Medical device manufacturers must implement cyber security in the design of their products and submit a plan to the FDA for every new product application. This requirement, set by the Food and Drug Omnibus Reform Act of 2022, includes developing a risk-based vulnerability management system and following steps to avoid cyber attacks and data breaches. The grace period for compliance ends on October 1, 2023. Failure to adhere can lead to legal action under the Federal Food, Drug, and Cosmetic Act.

Mandiant warns of attacks on newly-disclosed Ivanti remote takeover threat
Google’s Mandiant team has issued an alert about a remote code execution flaw in the Ivanti Connect Secure VPN platform. The vulnerability, designated CVE-2025-22457, is