Blogs - Security
CVE / NIST CISA News CISA Blog Cybersecurity Advisories ICS Advisories ICS Medical Advisories 
Packet Storm Security 
The Hacker News 
NIST News
- 2 Health Care Organizations Will Receive 2025 Baldrige National Quality Awards 2026-02-19The award highlights organizations that focus on resilience.Sarah Henderson
- NIST Releases New Forensic Genetic Reference Material to Help Crime Laboratories Analyze Challenging Cases 2026-02-17The reference material is the first to include mixtures of high-quality and degraded DNA from different individuals.Sarah Henderson
- Announcing the "AI Agent Standards Initiative" for Interoperable and Secure Innovation 2026-02-17The Initiative will ensure that the next generation of AI is widely adopted with confidence, can function securely on behalf of its users, and can interoperate smoothly across the digital ecosystem.Peter Cihon
- NIST Allocates Over $3 Million to Small Businesses Advancing AI, Biotechnology, Semiconductors, Quantum and More 2026-02-10NIST is allocating funding to eight small businesses in seven states under the Small Business Innovation Research (SBIR) program.Sarah Henderson
- Space: The Final Frontier for Standards 2026-02-09Seven NIST reference materials, including house dust and freeze-dried human liver tissue, have been flown to the International Space Station.Sarah Henderson
- CAISI Issues Request for Information About Securing AI Agent Systems 2026-01-12The Center for AI Standards and Innovation (CAISI) at the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has published a Request for Information (RFI) seeking insights from industry, academia, and the securityPeter Cihon
- NIST Launches Centers for AI in Manufacturing and Critical Infrastructure 2025-12-22NIST has expanded its collaboration with the nonprofit MITRE Corporation as part of its efforts to ensure U.S. leadership in artificial intelligence.Sarah Henderson
- NIST Physicists Bring Unruly Molecules to the Quantum Party 2025-12-18Molecules can serve as versatile building blocks for quantum technologies, but they are much harder to control than atoms.Sarah Henderson
- Securing Smart Speakers for Home Health Care: NIST Offers New Guidelines 2025-12-17Cybersecurity and privacy risks can threaten patient confidentiality.Sarah Henderson
- Draft NIST Guidelines Rethink Cybersecurity for the AI Era 2025-12-16New guidelines can help an organization determine ways to incorporate AI into its operations while mitigating cybersecurity risks.Sarah Henderson
- Department of Commerce Announces Transition of Baldrige Performance Excellence Program 2025-12-11Beginning with the 2026 award cycle, the Alliance for Performance Excellence and the Baldrige Foundation will take on most operations for the program.Sarah Henderson
- What Time Is It on Mars? NIST Physicists Have the Answer. 2025-12-01This calculation is necessary for future space navigation and communication networks.Sarah Henderson
- Building a Sustainable Metals Infrastructure: NIST Report Highlights Key Strategies 2025-11-20Making metals processing more sustainable and resilient will support U.S industrial innovation and competitiveness.Sarah Henderson
- CAISI Evaluation of DeepSeek AI Models Finds Shortcomings and Risks 2025-09-30The Center for AI Standards and Innovation at NIST evaluated several leading models from DeepSeek, an AI company based in the People’s Republic of China.Sarah Henderson
- NIST Engineers Design 5 New Ways to Connect Concrete Pieces for More Resilient Buildings 2025-09-29One of the biggest challenges with precast concrete is connecting the concrete pieces at a job site.Sarah Henderson
- NIST Issues Broad Agency Announcement for Proposals to Advance Microelectronics Technologies 2025-09-24The CHIPS for America funding opportunity will support critical research, prototyping and commercial solutions that advance microelectronics technology in the United States.Sarah Henderson
- NIST Awards More Than $3 Million to Support Cybersecurity Workforce Development Across 13 States 2025-09-17There are currently more than 514,000 cybersecurity job openings in the U.S.Sarah Henderson
- In Quantum Sensing, What Beats Beating Noise? Meeting Noise Halfway. 2025-09-10A team including scientists at NIST may have found a new way of dealing with noise at the microscopic scales where quantum physics reigns.Sarah Henderson
- Champlain Towers South Investigation Nears Completion of Technical Work 2025-09-09Investigators share likely failure scenarios, advance indicators of building’s distress.Sarah Henderson
- NIST’s ‘Living Reference Material’ Could Accelerate R&D of Lifesaving Biological Drugs 2025-09-08The NIST reference material, called NISTCHO, will help the biopharmaceutical industry develop new drugs more quickly and ensure that they are safe and effective.Sarah Henderson
NIST Events
- August Tour for NIST's 125th Anniversary 2026-08-19Join us for an introduction to NIST and evening visit to one of our laboratories highlighted below. During the registration process, you will need to specify which lab you intend to visit. Given the limited capacity available each day, attendanceCrissy Robinson
- 2064 Calibration Method Validation 2026-08-13This 2-hour webinar on Calibration Method Validation will examine the ISO/IEC 17025:2017 requirements for selection of calibration methods and for method validation and provide guidance on developing a process for validating a new or modifiedYvonne A. Branden
- 2070 Balance and Scale Calibration and Uncertainties 2026-08-03This 4-day seminar will cover the calibration and use of analytical weighing instruments (balances and laboratory/bench-top scales), including sources of weighing errors in analytical environments, methodologies for quantifying the errors, andYvonne A. Branden
- Can We Design Buildings to Resist Tornadoes? 2026-07-28Speaker: Marc Levitan, NIST research wind engineer Conventional wisdom has been that the only safe place to be in a tornado is underground. However, recent decades have brought significant advances in our understanding of tornadoes, their effects onCrissy Robinson
- 2066 Fundamentals of Metrology 2026-07-27The 5-day Fundamentals of Metrology seminar is an intensive course that introduces participants to the concepts of measurement systems, units, good laboratory practices, data integrity, measurement uncertainty, measurement assurance, traceabilityYvonne A. Branden
- NIST OWM Info Hour: OWM Proficiency Testing Program for U.S. State Weights and Measures Laboratories 2026-07-23This Info Hour will provide attendees with an overview of the OWM’s proficiency testing (PT) program, describe how the program operates, and demonstrate the vital role it plays in evaluating the competency and traceability of participatingPamela L Corey
- 2026 Time and Frequency Seminar 2026-07-21NIST Time and Frequency Division's annual seminar covers precision clocks and oscillators, atomic frequency standards, rf and optical synchronization, optical oscillators, quantum information; position, navigation, timing (PNT) Global NavigationCrissy Robinson
- July Tour for NIST's 125th Anniversary and the Nation's 250th Birthday 2026-07-16Join us for an introduction to NIST and evening visit to one of our laboratories highlighted below. During the registration process, you will need to specify which lab you intend to visit. Given the limited capacity available each day, attendanceCrissy Robinson
- 2063 State Laboratory Annual Submission Process 2026-07-16The State Laboratory Annual Submission Process webinar provides guidance on how to successfully submit all required materials to develop a complete and timely Recognition Application according to NIST Handbook (HB) 143, State Weights and MeasuresYvonne A. Branden
- 2065 Volume Metrology Seminar 2026-07-06The 5-day OWM Volume Metrology Seminar is designed to enable metrologists to apply fundamental measurement concepts to volume calibrations. A large percentage of time is spent on hands-on measurements, applying procedures and equations discussed inYvonne A. Branden
- June Tour for NIST's 125th Anniversary 2026-06-30Join us for an introduction to NIST and evening visit to one of our laboratories highlighted below. During the registration process, you will need to specify which lab you intend to visit. Given the limited capacity available each day, attendanceCrissy Robinson
- 2062 Documenting Traceability and Calibration Intervals 2026-06-25This 2-hour webinar covers the essential elements of metrological traceability and the documentary evidence required to support traceability and calibration intervals. It uses NISTIR 6969, GMP 11, and GMP 13 as the baseline for instructions and alsoYvonne A. Branden
- Iris Experts Group Annual Meeting 2026-06-25The Iris Experts Group is a forum for the discussion of technical questions of interest to USG agencies and their staff that are employing or may employ iris recognition to carry out their mission. This is the annual meeting. The presentationsCrissy Robinson
- NIST OWM Info Hour: OWM EVSE Metrology Training Program 2026-06-18Learn about the Department of Energy National Energy Technology Laboratory (NETL)-supported effort at the NIST Office of Weights and Measures (OWM) to develop a comprehensive 5-day electric vehicle supply equipment (EVSE) metrology training programPamela L Corey
- Artificial Intelligence for Materials Science (AIMS) 2026 2026-06-16As part of the JARVIS workshop series, the 7th Artificial Intelligence for Materials Science (AIMS) is a workshop aimed at getting together experts from industry, academia, and government to facilitate highly technical dialogue on the intersection ofCrissy Robinson
- NIST Small Business Community of Interest Quarterly Calls 2026-06-10NIST's Small Business Cybersecurity Community of Interest (COI) has been established to convene the public and private sectors to share business insights, expertise, challenges, and perspectives to guide our work and assist NIST in addressing theVontress Henderson
- 2080 Northeastern Measurement Assurance Program, NEMAP** 2026-06-09NIST Handbook 143, Program Handbook (2019) details the criteria used for OWM Laboratory Recognition. NIST Handbook 143, Section 4 and Table 2 notes that annual attendance at the RMAP training session is required for ongoing laboratory RecognitionPamela L Corey
- NIST OWM Info Hour: Considerations When Regulating Railroad Track Scale Traceability with NIST Handbooks 44, HB 105-8, HB 130, and HB 143 2026-06-04In this session, we present an overview of the significance and the contribution of the established documentary standards to the regulation process of a weighing device, in this case a railroad track scale, in terms of traceability (certified source)Pamela L Corey
- 17th Annual NICE Conference and Expo 2026-06-01The NICE Conference and Expo will take place June 1-3, 2026. Location to be announced. This event is supported by the National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology in the U.SSusana Barraza
- 2059 Basic Uncertainty Concepts 2026-05-28This 2-hour webinar provides a very basic introduction to uncertainty calculations and reporting using the 8-step process published in NIST SOP 29 (NISTIR 6969), beginning with some definitions and concepts from the Guide to the Expression ofYvonne A. Branden
CISA Blog
- The End is Just the Beginning of Better Security: Enhanced Vulnerability Management with OpenEoX 2026-02-13 CISA
- Super Bowl LX: Strengthening Preparation, Building Resilience, Fostering Partnerships 2026-02-09 CISA
- NCSWIC releases the “‘What is a PACE Plan” video 2025-12-05 CISA
- CISA Urges Critical Infrastructure to Be Air Aware 2025-11-19 CISA
- Helping OT Organizations to Establish Defensible Architecture and More Resilient Operations 2025-09-24 CISA
- The Mandate, Mission, and Momentum to lead the CVE Program into the Future belongs to CISA 2025-09-10 CISA
- The Joint SAFECOM-NCSWIC Project 25 (P25) User Needs Working Group (UNWG) releases the UNWG Video Series 2025-08-22 CISA
- Tackling the National Gap in Software Understanding 2025-08-20 CISA
- Securing Core Cloud Identity Infrastructure: Addressing Advanced Threats through Public-Private Collaboration 2025-07-15 CISA
- SAFECOM Releases the Emergency Communications System Lifecycle Planning Guide Suite Refresh 2025-07-02 CISA
CISA Blog
- The End is Just the Beginning of Better Security: Enhanced Vulnerability Management with OpenEoX 2026-02-13 CISA
- Super Bowl LX: Strengthening Preparation, Building Resilience, Fostering Partnerships 2026-02-09 CISA
- NCSWIC releases the “‘What is a PACE Plan” video 2025-12-05 CISA
- CISA Urges Critical Infrastructure to Be Air Aware 2025-11-19 CISA
- Helping OT Organizations to Establish Defensible Architecture and More Resilient Operations 2025-09-24 CISA
- The Mandate, Mission, and Momentum to lead the CVE Program into the Future belongs to CISA 2025-09-10 CISA
- The Joint SAFECOM-NCSWIC Project 25 (P25) User Needs Working Group (UNWG) releases the UNWG Video Series 2025-08-22 CISA
- Tackling the National Gap in Software Understanding 2025-08-20 CISA
- Securing Core Cloud Identity Infrastructure: Addressing Advanced Threats through Public-Private Collaboration 2025-07-15 CISA
- SAFECOM Releases the Emergency Communications System Lifecycle Planning Guide Suite Refresh 2025-07-02 CISA
ICS Advisories
- Trane Tracer SC, Tracer SC+, and Tracer Concierge 2026-03-12View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, execute arbitrary commands, or perform a denial-of-service on the product. The following versions of Trane Tracer SC, Tracer SC+, and Tracer Concierge are affected: Tracer SC Tracer SC+ Tracer Concierge CVSS Vendor Equipment Vulnerabilities v3 8.1 Trane Trane Tracer […]CISA
- Siemens RUGGEDCOM APE1808 Devices 2026-03-12View CSAF Summary Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version. The following versions of Siemens RUGGEDCOM APE1808 Devices are affected: RUGGEDCOM APE1808 vers:all/*, vers:all/* (CVE-2026-24858, CVE-2025-55018, CVE-2025-62439, CVE-2025-64157) CVSS […]CISA
- Siemens SIDIS Prime 2026-03-12View CSAF Summary SIDIS Prime before V4.0.800 is affected by multiple vulnerabilities in the components OpenSSL, SQLite, and several Node.js packages as described below. Siemens has released a new version of SIDIS Prime and recommends to update to the latest version. The following versions of Siemens SIDIS Prime are affected: SIDIS Prime vers:intdot/CISA
- Siemens SIMATIC 2026-03-12View CSAF Summary SIMATIC S7-1500 devices contain a vulnerability that could allow an attacker to inject code by tricking a legitimate user into importing a specially crafted trace file in the web interface. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix […]CISA
- Siemens Heliox EV Chargers 2026-03-12View CSAF Summary Heliox EV Chargers listed below contain improper access control vulnerability that could allow an attacker to reach unauthorized services via the charging cable. Siemens has released new versions for the affected products and recommends to update to the latest versions. The following versions of Siemens Heliox EV Chargers are affected: Heliox Flex […]CISA
- Inductive Automation Ignition Software 2026-03-12View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to execute malicious code with OS application service account permissions that the authenticated, privileged application user did not intend on running. The following versions of Inductive Automation Ignition Software are affected: Ignition SoftwareCISA
- Lantronix EDS3000PS and EDS5000 2026-03-10View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication and execute code with root-level privileges. The following versions of Lantronix EDS3000PS and EDS5000 are affected: EDS3000PS 3.1.0.0R2 (CVE-2025-67039, CVE-2025-70082, CVE-2025-67041) EDS5000 2.1.0.0R3 (CVE-2025-67034, CVE-2025-67035, CVE-2025-67036, CVE-2025-67037, CVE-2025-67038) CVSS Vendor Equipment Vulnerabilities v3 9.8 Lantronix Lantronix EDS3000PS and EDS5000 Improper […]CISA
- Honeywell IQ4x BMS Controller 2026-03-10View CSAF Summary Successful exploitation of this vulnerability could allow an unauthorized attacker to access controller management settings, control components, disclose information, or cause a denial-of-service condition. The following versions of Honeywell IQ4x BMS Controller are affected: IQ4E >=Firmware_v3.50_3.44|=Firmware_v3.50_3.44|=Firmware_v3.50_3.44|=Firmware_v3.50_3.44|=Firmware_v3.50_3.44|=Firmware_v3.50_3.44|=Firmware_v3.50_3.44|=Firmware_v3.50_3.44|=Firmware_v3.50_3.44|=Firmware_v3.50_3.44|=Firmware_v3.50_3.44|=Firmware_v3.50_3.44|=Firmware_v3.50_3.44|=Firmware_v3.50_3.44|CISA
- Ceragon Siklu MultiHaul and EtherHaul Series 2026-03-10View CSAF Summary Successful exploitation of this vulnerability could result in arbitrary file upload to the target equipment. The following versions of Ceragon Siklu MultiHaul and EtherHaul Series are affected: MultiHaul MH-B100-CCS MultiHaul MH-T200-CCC MultiHaul MH-T200-CNN MultiHaul MH-T201-CNN EtherHaul EH-8010FX EtherHaul EH-500TX EtherHaul EH-600TX EtherHaul EH-614TX EtherHaul EH-700TX EtherHaul EH-710TX EtherHaul EH-1200TX EtherHaul EH-1200FX EtherHaul […]CISA
- Apeman Cameras 2026-03-10View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to take control of the device or view camera feeds. The following versions of Apeman Cameras are affected: ID71 vers:all/* (CVE-2025-11126, CVE-2025-11851, CVE-2025-11852) CVSS Vendor Equipment Vulnerabilities v3 9.8 Apeman Apeman Cameras Insufficiently Protected Credentials, Improper Neutralization of Input During Web Page Generation […]CISA
- Delta Electronics CNCSoft-G2 2026-03-05View CSAF Summary Successful exploitation of this vulnerability could result in an attacker achieving remote code execution on the device. The following versions of Delta Electronics CNCSoft-G2 are affected: CNCSoft-G2 CVSS Vendor Equipment Vulnerabilities v3 7.8 Delta Electronics Delta Electronics CNCSoft-G2 Out-of-bounds Write Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: […]CISA
- Hitachi Energy Relion REB500 Product 2026-03-03View CSAF Summary Hitachi Energy is aware of vulnerabilities that affect the Relion REB500 product versions listed in this document. Authenticated users with certain roles can exploit the vulnerabilities to access and modify the directory contents they are not authorized to do so. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation. […]CISA
- Hitachi Energy RTU500 Product 2026-03-03View CSAF Summary Hitachi Energy is aware of vulnerabilities that affect RTU500 product versions listed in this document. Successful exploitation of these vulnerabilities can result in the exposure of low-value user management information and device outage. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation. The following versions of Hitachi Energy RTU500 […]CISA
- Mitsubishi Electric MELSEC iQ-F Series EtherNet/IP module and Ethernet module 2026-03-03View CSAF Summary Successful exploitation of these vulnerabilities could allow a remote attacker to cause a denial-of-service condition by continuously sending UDP packets to the affected products. The following versions of Mitsubishi Electric MELSEC iQ-F Series EtherNet/IP module and Ethernet module are affected: MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IPCISA
- Labkotec LID-3300IP 2026-03-03View CSAF Summary Successful exploitation of this vulnerability could allow attackers to gain unauthorized control over system operations, leading to disruption of normal functionality and potential safety hazards. The following versions of Labkotec LID-3300IP are affected: LID-3300IP vers:all/* LID-3300IP Type 2 CVSS Vendor Equipment Vulnerabilities v3 9.4 Labkotec Labkotec LID-3300IP Missing Authentication for Critical Function […]CISA
- Mobiliti e-mobi.hu 2026-03-03View CSAF Summary Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. The following versions of Mobiliti e-mobi.hu are affected: e-mobi.hu vers:all/* CVSS Vendor Equipment Vulnerabilities v3 9.4 Mobiliti Mobiliti e-mobi.hu Missing Authentication for Critical Function, Improper Restriction of Excessive […]CISA
- ePower epower.ie 2026-03-03View CSAF Summary Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. The following versions of ePower epower.ie are affected: epower.ie vers:all/* CVSS Vendor Equipment Vulnerabilities v3 9.4 ePower ePower epower.ie Missing Authentication for Critical Function, Improper Restriction of Excessive […]CISA
- Everon OCPP Backends 2026-03-03View CSAF Summary Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks. The following versions of Everon OCPP Backends are affected: api.everon.io vers:all/* CVSS Vendor Equipment Vulnerabilities v3 9.4 Everon Everon OCPP Backends Missing Authentication for Critical Function, Improper Restriction […]CISA
- Portwell Engineering Toolkits 2026-03-03View CSAF Summary Successful exploitation of this vulnerability could allow a local attacker to escalate privileges or cause a denial-of-service condition. The following versions of Portwell Engineering Toolkits are affected: Portwell Engineering Toolkits 4.8.2 CVSS Vendor Equipment Vulnerabilities v3 8.8 Portwell Portwell Engineering Toolkits Improper Restriction of Operations within the Bounds of a Memory Buffer […]CISA
- Yokogawa CENTUM VP R6, R7 2026-02-26View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to terminate the software stack process, cause a denial-of-service condition, or execute arbitrary code. The following versions of Yokogawa CENTUM VP R6, R7 are affected: Vnet/IP Interface Package for CENTUM VP R6 (VP6C3300)CISA
ICS Medical Advisories
- ZOLL ePCR IOS Mobile Application 2026-02-09View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to protected health information (PHI) or device telemetry. The following versions of ZOLL ePCR IOS Mobile Application are affected: ePCR IOS Mobile Application 2.6.7 (CVE-2025-12699) CVSS Vendor Equipment Vulnerabilities v3 5.5 ZOLL ZOLL ePCR IOS Mobile Application Insertion of […]CISA
- WHILL Model C2 Electric Wheelchairs and Model F Power Chairs 2025-12-30View CSAF Summary Successful exploitation of this vulnerability could allow an attacker within Bluetooth range to take control over the product. The following versions of WHILL Model C2 Electric Wheelchairs and Model F Power Chairs are affected: Model C2 Electric WheelChair (CVE-2025-14346) Model F Power Chair (CVE-2025-14346) CVSS Vendor Equipment Vulnerabilities v3 9.8 WHILL Inc. […]CISA
- Grassroots DICOM (GDCM) 2025-12-11View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION: Low attack complexity Vendor: Grassroots Equipment: DICOM (GDCM) Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to craft a malicious DICOM file and, if opened, could crash the application resulting in a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED […]CISA
- Varex Imaging Panoramic Dental Imaging Software 2025-12-11View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Varex Imaging Equipment: Panoramic Dental Imaging Software Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a standard user to obtain NT Authority/SYSTEM privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following AJAT dental imaging software […]CISA
- Mirion Medical EC2 Software NMIS BioDose 2025-12-02View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mirion Medical Equipment: EC2 Software NMIS BioDose Vulnerabilities: Incorrect Permission Assignment for Critical Resource, Use of Client-Side Authentication, Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to modify program executables, gain access to […]CISA
- Vertikal Systems Hospital Manager Backend Services 2025-10-28View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Vertikal Systems Equipment: Hospital Manager Backend Services Vulnerabilities: Exposure of Sensitive System Information to an Unauthorized Control Sphere, Generation of Error Message Containing Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain unauthorized access […]CISA
- NIHON KOHDEN Central Monitor CNS-6201 2025-10-23View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: NIHON KOHDEN Equipment: Central Monitor CNS-6201 Vulnerability: NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following NIHON KOHDEN products are affected: Central […]CISA
- Oxford Nanopore Technologies MinKNOW 2025-10-21View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Oxford Nanopore Technologies Equipment: MinKNOW Vulnerabilities: Missing Authentication for Critical Function, Insufficiently Protected Credentials, Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disrupt sequencing operations and processes, exfiltrate and […]CISA
- FUJIFILM Healthcare Americas Synapse Mobility 2025-08-21View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: FUJIFILM Healthcare Americas Corporation Equipment: Synapse Mobility Vulnerability: External Control of Assumed-Immutable Web Parameter 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access information beyond their assigned roles. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following […]CISA
- Santesoft Sante PACS Server 2025-08-12View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Santesoft Equipment: Sante PACS Server Vulnerabilities: Path Traversal, Double Free, Cleartext Transmission of Sensitive Information, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to create arbitrary files, cause a denial-of-service condition, obtain sensitive information, and […]CISA
- Medtronic MyCareLink Patient Monitor 2025-07-24View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: Medtronic Equipment: MyCareLink Patient Monitor 24950, 24952 Vulnerabilities: Cleartext Storage of Sensitive Information, Empty Password in Configuration File, Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to system compromise, unauthorized access to sensitive data, and manipulation […]CISA
- Panoramic Corporation Digital Imaging Software 2025-07-17View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Panoramic Corporation Equipment: Digital Imaging Software Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a standard user to obtain NT Authority/SYSTEM privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Panoramic Corporation products are affected: […]CISA
- MicroDicom DICOM Viewer 2025-06-10View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: MicroDicom Equipment: DICOM Viewer Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following MicroDicom products are affected: […]CISA
- Santesoft Sante DICOM Viewer Pro 2025-05-29View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Santesoft Equipment: Sante DICOM Viewer Pro Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose information or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Santesoft products are affected: Sante DICOM […]CISA
- Pixmeo OsiriX MD 2025-05-08View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Pixmeo Equipment: OsiriX MD Vulnerabilities: Use After Free, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause memory corruption, resulting in a denial-of-service condition or to steal credentials. 3. TECHNICAL DETAILS […]CISA
- MicroDicom DICOM Viewer 2025-05-01View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: MicroDicom Equipment: DICOM Viewer Vulnerabilities: Out-of-Bounds Write, Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information, cause memory corruption, and execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following MicroDicom products […]CISA
- INFINITT Healthcare INFINITT PACS 2025-04-10View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: INFINITT Healthcare Equipment: INFINITT PACS Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Exposure of Sensitive System Information to an Unauthorized Control Sphere, 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to upload malicious […]CISA
- Santesoft Sante DICOM Viewer Pro 2025-03-20View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Santesoft Equipment: Sante DICOM Viewer Pro Vulnerability: Out-of-Bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause memory corruption that would result in execution of arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Santesoft […]CISA
- Philips Intellispace Cardiovascular (ISCV) 2025-03-13View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Philips Equipment: Intellispace Cardiovascular (ISCV) Vulnerabilities: Improper Authentication, Use of Weak Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to replay the session of the logged in ISCV user and gain access to patient records. 3. TECHNICAL […]CISA
- Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application 2025-02-27View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Dario Health Equipment: USB-C Blood Glucose Monitoring System Starter Kit Android Application, Application Database and Internet-based Server Infrastructure Vulnerabilities: Exposure of Private Personal Information to an Unauthorized Actor, Improper Output Neutralization For Logs, Storage of Sensitive Data In a Mechanism Without […]CISA
The Hacker News
- Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware 2026-03-13A suspected China-based cyber espionage operation has targeted Southeast Asian military organizations as part of a state-sponsored campaign that dates back to at least 2020. Palo Alto Networks Unit 42 is tracking the threat activity under the moniker CL-STA-1087, where CL refers to cluster, and STA stands for state-backed motivation. "The activity demonstrated strategic operational […]
- Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026 2026-03-13Meta has announced plans to discontinue support for end-to-end encryption (E2EE) for chats on Instagram after May 8, 2026. "If you have chats that are impacted by this change, you will see instructions on how you can download any media or messages you may want to keep," the social media giant said in a help […]
- INTERPOL Dismantles 45,000 Malicious IPs, Arrests 94 in Global Cybercrime 2026-03-13INTERPOL on Friday announced the takedown of 45,000 malicious IP addresses and servers used in connection with phishing, malware, and ransomware campaigns, as part of the agency's ongoing efforts to dismantle criminal networks, disrupt emerging threats, and safeguard victims from scams. The effort is part of an international law enforcement operation that involved 72 countries […]
- Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials 2026-03-13Microsoft has disclosed details of a credential theft campaign that employs fake virtual private network (VPN) clients distributed through search engine optimization (SEO) poisoning techniques. "The campaign redirects users searching for legitimate enterprise software to malicious ZIP files on attacker-controlled websites to deploy digitally signed trojans that masquerade as trusted VPN clients
- Investigating a New Click-Fix Variant 2026-03-13Disclaimer: This report has been prepared by the Threat Research Center to enhance cybersecurity awareness and support the strengthening of defense capabilities. It is based on independent research and observations of the current threat landscape available at the time of publication. The content is intended for informational and preparedness purposes only. Read more blogs around […]
- Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8 2026-03-13Google on Thursday released security updates for its Chrome web browser to address two high-severity vulnerabilities that it said have been exploited in the wild. The list of vulnerabilities is as follows - CVE-2026-3909 (CVSS score: 8.8) - An out-of-bounds write vulnerability in the Skia 2D graphics library that allows a remote attacker to perform […]
- Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation 2026-03-13Cybersecurity researchers have disclosed multiple security vulnerabilities within the Linux kernel's AppArmor module that could be exploited by unprivileged users to circumvent kernel protections, escalate to root, and undermine container isolation guarantees. The nine confused deputy vulnerabilities have been collectively codenamed CrackArmor by the Qualys Threat Research Unit (TRU). The
- Authorities Disrupt SocksEscort Proxy Botnet Exploiting 369,000 IPs Across 163 Countries 2026-03-13A court-authorized international law enforcement operation has dismantled a criminal proxy service named SocksEscort that enslaved thousands of residential routers worldwide into a botnet for committing large-scale fraud. "SocksEscort infected home and small business internet routers with malware," the U.S. Department of Justice (DoJ) said. "The malware allowed SocksEscort to direct internet
- Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution 2026-03-13Veeam has released security updates to address multiple critical vulnerabilities in its Backup & Replication software that, if successfully exploited, could result in remote code execution. The vulnerabilities are as follows - CVE-2026-21666 (CVSS score: 9.9) - A vulnerability that allows an authenticated domain user to perform remote code execution on the Backup Server. CVE-2026-21667 […]
- Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays 2026-03-12Cybersecurity researchers have disclosed details of a new banking malware targeting Brazilian users that's written in Rust, marking a significant departure from other known Delphi-based malware families associated with the Latin American cybercrime ecosystem. The malware, which is designed to infect Windows systems and was first discovered last month, has been codenamed VENON by Brazilian
- Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks 2026-03-12Cybersecurity researchers have disclosed details of a suspected artificial intelligence (AI)-generated malware codenamed Slopoly put to use by a financially motivated threat actor named Hive0163. "Although still relatively unspectacular, AI-generated malware such as Slopoly shows how easily threat actors can weaponize AI to develop new malware frameworks in a fraction of the time it used […]
- How to Scale Phishing Detection in Your SOC: 3 Steps for CISOs 2026-03-12Phishing has quietly turned into one of the hardest enterprise threats to expose early. Instead of crude lures and obvious payloads, modern campaigns rely on trusted infrastructure, legitimate-looking authentication flows, and encrypted traffic that conceals malicious behavior from traditional detection layers. For CISOs, the priority is now clear: scale phishing detection in a way that […]
- ThreatsDay Bulletin: OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack & More 2026-03-12Another Thursday, another pile of weird security stuff that somehow happened in just seven days. Some of it is clever. Some of it is lazy. A few bits fall into that uncomfortable category of “yeah… this is probably going to show up in real incidents sooner than we’d like.” The pattern this week feels familiar […]
- Attackers Don't Just Send Phishing Emails. They Weaponize Your SOC's Workload 2026-03-12The most dangerous phishing campaigns aren’t just designed to fool employees. Many are designed to exhaust the analysts investigating them. When a phishing investigation takes 12 hours instead of five minutes, the outcome can shift from a contained incident to a breach. For years, the cybersecurity industry has focused on the front door of phishing […]
- Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit 2026-03-12Apple on Wednesday backported fixes for a security flaw in iOS, iPadOS, and macOS Sonoma to older versions after it was found to be used as part of the Coruna exploit kit. The vulnerability, tracked as CVE-2023-43010, relates to an unspecified vulnerability in WebKit that could result in memory corruption when processing maliciously crafted web […]
- Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets 2026-03-12Cybersecurity researchers have discovered half-a-dozen new Android malware families that come with capabilities to steal data from compromised devices and conduct financial fraud. The Android malware range from traditional banking trojans like PixRevolution, TaxiSpy RAT, BeatBanker, Mirax, and Oblivion RAT to full-fledged remote administration tools such as SURXRAT. PixRevolution, according to
- CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed 2026-03-12The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting n8n to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2025-68613 (CVSS score: 9.9), concerns a case of expression injection that leads to remote code execution. The security shortcoming was patched
- Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes 2026-03-11Agentic web browsers that leverage artificial intelligence (AI) capabilities to autonomously execute actions across multiple websites on behalf of a user could be trained and tricked into falling prey to phishing and scam traps. The attack, at its core, takes advantage of AI browsers' tendency to reason their actions and use it against the model […]
- Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials 2026-03-11Cybersecurity researchers have disclosed details of two now-patched security flaws in the n8n workflow automation platform, including two critical bugs that could result in arbitrary command execution. The vulnerabilities are listed below - CVE-2026-27577 (CVSS score: 9.4) - Expression sandbox escape leading to remote code execution (RCE) CVE-2026-27493 (CVSS score: 9.5) - Unauthenticated
- Meta Disables 150K Accounts Linked to Southeast Asia Scam Centers in Global Crackdown 2026-03-11Meta on Wednesday said it disabled over 150,000 accounts associated with scam centers in Southeast Asia as part of a coordinated effort in partnership with authorities from Thailand, the U.S., the U.K., Canada, Korea, Japan, Singapore, the Philippines, Australia, New Zealand, and Indonesia. The effort also led to 21 arrests made by the Royal Thai […]