NFG A.I CyberSecurity Scoring
09/06/2026
Access Monitoring Plan
Access Monitoring Plan
No incidents recorded for NASEM Fellowships & Grants in 2026.
No incidents recorded for NASEM Fellowships & Grants in 2026.
No incidents recorded for NASEM Fellowships & Grants in 2026.
Higher Education
McGill University is one of Canada's best-known institutions of higher learning and one of the leading universities in the world. With students coming to McGill from some 150 countries, our student body is the most internationally diverse of any research-intensive university in the country. McGill was founded in 1821 thanks to a generous bequest by James McGill, and since then, we've grown from a small college to a bustling university with three campuses, 11 faculties, some 300 programs of study, and more than 37,500 students. The University also partners with four affiliated teaching hospitals to graduate over 1,000 health care professionals each year. The goal of McGill University's social media platforms is to strengthen our community, which includes students, faculty, and alumni. The aim is to provide information on events, campus news and promote networking. McGill University fosters freedom of expression, while valuing respect and collegiality. We encourage respectful dialogue and reserve the right to remove the following: Comments deemed offensive, vulgar or profane; comments off-topic and/or unrelated to posted content; content that infringes on an individual's privacy or copyright.
Stanford is a place of discovery, creativity and innovation located in the San Francisco Bay Area on the ancestral land of the Muwekma Ohlone Tribe. Dedicated to our founding mission—benefitting society through research and education—we are working toward a sustainable future, accelerating the impact of research with external partners, catalyzing discoveries about ourselves and our world, and educating students as global citizens. Our main campus, which welcomed its first class in 1891, is now home to 650+ student organizations, 36 varsity athletic teams, 20 libraries, 21 living Nobel laureates, 18 interdisciplinary research institutes, seven schools, and a vibrant arts scene. More than 9,000 graduate students and 7,000 undergraduates pursue studies at Stanford each year. Our financial aid program, one of the most generous in the nation, makes it possible for any admitted undergraduate to attend without taking on student debt.
Founded in 1889, The University of New Mexico now occupies 600 acres along old Route 66 in the heart of Albuquerque, a city of more than 700,000 people. From the magnificent mesas to the west, past the banks of the historic Rio Grande to the Sandia Mountains to the east, Albuquerque is a blend of culture and cuisine, styles and stories, people, pursuits and panoramas. Offering a distinctive campus environment with a Pueblo Revival architectural theme, the campus echoes the buildings of nearby Pueblo Indian villages. The nationally recognized Campus Arboretum and the popular Duck Pond offer an outstanding botanical experience in the midst of one of New Mexico's great public open spaces.
As the State's flagship, the University of Maryland (UMD) strives to bring students deeply into the process of discovery, innovation and entrepreneurship. Whenever possible, hands-on research complements classroom instruction. Interdisciplinary collaborations facilitate the understanding of complex problems like cybersecurity and climate change, and international study and diversity help our graduates become global citizens. Its location inside Washington, D.C.'s Beltway, along with its own Metro stop, gives students numerous opportunities to work with neighboring federal agencies and labs, think tanks and foreign organizations.
Since 1965, the University of California, Irvine has combined the strengths of a major research university with the bounty of an incomparable Southern California location. As a U.S. News & World Report top 10 public university, UCI’s unyielding commitment to rigorous academics, cutting-edge research, and leadership and character development makes the campus a driving force for innovation and discovery that serves our local, national and global communities in many ways. With more than 37,000 students, 1,497 faculty members and 11,622 staff, UCI is among the most dynamic campuses in the University of California system. Increasingly a first-choice campus for students, UCI ranks among the top U.S. universities in the number of undergraduate applications and continues to admit freshmen with highly competitive academic profiles. UCI is also ranked No. 2 by U.S. News & World Report for social mobility, which takes into account the graduation rate of students awarded Pell Grants. Orange County’s second-largest employer, UCI generates an annual economic impact on the county of $7 billion. http://www.uci.edu/
The University of Alabama is a student-centered research university and an academic community committed to enhancing the quality of life for all through breakthrough research. Founded in 1831 as Alabama's first public college, The University of Alabama is dedicated to excellence in teaching, research and service. Our campus is a creative environment where students and scholars are equipped to become their best. Taught by leading faculty in their fields, our students make a positive impact in the community, the state and the world. UA’s history of success sets an expectation of greatness for the future. That is an expectation we will deliver. The University of Alabama is an Equal Employment/Equal Educational Opportunity Institution. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, gender expression, pregnancy, age, genetic or family medical history information, disability, protected veteran status, or any other legally protected basis, and will not be discriminated against because of their protected status. Applicants to and employees of this institution are protected under Federal law from discrimination on several bases.
Queen’s University has a long history of scholarship, discovery, and innovation that shapes our collective knowledge and helps address some of the world’s most pressing challenges. Home to more than 25,000 students, Queen’s offers a comprehensive research-intensive environment. Diverse perspectives and a wealth of experience enrich our students and faculty while a core part of our mission is to engage in international learning and research. Queen’s University is ranked in the top 10 globally in the 2022 Times Higher Education Impact Rankings. The rankings measured over 1,500 post-secondary institutions on their work to advance the United Nations’ Sustainable Development Goals (SDGs).
Ghent University is a top 100 university and one of the major universities in Belgium, founded in 1817. Our 11 faculties offer a wide range of courses and conduct in-depth research within a wide range of scientific domains. We are a pluralistic university that is open to all students, regardless of their ideological, political, cultural or social background. Our credo is ‘Dare to think’.
University of Waterloo is a leader in innovation that drives economic and social prosperity for Canada and the world. We are home to a renowned talent pipeline, game-changing research and technology, and unmatched entrepreneurial culture, that together create solutions to tackle today’s and tomorrow’s challenges. Our greatest impact happens together. A strategic integration of research and teaching excellence, the world’s largest co-operative education program, entrepreneurship-intensive programs, and creator-owned IP, has resulted in extensive industry collaboration, the generation of thousands of commercial and social enterprises, and a dynamic learning experience for more than 41,000 undergraduate and graduate students.
Latest updates, reports, and threat intel affecting the global network.
April Ellis and Natalia López-Figueroa are two of 12 Science Policy Fellows across the Gulf Coast region. Credit: National Academies of...
The Gulf Research Program (GRP) of the National Academies of Sciences, Engineering, and Medicine announced today an award of more than $2.7...
New Voices in Sciences, Engineering, and Medicine is a cohort-based leadership program that promotes collaboration among outstanding mid-career scientists,...
The Office of Congressional and Government Affairs (OCGA) is the principal liaison office between the National Academies of Sciences, Engineering,...
Increasing demand for pediatric subspecialists and declines in much of the subspecialty workforce size are turning long-standing discussions...
Mark Deutchman, MD; Meggan Grant-Nierman, DO; and Kevin Stansbury, MS, JD, FACHE, presented at the national level, rural health workshop...
To build on the learning children gain from a high-quality preschool curriculum, the preschool years need to be followed by meaningful...
A national survey of pre-K teachers serves as a valuable supplement to the NASEM report.
Register today for the 2026 Mirzayan Fellowship Info Session to learn more about the 2026 Christine Mirzayan Science and Technology Policy...
Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.22 and 4.0.0-RC1 through 4.17.15, an attacker with only a GitHub account can plant a JavaScript payload in a craftcms/cms issue title. When a Craft admin uses the CraftSupport widget’s "Give feedback" screen and types a search term that returns the poisoned issue, the payload executes in the admin’s control panel session. No control panel account or elevated privileges are required on the attacker’s side. This issue has been fixed in versions 4.17.16 and 5.9.23.
Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.21 and 4.0.0-RC1 through 4.17.14, theAssetsController::actionDeleteFolder() only requires the deleteAssets:<volume-uid> permission for the target folder. It never enforces deletePeerAssets:<volume-uid>, even though Assets::deleteFoldersByIds() cascades deletion to every descendant folder and every asset inside, regardless of the uploader's assigned privileges. A low-privilege user who has been granted folder-management rights on a shared volume can therefore destroy assets uploaded by other users (peer assets), bypassing the per-asset peer-permission check that the sibling actionDeleteAsset endpoint correctly applies. This issue has been fixed in versions 4.17.15 and 5.9.22.
Craft CMS is a content management system (CMS). Versions 5.0.0-RC1 through 5.9.20, and 4.0.0-RC1 through 4.17.13 contain an authorization issue in the AssetsController::actionReplaceFile that can delete a source asset without source delete permission by supplying both assetId and sourceAssetId. AssetsController::actionReplaceFile() supports replacing a target asset file using another existing asset as the source. The action loads: assetId -> $assetToReplace and sourceAssetId -> $sourceAsset, then enforces replace permissions using ($assetToReplace ?: $sourceAsset). When both IDs are provided, this expression resolves to the target asset so no permission check is performed against the source asset volume. When both assets are present, Craft copies the source file into the target and then deletes the source asset. There is no deletion check for for the source asset. An authenticated user who can replace files in one volume can delete assets in another volume where they do not have delete permission, as long as they can obtain a sourceAssetId, leading to broken content references and data loss. This issue has been fixed in versions 4.17.14 and 5.9.21.
Description: To issue and renew TLS certificates on behalf of customers, Cloudflare's Universal SSL feature automatically manages the CAA RRset for the customer's zone. This auto-managed RRset is permissive by design (e.g. 'issue "letsencrypt.org"' without parameters). On Universal SSL zones, Cloudflare's authoritative DNS serves this auto-managed RRset at query time, superseding any customer-configured CAA records on the zone. When a customer publishes a stricter CAA record using the RFC 8657 accounturi or validationmethods parameters, the Certificate Authority does not observe those parameters when evaluating the served RRset under RFC 8659. As a result, the RFC 8657 account-binding and validation-method-binding protections are not enforced end-to-end on Universal SSL zones. Successful exploitation could result in issuance of a browser-trusted TLS certificate to an attacker, enabling MITM against the affected domain. Exploitation is non-trivial in practice: an attacker would need to hold an ACME account at one of the Certificate Authorities in the served CAA RRset and to simultaneously satisfy domain control validation across the multiple geographically distinct Network Perspectives the CA relies on for Multi-Perspective Issuance Corroboration. Cloudflare prefixes are anycast-announced from hundreds of locations globally, raising the bar against single-vantage-point BGP hijacks. Any resulting misissuance of a browser-trusted certificate is subject to Certificate Transparency logging required by major browsers, and would be visible to CT monitoring. Mitigation: Customers requiring strict RFC 8657 enforcement need to disable Universal SSL on the affected zone. Universal SSL's automatic CAA management and customer-set RFC 8657 accounturi and validationmethods enforcement are mutually exclusive by the nature of the issue, so there is no in-product workaround that preserves both. Certificate Transparency monitoring is recommended for all customers as a general detection control. Credits: David Osipov (ORCID: https://orcid.org/0009-0005-2713-9242), independent researcher
Out of bounds read and write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.