CVE-2026-23194 rust_binder: correctly handle FDA objects of length zero

In the Linux kernel, the following vulnerability has been resolved: rustbinder: correctly handle FDA objects of length zero Fix a bug where an empty FDA fd array object with 0 fds would cause an out-of-bounds error. The previous implementation used skip == 0 to mean "this is a pointer fixup", but...

CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors

The U.S. Cybersecurity and Infrastructure Security Agency CISA and the Food and Drug Administration FDA have issued alerts about the presence of hidden functionality in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors. The vulnerability, tracked as CVE-2025-0626 , carries a CVS...

food.fda.moph.go.th Cross Site Scripting vulnerability OBB-3955239

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Navigate FDA 524b to get your medical cyber device to market

With amendment 524b officially enacted, medical devices across the United States and the globe are living under some new rules and procedures. You’re not alone if you are finding these new regulations a bit complex. Changes to business practices – particularly ones that involve millions of...

FDA medical IoT cyber device compliance. FD&C 524b

TL;DR FD&C 524b is new FDA legislation for medical cyber device compliance Introduced on March 30th 2023 it is now a firm requirement as of October 1st 2023 It demands provision of complex evidence that manufacturers take security seriously Medical cyber device market There are over 10,000 medica...

Safeguard Medical Devices: New H-ISAC Guidance on Cusp of FDA Rule

...

How medical device manufacturers can address new FDA cybersecurity guidelines

Advancements in technology in the healthcare industry have made medical devices increasingly vulnerable to cyber attacks. To embed better security practices into the manufacturing and implementation of medical devices, the FDA released a new mandate requiring a comprehensive cybersecurity plan fo...

CISA Warns of Critical Flaws in Illumina's DNA Sequencing Instruments

The U.S. Cybersecurity and Infrastructure Security Agency CISA has released an Industrial Control Systems ICS medical advisory warning of a critical flaw impacting Illumina medical devices. The issues impact the Universal Copy Service UCS software in the Illumina MiSeqDx, NextSeq 550Dx, iScan, iS...

BEC scammers go after more than just money

In a joint Cybersecurity Advisory CSA the Federal Bureau of Investigation FBI, the Food and Drug Administration Office of Criminal Investigations FDA OCI, and the US Department of Agriculture USDA recently observed incidents of Business Email Compromise BEC with a new twist. In these incidents th...

FBI, FDA OCI, and USDA Release Joint Cybersecurity Advisory Regarding Business Email Compromise Schemes Used to Steal Food

The Federal Bureau of Investigation FBI, the Food and Drug Administration Office of Criminal Investigations FDA OCI, and the U.S. Department of Agriculture USDA have released a joint Cybersecurity Advisory CSA detailing recently observed incidents of criminal actors using business email compromis...

Medtronic's MiniMed 600 series insulin pumps potentially at risk of compromise, says FDA

The US FDA Food and Drug Administration has warned users of Medtronic's MiniMed 600 Series Insulin Pump System--specifically, models for MiniMed 630G and MiniMed 670G--that their medical devices have a cybersecurity issue with its communication protocol. If compromised, attackers could gain...

CISA Warned About Critical Vulnerabilities in Illumina's DNA Sequencing Devices

The U.S. Cybersecurity and Infrastructure Security Agency CISA and Food and Drug Administration FDA have issued an advisory about critical security vulnerabilities in Illumina's next-generation sequencing NGS software. Three of the flaws are rated 10 out of 10 for severity on the Common...

CISA Releases Security Advisory on Illumina Local Run Manager

CISA has released an Industrial Controls Systems Advisory ICSA detailing multiple vulnerabilities in Illumina Local Run Manager. Successful exploitation of these vulnerabilities may allow an unauthenticated malicious actor to take control of the affected product remotely and take any action at th...

PT-2022-1385

Name of the Vulnerable Software and Affected Versions Android kernel Description The issue is related to a possible use after free due to improper input validation in the binder transaction buffer release of binder.c. This could lead to local escalation of privilege with no additional execution...

CISA Releases Security Advisory on PTC Axeda Agent and Desktop Server

CISA has released an Industrial Controls Systems Advisory ICSA, detailing vulnerabilities in PTC Axeda agent and Axeda Desktop Server. Successful exploitation of these vulnerabilities—collectively known as “Access:7”—could result in full system access, remote code execution, read/change...

fda-kiev.com Cross Site Scripting vulnerability OBB-2383729

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Cars and hospital equipment running Blackberry QNX may be affected by BadAlloc vulnerability

Following an announcement by Blackberry the U.S. Food & Drug Administration FDA and the Cybersecurity & Infrastructure Security Agency CISA have put out alerts that vulnerabilities found in the Blackberry QNX real-time operating system RTOS may introduce risks for certain medical devices...

Philips Interventional Workstations

1. EXECUTIVE SUMMARY CVSS v3 6.5 ATTENTION: Low skill level to exploit Vendor: Philips Equipment: Philips Interventional WorkSpot, Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live, ViewForum Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this...

Medical Device Security: Diagnosis Critical

A hacked insulin pump is the last thing a diabetic wants to worry about when life-saving fluids are pumped into their body. Sadly, concerns about medical device IT security are a healthcare reality. Last year, the U.S. Cybersecurity and Infrastructure Security Agency CISA issued more than a...

Hackers Leak Stolen Pfizer-BioNTech COVID-19 Vaccine Data

On the heels of a previously-reported cyberattack on the European Medicines Agency EMA, cybercriminals have spilled compromised data related to COVID-19 vaccinations onto the internet. The EMA is an agency of the European Union in charge of the evaluation and supervision of medicinal products in...