Blogs - Security
CVE / NIST CISA News CISA Blog Cybersecurity Advisories ICS Advisories ICS Medical Advisories 
Packet Storm Security 
The Hacker News 
NIST News
- NIST Releases New Forensic Genetic Reference Material to Help Crime Laboratories Analyze Challenging Cases 2026-02-17The reference material is the first to include mixtures of high-quality and degraded DNA from different individuals.Sarah Henderson
- Announcing the "AI Agent Standards Initiative" for Interoperable and Secure Innovation 2026-02-17The Initiative will ensure that the next generation of AI is widely adopted with confidence, can function securely on behalf of its users, and can interoperate smoothly across the digital ecosystem.Peter Cihon
- NIST Allocates Over $3 Million to Small Businesses Advancing AI, Biotechnology, Semiconductors, Quantum and More 2026-02-10NIST is allocating funding to eight small businesses in seven states under the Small Business Innovation Research (SBIR) program.Sarah Henderson
- Space: The Final Frontier for Standards 2026-02-09Seven NIST reference materials, including house dust and freeze-dried human liver tissue, have been flown to the International Space Station.Sarah Henderson
- CAISI Issues Request for Information About Securing AI Agent Systems 2026-01-12The Center for AI Standards and Innovation (CAISI) at the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has published a Request for Information (RFI) seeking insights from industry, academia, and the securityPeter Cihon
- NIST Launches Centers for AI in Manufacturing and Critical Infrastructure 2025-12-22NIST has expanded its collaboration with the nonprofit MITRE Corporation as part of its efforts to ensure U.S. leadership in artificial intelligence.Sarah Henderson
- NIST Physicists Bring Unruly Molecules to the Quantum Party 2025-12-18Molecules can serve as versatile building blocks for quantum technologies, but they are much harder to control than atoms.Sarah Henderson
- Securing Smart Speakers for Home Health Care: NIST Offers New Guidelines 2025-12-17Cybersecurity and privacy risks can threaten patient confidentiality.Sarah Henderson
- Draft NIST Guidelines Rethink Cybersecurity for the AI Era 2025-12-16New guidelines can help an organization determine ways to incorporate AI into its operations while mitigating cybersecurity risks.Sarah Henderson
- Department of Commerce Announces Transition of Baldrige Performance Excellence Program 2025-12-11Beginning with the 2026 award cycle, the Alliance for Performance Excellence and the Baldrige Foundation will take on most operations for the program.Sarah Henderson
- What Time Is It on Mars? NIST Physicists Have the Answer. 2025-12-01This calculation is necessary for future space navigation and communication networks.Sarah Henderson
- Building a Sustainable Metals Infrastructure: NIST Report Highlights Key Strategies 2025-11-20Making metals processing more sustainable and resilient will support U.S industrial innovation and competitiveness.Sarah Henderson
- CAISI Evaluation of DeepSeek AI Models Finds Shortcomings and Risks 2025-09-30The Center for AI Standards and Innovation at NIST evaluated several leading models from DeepSeek, an AI company based in the People’s Republic of China.Sarah Henderson
- NIST Engineers Design 5 New Ways to Connect Concrete Pieces for More Resilient Buildings 2025-09-29One of the biggest challenges with precast concrete is connecting the concrete pieces at a job site.Sarah Henderson
- NIST Issues Broad Agency Announcement for Proposals to Advance Microelectronics Technologies 2025-09-24The CHIPS for America funding opportunity will support critical research, prototyping and commercial solutions that advance microelectronics technology in the United States.Sarah Henderson
- NIST Awards More Than $3 Million to Support Cybersecurity Workforce Development Across 13 States 2025-09-17There are currently more than 514,000 cybersecurity job openings in the U.S.Sarah Henderson
- In Quantum Sensing, What Beats Beating Noise? Meeting Noise Halfway. 2025-09-10A team including scientists at NIST may have found a new way of dealing with noise at the microscopic scales where quantum physics reigns.Sarah Henderson
- Champlain Towers South Investigation Nears Completion of Technical Work 2025-09-09Investigators share likely failure scenarios, advance indicators of building’s distress.Sarah Henderson
- NIST’s ‘Living Reference Material’ Could Accelerate R&D of Lifesaving Biological Drugs 2025-09-08The NIST reference material, called NISTCHO, will help the biopharmaceutical industry develop new drugs more quickly and ensure that they are safe and effective.Sarah Henderson
- Some Air Cleaners Release Harmful By-Products. Now We Have a Way to Measure Them. 2025-09-02Many types of air cleaners can generate small amounts of air pollution. Until now, there was no standard way to measure these negative by-products.Sarah Henderson
NIST Events
- 2083 MidAmerica Measurement Assurance Program, MidMAP** 2026-09-22NIST Handbook 143, Program Handbook (2019) details the criteria used for OWM Laboratory Recognition. NIST Handbook 143, Section 4 and Table 2 notes that annual attendance at the RMAP training session is required for ongoing laboratory RecognitionPamela L Corey
- NIST OWM Info Hour: Examination Procedure Outlines - A Guide for Evaluating Commercial Devices to NIST Handbook 44 Requirements 2026-09-17Examination Procedure Outlines or EPOs are a guide for evaluating commercial weighing and measuring devices to NIST Handbook 44 requirements. Designed to assist the field official, EPOs are also useful for sectors that design, sell, service, and usePamela L Corey
- NIST Small Business Community of Interest Quarterly Calls 2026-09-16NIST's Small Business Cybersecurity Community of Interest (COI) has been established to convene the public and private sectors to share business insights, expertise, challenges, and perspectives to guide our work and assist NIST in addressing theVontress Henderson
- 2094 Lab Metrology Info Hour - Review of critical updates to ASTM documentary standards and Q&A 2026-09-10This review of updates to relevant documentary standards, either completed or underway, will focus on ASTM E617-23, Standard Specification for Laboratory Weights and Precision Mass Standards and ASTM E898-20, Standard Practice for Calibration of NonPamela L Corey
- NIST OWM Info Hour: Portable Digital Density Meters used for the Commercial Inspection of Packaged Liquid Foodstuffs and Beverages 2026-09-03In 2025, NIST OWM provided an Info Hour to review comparison data of portable digital density meters (PDDM) to NIST HB 133 test procedures for determining the density of homogeneous liquid food products for liquid package inspections. The resultsPamela L Corey
- 2082 Southwest Assurance Program, SWAP** 2026-09-01NIST Handbook 143, Program Handbook (2019) details the criteria used for OWM Laboratory Recognition. NIST Handbook 143, Section 4 and Table 2 notes that annual attendance at the RMAP training session is required for ongoing laboratory RecognitionPamela L Corey
- NIST OWM Info Hour: Suitability of Separate Elements-Weighing Devices 2026-08-20This Info Hour will provide information, followed by a discussion identifying how to navigate HB 44 to determine the compatibility of indicating and weighing/load-receiving elements for weighing systems that incorporate separate elements. This isPamela L Corey
- 2064 Calibration Method Validation 2026-08-13This 2-hour webinar on Calibration Method Validation will examine the ISO/IEC 17025:2017 requirements for selection of calibration methods and for method validation and provide guidance on developing a process for validating a new or modifiedYvonne A. Branden
- 2070 Balance and Scale Calibration and Uncertainties 2026-08-03This 4-day seminar will cover the calibration and use of analytical weighing instruments (balances and laboratory/bench-top scales), including sources of weighing errors in analytical environments, methodologies for quantifying the errors, andYvonne A. Branden
- 2066 Fundamentals of Metrology 2026-07-27The 5-day Fundamentals of Metrology seminar is an intensive course that introduces participants to the concepts of measurement systems, units, good laboratory practices, data integrity, measurement uncertainty, measurement assurance, traceabilityYvonne A. Branden
- NIST OWM Info Hour: OWM Proficiency Testing Program for U.S. State Weights and Measures Laboratories 2026-07-23This Info Hour will provide attendees with an overview of the OWM’s proficiency testing (PT) program, describe how the program operates, and demonstrate the vital role it plays in evaluating the competency and traceability of participatingPamela L Corey
- 2063 State Laboratory Annual Submission Process 2026-07-16The State Laboratory Annual Submission Process webinar provides guidance on how to successfully submit all required materials to develop a complete and timely Recognition Application according to NIST Handbook (HB) 143, State Weights and MeasuresYvonne A. Branden
- 2065 Volume Metrology Seminar 2026-07-06The 5-day OWM Volume Metrology Seminar is designed to enable metrologists to apply fundamental measurement concepts to volume calibrations. A large percentage of time is spent on hands-on measurements, applying procedures and equations discussed inYvonne A. Branden
- 2062 Documenting Traceability and Calibration Intervals 2026-06-25This 2-hour webinar covers the essential elements of metrological traceability and the documentary evidence required to support traceability and calibration intervals. It uses NISTIR 6969, GMP 11, and GMP 13 as the baseline for instructions and alsoYvonne A. Branden
- Iris Experts Group Annual Meeting 2026-06-25The Iris Experts Group is a forum for the discussion of technical questions of interest to USG agencies and their staff that are employing or may employ iris recognition to carry out their mission. This is the annual meeting. The presentationsCrissy Robinson
- NIST OWM Info Hour: OWM EVSE Metrology Training Program 2026-06-18Learn about the Department of Energy National Energy Technology Laboratory (NETL)-supported effort at the NIST Office of Weights and Measures (OWM) to develop a comprehensive 5-day electric vehicle supply equipment (EVSE) metrology training programPamela L Corey
- NIST Small Business Community of Interest Quarterly Calls 2026-06-10NIST's Small Business Cybersecurity Community of Interest (COI) has been established to convene the public and private sectors to share business insights, expertise, challenges, and perspectives to guide our work and assist NIST in addressing theVontress Henderson
- 2080 Northeastern Measurement Assurance Program, NEMAP** 2026-06-09NIST Handbook 143, Program Handbook (2019) details the criteria used for OWM Laboratory Recognition. NIST Handbook 143, Section 4 and Table 2 notes that annual attendance at the RMAP training session is required for ongoing laboratory RecognitionPamela L Corey
- NIST OWM Info Hour: Considerations When Regulating Railroad Track Scale Traceability with NIST Handbooks 44, HB 105-8, HB 130, and HB 143 2026-06-04In this session, we present an overview of the significance and the contribution of the established documentary standards to the regulation process of a weighing device, in this case a railroad track scale, in terms of traceability (certified source)Pamela L Corey
- 17th Annual NICE Conference and Expo 2026-06-01The NICE Conference and Expo will take place June 1-3, 2026. Location to be announced. This event is supported by the National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology in the U.SSusana Barraza
CISA Blog
- The End is Just the Beginning of Better Security: Enhanced Vulnerability Management with OpenEoX 2026-02-13 CISA
- Super Bowl LX: Strengthening Preparation, Building Resilience, Fostering Partnerships 2026-02-09 CISA
- NCSWIC releases the “‘What is a PACE Plan” video 2025-12-05 CISA
- CISA Urges Critical Infrastructure to Be Air Aware 2025-11-19 CISA
- Helping OT Organizations to Establish Defensible Architecture and More Resilient Operations 2025-09-24 CISA
- The Mandate, Mission, and Momentum to lead the CVE Program into the Future belongs to CISA 2025-09-10 CISA
- The Joint SAFECOM-NCSWIC Project 25 (P25) User Needs Working Group (UNWG) releases the UNWG Video Series 2025-08-22 CISA
- Tackling the National Gap in Software Understanding 2025-08-20 CISA
- Securing Core Cloud Identity Infrastructure: Addressing Advanced Threats through Public-Private Collaboration 2025-07-15 CISA
- SAFECOM Releases the Emergency Communications System Lifecycle Planning Guide Suite Refresh 2025-07-02 CISA
CISA Blog
- The End is Just the Beginning of Better Security: Enhanced Vulnerability Management with OpenEoX 2026-02-13 CISA
- Super Bowl LX: Strengthening Preparation, Building Resilience, Fostering Partnerships 2026-02-09 CISA
- NCSWIC releases the “‘What is a PACE Plan” video 2025-12-05 CISA
- CISA Urges Critical Infrastructure to Be Air Aware 2025-11-19 CISA
- Helping OT Organizations to Establish Defensible Architecture and More Resilient Operations 2025-09-24 CISA
- The Mandate, Mission, and Momentum to lead the CVE Program into the Future belongs to CISA 2025-09-10 CISA
- The Joint SAFECOM-NCSWIC Project 25 (P25) User Needs Working Group (UNWG) releases the UNWG Video Series 2025-08-22 CISA
- Tackling the National Gap in Software Understanding 2025-08-20 CISA
- Securing Core Cloud Identity Infrastructure: Addressing Advanced Threats through Public-Private Collaboration 2025-07-15 CISA
- SAFECOM Releases the Emergency Communications System Lifecycle Planning Guide Suite Refresh 2025-07-02 CISA
ICS Advisories
- Siemens Simcenter Femap and Nastran 2026-02-17View CSAF Summary Siemens Simcenter Femap and Nastran is affected by multiple file parsing vulnerabilities that could be triggered when the application reads files in NDB and XDB formats. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead […]CISA
- GE Vernova Enervista UR Setup 2026-02-17View CSAF Summary Successful exploitation of these vulnerabilities may allow code execution with elevated privileges. The following versions of GE Vernova Enervista UR Setup are affected: Enervista UR SetupCISA
- Delta Electronics ASDA-Soft 2026-02-17View CSAF Summary Successful exploitation of this vulnerability may allow an attacker to write arbitrary data beyond the bounds of a stack-allocated buffer, leading to the corruption of a structured exception handler (SEH). The following versions of Delta Electronics ASDA-Soft are affected: ASDA-SoftCISA
- Honeywell CCTV Products 2026-02-17View CSAF Summary Successful exploitation of this vulnerability could lead to account takeovers and unauthorized access to camera feeds; an unauthenticated attacker may change the recovery email address, potentially leading to further network compromise. The following versions of Honeywell CCTV Products are affected: I-HIB2PI-UL 2MP IP 6.1.22.1216 (CVE-2026-1670) SMB NDAA MVO-3 WDR_2MP_32M_PTZ_v2.0 (CVE-2026-1670) PTZ WDR […]CISA
- Siemens Polarion 2026-02-12View CSAF Summary Polarion before V2506 contains a vulnerability that could allow authenticated remote attackers to conduct cross-site scripting attacks. Siemens has released new versions for the affected products and recommends to update to the latest versions. The following versions of Siemens Polarion are affected: Polarion V2404 vers:intdot/CISA
- Siemens COMOS 2026-02-12View CSAF Summary COMOS is affected by multiple vulnerabilities that could allow an attacker to execute arbitrary code or cause denial of service condition, data infiltration or perform access control violations. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens is preparing further fix versions and […]CISA
- Siemens Desigo CC Product Family and SENTRON Powermanager 2026-02-12View CSAF Summary Versions V6.0 through V8 QU1 of the Desigo CC product family (Desigo CC, Desigo CC Compact, Desigo CC Connect, Cerberus DMS), as well as the Desigo CC-based SENTRON Powermanager, are affected by a vulnerability in the underlying third-party component WIBU Systems CodeMeter Runtime. Successful exploitation of this vulnerability could lead to code […]CISA
- Siemens Solid Edge 2026-02-12View CSAF Summary Solid Edge uses PS/IGES Parasolid Translator Component that contains an out of bounds read that could be triggered when the application reads files in IGS file formats. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially […]CISA
- Siemens Siveillance Video Management Servers 2026-02-12View CSAF Summary The Webhooks implementation of Siveillance Video Management Servers contains a vulnerability that could allow an authenticated remote attacker with read-only privileges to achieve full access to Webhooks API. Siemens has released new versions for the affected products and recommends to update to the latest versions. The following versions of Siemens Siveillance Video […]CISA
- Siemens NX 2026-02-12View CSAF Summary Siemens NX is affected by multiple file parsing vulnerabilities that could be triggered when the application reads files in CGM format. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to crash or potentially lead to arbitrary code execution. Siemens […]CISA
- Hitachi Energy SuprOS 2026-02-12View CSAF Summary Hitachi Energy is aware of a vulnerability that affects the SuprOS product versions listed in this document. An attacker successfully exploiting this vulnerability can cause confidentiality, integrity and availability impacts. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation. The following versions of Hitachi Energy SuprOS are affected: SuprOS […]CISA
- Airleader Master 2026-02-12View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to obtain remote code execution. The following versions of Airleader Master are affected: Airleader MasterCISA
- Siemens SINEC NMS 2026-02-12View CSAF Summary Multiple Siemens products are affected by two local privilege escalation vulnerabilities which could allow an low privileged attacker to load malicious DLLs, potentially leading to arbitrary code execution with elevated privileges. Siemens has released new versions for the affected products and recommends to update to the latest versions. The following versions of […]CISA
- Siemens SINEC OS 2026-02-12View CSAF Summary SINEC OS before V3.3 contains third-party components with multiple vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions. The following versions of Siemens SINEC OS are affected: RUGGEDCOM RST2428P (6GK6242-6PA00) vers:intdot/may_split(). This happens before the VMA lock and rmap locks are taken, which […]CISA
- Yokogawa FAST/TOOLS 2026-02-10View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to redirected users to malicious sites, decrypt communications, perform a man-in-the-middle (MITM) attack, execute malicious scripts, steal files, and perform other various attacks. The following versions of Yokogawa FAST/TOOLS are affected: FAST/TOOLS >=R9.01|=R9.01|CISA
- ZLAN Information Technology Co. ZLAN5143D 2026-02-10View CSAF Summary Successful exploitation of these vulnerabilities could result in an attacker bypassing authentication, or resetting the device password. The following versions of ZLAN Information Technology Co. ZLAN5143D are affected: ZLAN5143D v1.600 (CVE-2026-25084, CVE-2026-24789) CVSS Vendor Equipment Vulnerabilities v3 9.8 ZLAN Information Technology Co. ZLAN Information Technology Co. ZLAN5143D Missing Authentication for Critical Function […]CISA
- AVEVA PI to CONNECT Agent 2026-02-10View CSAF Summary Successful exploitation of this vulnerability could result in an unauthorized access to the proxy server. The following versions of AVEVA PI to CONNECT Agent are affected: PI to CONNECT AgentCISA
- AVEVA PI Data Archive 2026-02-10View CSAF Summary Successful exploitation of this vulnerability could result in a denial-of-service condition. The following versions of AVEVA PI Data Archive are affected: PI Data Archive PI ServerCISA
- TP-Link Systems Inc. VIGI Series IP Camera 2026-02-05View CSAF Summary Successful exploitation of this vulnerability could result in unauthorized users gaining administrative access to affected closed circuit television cameras. The following versions of TP-Link Systems Inc. VIGI Series IP Camera are affected: VIGI Cx45 Series Models C345, C445CISA
- Mitsubishi Electric MELSEC iQ-R Series 2026-02-05View CSAF Summary Successful exploitation of this vulnerability may allow an attacker to read device data or part of a control program from the affected product, write device data in the affected product, or cause a denial-of-service condition on the affected product. The following versions of Mitsubishi Electric MELSEC iQ-R Series are affected: MELSEC iQ-R […]CISA
ICS Medical Advisories
- ZOLL ePCR IOS Mobile Application 2026-02-09View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to protected health information (PHI) or device telemetry. The following versions of ZOLL ePCR IOS Mobile Application are affected: ePCR IOS Mobile Application 2.6.7 (CVE-2025-12699) CVSS Vendor Equipment Vulnerabilities v3 5.5 ZOLL ZOLL ePCR IOS Mobile Application Insertion of […]CISA
- WHILL Model C2 Electric Wheelchairs and Model F Power Chairs 2025-12-30View CSAF Summary Successful exploitation of this vulnerability could allow an attacker within Bluetooth range to take control over the product. The following versions of WHILL Model C2 Electric Wheelchairs and Model F Power Chairs are affected: Model C2 Electric WheelChair (CVE-2025-14346) Model F Power Chair (CVE-2025-14346) CVSS Vendor Equipment Vulnerabilities v3 9.8 WHILL Inc. […]CISA
- Grassroots DICOM (GDCM) 2025-12-11View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION: Low attack complexity Vendor: Grassroots Equipment: DICOM (GDCM) Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to craft a malicious DICOM file and, if opened, could crash the application resulting in a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED […]CISA
- Varex Imaging Panoramic Dental Imaging Software 2025-12-11View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Varex Imaging Equipment: Panoramic Dental Imaging Software Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a standard user to obtain NT Authority/SYSTEM privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following AJAT dental imaging software […]CISA
- Mirion Medical EC2 Software NMIS BioDose 2025-12-02View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mirion Medical Equipment: EC2 Software NMIS BioDose Vulnerabilities: Incorrect Permission Assignment for Critical Resource, Use of Client-Side Authentication, Use of Hard-coded Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to modify program executables, gain access to […]CISA
- Vertikal Systems Hospital Manager Backend Services 2025-10-28View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Vertikal Systems Equipment: Hospital Manager Backend Services Vulnerabilities: Exposure of Sensitive System Information to an Unauthorized Control Sphere, Generation of Error Message Containing Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain unauthorized access […]CISA
- NIHON KOHDEN Central Monitor CNS-6201 2025-10-23View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: NIHON KOHDEN Equipment: Central Monitor CNS-6201 Vulnerability: NULL Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following NIHON KOHDEN products are affected: Central […]CISA
- Oxford Nanopore Technologies MinKNOW 2025-10-21View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Oxford Nanopore Technologies Equipment: MinKNOW Vulnerabilities: Missing Authentication for Critical Function, Insufficiently Protected Credentials, Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disrupt sequencing operations and processes, exfiltrate and […]CISA
- FUJIFILM Healthcare Americas Synapse Mobility 2025-08-21View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: FUJIFILM Healthcare Americas Corporation Equipment: Synapse Mobility Vulnerability: External Control of Assumed-Immutable Web Parameter 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access information beyond their assigned roles. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following […]CISA
- Santesoft Sante PACS Server 2025-08-12View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Santesoft Equipment: Sante PACS Server Vulnerabilities: Path Traversal, Double Free, Cleartext Transmission of Sensitive Information, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to create arbitrary files, cause a denial-of-service condition, obtain sensitive information, and […]CISA
- Medtronic MyCareLink Patient Monitor 2025-07-24View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: Medtronic Equipment: MyCareLink Patient Monitor 24950, 24952 Vulnerabilities: Cleartext Storage of Sensitive Information, Empty Password in Configuration File, Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to system compromise, unauthorized access to sensitive data, and manipulation […]CISA
- Panoramic Corporation Digital Imaging Software 2025-07-17View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Panoramic Corporation Equipment: Digital Imaging Software Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a standard user to obtain NT Authority/SYSTEM privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Panoramic Corporation products are affected: […]CISA
- MicroDicom DICOM Viewer 2025-06-10View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: MicroDicom Equipment: DICOM Viewer Vulnerability: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following MicroDicom products are affected: […]CISA
- Santesoft Sante DICOM Viewer Pro 2025-05-29View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Santesoft Equipment: Sante DICOM Viewer Pro Vulnerability: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose information or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Santesoft products are affected: Sante DICOM […]CISA
- Pixmeo OsiriX MD 2025-05-08View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Pixmeo Equipment: OsiriX MD Vulnerabilities: Use After Free, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause memory corruption, resulting in a denial-of-service condition or to steal credentials. 3. TECHNICAL DETAILS […]CISA
- MicroDicom DICOM Viewer 2025-05-01View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: MicroDicom Equipment: DICOM Viewer Vulnerabilities: Out-of-Bounds Write, Out-of-Bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information, cause memory corruption, and execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following MicroDicom products […]CISA
- INFINITT Healthcare INFINITT PACS 2025-04-10View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: INFINITT Healthcare Equipment: INFINITT PACS Vulnerabilities: Unrestricted Upload of File with Dangerous Type, Exposure of Sensitive System Information to an Unauthorized Control Sphere, 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to upload malicious […]CISA
- Santesoft Sante DICOM Viewer Pro 2025-03-20View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Santesoft Equipment: Sante DICOM Viewer Pro Vulnerability: Out-of-Bounds Write 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause memory corruption that would result in execution of arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Santesoft […]CISA
- Philips Intellispace Cardiovascular (ISCV) 2025-03-13View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Philips Equipment: Intellispace Cardiovascular (ISCV) Vulnerabilities: Improper Authentication, Use of Weak Credentials 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to replay the session of the logged in ISCV user and gain access to patient records. 3. TECHNICAL […]CISA
- Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application 2025-02-27View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Dario Health Equipment: USB-C Blood Glucose Monitoring System Starter Kit Android Application, Application Database and Internet-based Server Infrastructure Vulnerabilities: Exposure of Private Personal Information to an Unauthorized Actor, Improper Output Neutralization For Logs, Storage of Sensitive Data In a Mechanism Without […]CISA
The Hacker News
- Citizen Lab Finds Cellebrite Tool Used on Kenyan Activist’s Phone in Police Custody 2026-02-18New research from the Citizen Lab has found signs that Kenyan authorities used a commercial forensic extraction tool manufactured by Israeli company Cellebrite to break into a prominent dissident's phone, making it the latest case of abuse of the technology targeting civil society. The interdisciplinary research unit at the University of Toronto's Munk School of […]
- Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution 2026-02-18Cybersecurity researchers have disclosed a critical security flaw in the Grandstream GXP1600 series of VoIP phones that could allow an attacker to seize control of susceptible devices. The vulnerability, tracked as CVE-2026-2329, carries a CVSS score of 9.3 out of a maximum of 10.0. It has been described as a case of unauthenticated stack-based buffer […]
- Critical Flaws Found in Four VS Code Extensions with Over 125 Million Installs 2026-02-18Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code (VS Code) extensions that, if successfully exploited, could allow threat actors to steal local files and execute code remotely. The extensions, which have been collectively installed more than 125 million times, are Live Server, Code Runner, Markdown Preview Enhanced, and
- Cybersecurity Tech Predictions for 2026: Operating in a World of Permanent Instability 2026-02-18In 2025, navigating the digital seas still felt like a matter of direction. Organizations charted routes, watched the horizon, and adjusted course to reach safe harbors of resilience, trust, and compliance. In 2026, the seas are no longer calm between storms. Cybersecurity now unfolds in a state of continuous atmospheric instability: AI-driven threats that adapt in […]
- Dell RecoverPoint for VMs Zero-Day CVE-2026-22769 Exploited Since Mid-2024 2026-02-18A maximum severity security vulnerability in Dell RecoverPoint for Virtual Machines has been exploited as a zero-day by a suspected China-nexus threat cluster dubbed UNC6201 since mid-2024, according to a new report from Google Mandiant and Google Threat Intelligence Group (GTIG). The activity involves the exploitation of CVE-2026-22769 (CVSS score: 10.0), a case of hard-coded […]
- 3 Ways to Start Your Intelligent Workflow Program 2026-02-18Security, IT, and engineering teams today are under relentless pressure to accelerate outcomes, cut operational drag, and unlock the full potential of AI and automation. But simply investing in tools isn’t enough. 88% of AI proofs-of-concept never make it to production, even though 70% of workers cite freeing time for high-value work as the primary […]
- Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware 2026-02-18Notepad++ has released a security fix to plug gaps that were exploited by an advanced threat actor from China to hijack the software update mechanism to selectively deliver malware to targets of interest. The version 8.9.2 update incorporates what maintainer Don Ho calls a "double lock" design that aims to make the update process "robust […]
- CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update 2026-02-18The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2026-2441 (CVSS score: 8.8) - A use-after-free vulnerability in Google Chrome that could allow a remote attacker to […]
- Webinar: How Modern SOC Teams Use AI and Context to Investigate Cloud Breaches Faster 2026-02-17Cloud attacks move fast — faster than most incident response teams. In data centers, investigations had time. Teams could collect disk images, review logs, and build timelines over days. In the cloud, infrastructure is short-lived. A compromised instance can disappear in minutes. Identities rotate. Logs expire. Evidence can vanish before analysis even begins. Cloud forensics […]
- Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies 2026-02-17Cybersecurity researchers have disclosed that artificial intelligence (AI) assistants that support web browsing or URL fetching capabilities can be turned into stealthy command-and-control (C2) relays, a technique that could allow attackers to blend into legitimate enterprise communications and evade detection. The attack method, which has been demonstrated against Microsoft Copilot and xAI Grok
- Keenadu Firmware Backdoor Infects Android Tablets via Signed OTA Updates 2026-02-17A new Android backdoor that's embedded deep into the device firmware can silently harvest data and remotely control its behavior, according to new findings from Kaspersky. The Russian cybersecurity vendor said it discovered the backdoor, dubbed Keenadu, in the firmware of devices associated with various brands, including Alldocube, with the compromise occurring during the firmware […]
- SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer 2026-02-17Cybersecurity researchers have disclosed details of a new SmartLoader campaign that involves distributing a trojanized version of a Model Context Protocol (MCP) server associated with Oura Health to deliver an information stealer known as StealC. "The threat actors cloned a legitimate Oura MCP Server – a tool that connects AI assistants to Oura Ring health […]
- My Day Getting My Hands Dirty with an NDR System 2026-02-17My objective As someone relatively inexperienced with network threat hunting, I wanted to get some hands-on experience using a network detection and response (NDR) system. My goal was to understand how NDR is used in hunting and incident response, and how it fits into the daily workflow of a Security Operations Center (SOC). Corelight’s Investigator […]
- Microsoft Finds “Summarize with AI” Prompts Manipulating Chatbot Recommendations 2026-02-17New research from Microsoft has revealed that legitimate businesses are gaming artificial intelligence (AI) chatbots via the "Summarize with AI" button that's being increasingly placed on websites in ways that mirror classic search engine poisoning (SEO). The new AI hijacking technique has been codenamed AI Recommendation Poisoning by the Microsoft Defender Security Research Team. The […]
- Apple Tests End-to-End Encrypted RCS Messaging in iOS 26.4 Developer Beta 2026-02-17Apple on Monday released a new developer beta of iOS and iPadOS with support for end-to-end encryption (E2EE) in Rich Communications Services (RCS) messages. The feature is currently available for testing in iOS and iPadOS 26.4 Beta, and is expected to be shipped to customers in a future update for iOS, iPadOS, macOS, and watchOS. […]
- Infostealer Steals OpenClaw AI Agent Configuration Files and Gateway Tokens 2026-02-16Cybersecurity researchers disclosed they have detected a case of an information stealer infection successfully exfiltrating a victim's OpenClaw (formerly Clawdbot and Moltbot) configuration environment. "This finding marks a significant milestone in the evolution of infostealer behavior: the transition from stealing browser credentials to harvesting the 'souls' and identities of personal AI [
- Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers 2026-02-16A new study has found that multiple cloud-based password managers, including Bitwarden, Dashlane, and LastPass, are susceptible to password recovery attacks under certain conditions. "The attacks range in severity from integrity violations to the complete compromise of all vaults in an organization," researchers Matteo Scarlata, Giovanni Torrisi, Matilda Backendal, and Kenneth G. Paterson said.
- Weekly Recap: Outlook Add-Ins Hijack, 0-Day Patches, Wormable Botnet & AI Malware 2026-02-16This week’s recap shows how small gaps are turning into big entry points. Not always through new exploits, often through tools, add-ons, cloud setups, or workflows that people already trust and rarely question. Another signal: attackers are mixing old and new methods. Legacy botnet tactics, modern cloud abuse, AI assistance, and supply-chain exposure are being […]
- Safe and Inclusive E‑Society: How Lithuania Is Bracing for AI‑Driven Cyber Fraud 2026-02-16Technologies are evolving fast, reshaping economies, governance, and daily life. Yet, as innovation accelerates, so do digital risks. Technological change is no longer abstract for such a country as Lithuania, as well. From e-signatures to digital health records, the country depends on secure systems. Cybersecurity has become not only a technical challenge but a societal […]
- New ZeroDayRAT Mobile Spyware Enables Real-Time Surveillance and Data Theft 2026-02-16Cybersecurity researchers have disclosed details of a new mobile spyware platform dubbed ZeroDayRAT that's being advertised on Telegram as a way to grab sensitive data and facilitate real-time surveillance on Android and iOS devices. "The developer runs dedicated channels for sales, customer support, and regular updates, giving buyers a single point of access to a […]