut operational drag, and unlock the full potential of AI and automation. But simply investing in tools isn’t enough. 88% of AI proofs-of-concept never make it to production, even though 70% of workers cite freeing time for high-value work as the primary […]