1362 matches found
NextGen Mirth Connect - Remote Code Execution
Mirth Connect, by NextGen HealthCare, is an open source data integration platform widely used by healthcare companies. Versions prior to 4.4.1 are vulnerable to an unauthenticated remote code execution vulnerability id: CVE-2023-37679 info: name: NextGen Mirth Connect - Remote Code Execution...
EUVD-2025-210254
Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme = 1.2.2 versions...
Fake malware-signing service Fox Tempest dismantled by Microsoft
Microsoft says it dismantled a malware-signing-as-a-service MSaaS called Fox Tempest, which helped cybercriminals make malware appear legitimate. The service let customers submit malicious files to be digitally signed with short-lived Microsoft-issued certificates, making the malware look...
Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks
Microsoft on Tuesday said it disrupted a malware-signing-as-a-service MSaaS operation that weaponized the company's Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world. The tech giant attribut...
Biometrics, diagnoses, and bank details exposed in major healthcare breach
NYC Health + Hospitals NYC H+H posted a data breach notice about a months‑long breach via a third‑party vendor that exposed highly sensitive patient and employee data for at least 1.8 million people, including medical records, government IDs, geolocation data, and even fingerprint and palm‑print...
HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint
All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions matches, matchesFull, and replaceMatches pass user-controlled regular expressions directly to Java's Pattern.compile and String.replaceAll without...
HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint
All implementations of FHIRPathEngine accept arbitrary FHIRPath expressions and evaluate them without input validation. The FHIRPath functions matches, matchesFull, and replaceMatches pass user-controlled regular expressions directly to Java's Pattern.compile and String.replaceAll without...
CVE-2026-8032
A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMINKEY causes hard-coded credentials. The attack is possible to be carried out remotely. The exploit has...
CVE-2026-8032
A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMINKEY causes hard-coded credentials. The attack is possible to be carried out remotely. The exploit has...
CVE-2026-8033
PicoTronica e-Clinic Healthcare System ECHS version 5.7 contains a vulnerability in the Response Header Handler component, specifically affecting the file /cdemos/echs/api/v2/. The issue allows information disclosure due to manipulation of the response headers. Exploitation is described as possib...
CVE-2026-8032
CVE-2026-8032 affects PicoTronica e-Clinic Healthcare System ECHS (v5.7). In echs.js (path: /cdemos/echs/priv/echs.js), an argument manipulation of ADMIN_KEY leads to hard-coded credentials exposed in the remote-access component. The issue enables remote exploitation with a published exploit; imp...
PT-2026-38216
Name of the Vulnerable Software and Affected Versions PicoTronica e-Clinic Healthcare System ECHS version 5.7 Description A missing authentication flaw exists in the API Endpoint component within the file '/cdemos/echs/api/v2/patient-records'. This issue allows a remote attacker to bypass...
PicoTronica e-Clinic Healthcare System ECHS 信息泄露漏洞
PicoTronica e-Clinic Healthcare System ECHS is a medical clinic management system developed by the British company PicoTronica. Version 5.7 of the PicoTronica e-Clinic Healthcare System ECHS contains a vulnerability related to information leakage. This vulnerability stems from an unknown function...
LuxSci Launches Enterprise-Grade HIPAA-Compliant Email Security for Mid-Sized Healthcare Organizations
Cambridge, MA, 5th May 2026, CyberNewswire...
Why VM Programs Suck
& From the Trenches This is the conversation I have with VM leads every week. It usually starts at minute thirty of a discovery call, after the official agenda is over and the Zoom faces relax. Someone says "can I be honest with you for a second?" — and then I get the list. Same complaints...
Data Sharing Framework 安全漏洞
Data Sharing Framework is an open-source distributed medical data sharing and processing framework based on BPMN and FHIR. Versions of Data Sharing Framework prior to 2.1.0 contained security vulnerabilities, which were caused by the incorrect use of reverse time comparison logic in the OIDC and...
Storm-1175 Deploys Medusa Ransomware Within 24 Hours of Flaw Disclosure
Microsoft researchers have uncovered a fast-moving group, Storm-1175, launching high-speed Medusa ransomware attacks against healthcare and education sectors in the UK, US, and Australia by exploiting security flaws in as little as 24 hours...
China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware
A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate "high-velocity" attacks and break into susceptible internet-facing systems. "The threat actor's high operational tempo and...
Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations
In this article 1. Storm-1175’s rapid attack chain: From initial access to impact 2. Mitigation and protection guidance 3. Microsoft Defender detections 4. Indicators of compromise The financially motivated cybercriminal actor tracked by Microsoft Threat Intelligence as Storm-1175 operates...
Compliance Won’t Save Healthcare: Reducing the Blast Radius Will
...