NFG A.I CyberSecurity Scoring
09/06/2026
Access Monitoring Plan
Access Monitoring Plan
No incidents recorded for NASEM Fellowships & Grants in 2026.
No incidents recorded for NASEM Fellowships & Grants in 2026.
No incidents recorded for NASEM Fellowships & Grants in 2026.
Higher Education
Founded in 1827, the University of Toronto is Canada’s top university with a long history of challenging the impossible and transforming society through the ingenuity and resolve of our faculty, students, alumni, and supporters. We are proud to be one of the world’s top research-intensive universities, bringing together top minds from every conceivable background and discipline to collaborate on the world’s most pressing challenges. As a catalyst for discovery, innovation, and progress, we prepare our students for success through an outstanding global education and commitment to inclusive excellence. The ideas, innovations, and actions of more than 660,000 graduates advance U of T’s impact on communities across the globe.
We are America’s first research university, founded in 1876 on the principle that by pursuing big ideas and sharing what we learn, we can make the world a better place. For more than 140 years, our faculty and students have worked side by side in pursuit of discoveries that improve lives. Johns Hopkins enrolls more than 24,000 full- and part-time students throughout nine academic divisions. Our faculty and students study, teach, and learn across more than 260 programs in the arts and music, the humanities, the social and natural sciences, engineering, international studies, education, business, and the health professions.The university has four campuses in Baltimore; one in Washington, D.C.; one in Montgomery County, Maryland; and facilities throughout the Baltimore-Washington region as well as in China and Italy. The university takes its name from 19th-century Maryland philanthropist Johns Hopkins, an entrepreneur who believed in improving public health and education in Baltimore and beyond.
Founded in 1927, the University of Houston is the leading public research university in the vibrant international city of Houston. Each year, we educate more than 47,000 students in more than 250 undergraduate and graduate academic programs, on campus and online. UH awards over 10,000 degrees annually, with more than 332,000 alumni.
UC San Francisco is driven by the idea that when the best research, the best education and the best patient care converge, great breakthroughs are achieved. We pursue this integrated excellence with singular focus, fueled by collaboration among our top-ranked professional and graduate schools, medical center, research programs and support teams.
As the first university to be established in Australasia, the University of Sydney consistently ranks as one of Australia’s top universities. We aim to create and sustain a university that will, for the benefit of both Australia and the wider world, maximise the potential of the brightest researchers and most promising students, whatever their social or cultural background. Web: sydney.edu.au Explore Sydney through the eyes of a student in 360° on our Virtual Tour: sydney.edu.au/tour Twitter: twitter.com/Sydney_Uni Facebook: facebook.com/sydneyuni Instagram: @sydney_uni YouTube: youtube.com/uniofsydney CRICOS: 00026A TEQSA: PRV12057
Texas A&M University has a proud history that stretches back to 1876 when The Agricultural and Mechanical College of Texas became the first public institution of higher learning in the state of Texas. Nestled in the heart of the Houston-Dallas-Austin triangle, Texas A&M University at College Station is the state's largest university, with nearly 77,000 students calling Aggieland home, and another 5,200 Aggies are studying at branch campuses in Galveston, Texas, and Doha, Qatar. Texas A&M's designation as a land-, sea-, and space-grant institution reflects the superior quality and diverse range of research and innovation occurring on campus daily. Texas A&M boasts a strong military tradition, having contributed men and women in uniform to every armed conflict since the Spanish-American War. More Aggies commission as officers into the U.S. Armed Forces than any other school outside of the U.S. military academies every year. Student-athletes represent Texas A&M across 18 sports within the Southeastern Conference. Additionally, the George H.W. Bush Presidential Library and Museum is located on Texas A&M's campus, as is the President and First Lady’s final resting places. Quick to offer a cheery "Howdy!" to any visitor, Aggies pride themselves on their hospitality and strive to live out the University's core values of respect, excellence, leadership, loyalty, integrity, and selfless service. To learn more about employment opportunities at Texas A&M, visit https://jobs.tamu.edu/.
Waipapa Taumata Rau | University of Auckland is New Zealand’s largest and leading university. We celebrate our location in the beautiful harbour city of Auckland | Tamaki Makaurau, our unique position in Aotearoa New Zealand and our place within the Pacific. Our te reo Māori name was gifted by Ngāti Whātua Ōrākei, the Indigenous peoples of the Auckland area, and symbolises that this is a place where diverse world views are shared and lifelong journeys of inquiry, learning and service begin. Since its founding in 1883, the University of Auckland has grown to become New Zealand's flagship, research-led university, known for the excellence of its teaching, its research, and its service to local, national and international communities.
The University of Utah, located in Salt Lake City in the foothills of the Wasatch Mountains, is the flagship institution of higher learning in Utah. Founded in 1850, it serves over 31,000 students from across the U.S. and the world. With over 72 major subjects at the undergraduate level and more than 90 major fields of study at the graduate level, including law and medicine, the university prepares students to live and compete in the global workplace. Known for its proximity to seven world-class ski resorts within 40 minutes of campus, the U encourages an active, holistic lifestyle, innovation and collaborative thinking to engage students, faculty and business leaders. The University of Utah became a member of the PAC-12 conference in July 2011. Technology and Commercialization The University of Utah is tops in the country for creating start-up companies from university research, according to a ranking by the Association of University Technology Managers (AUTM). See http://unews.utah.edu/news_releases/u-of-utah-no-1-for-startups for more information. Forbes magazine’s recent ranking of the “Best States for Business” pointed to “an educated labor force” as a big reason Utah came in at number one. The U supplies many of the employees for companies that keep expanding their operations in Utah, such as Goldman Sachs, Adobe, Omniture, Oracle, Ebay and many others. http://pac12info.utah.edu/commercialization-of-innovation/ Healthcare University of Utah Health Care recently ranked first in the nation in a prestigious national study. The University Health System Consortium’s 2010 Quality and Accountability Study compared 98 of the nation’s top academic medical centers and ranked them based on core quality measures, patient safety indicators, mortality rates, re-admission rates, and patient satisfaction scores. See more about University of Utah Health Care at http://healthcare.utah.edu/index.php
The mission of the University of Michigan is to serve the people of Michigan and the world through preeminence in creating, communicating, preserving, and applying knowledge, art, and academic values, and in developing leaders and citizens who will challenge the present and enrich the future. Why Work at Michigan? Being part of something greater, of serving a larger mission of discovery and care — that's the heart of what drives people to work at Michigan. In some way, great or small, every person here helps to advance this world-class institution. It's adding a purpose to your profession. Work at Michigan and become a victor for the greater good.
Latest updates, reports, and threat intel affecting the global network.
April Ellis and Natalia López-Figueroa are two of 12 Science Policy Fellows across the Gulf Coast region. Credit: National Academies of...
The Gulf Research Program (GRP) of the National Academies of Sciences, Engineering, and Medicine announced today an award of more than $2.7...
New Voices in Sciences, Engineering, and Medicine is a cohort-based leadership program that promotes collaboration among outstanding mid-career scientists,...
The Office of Congressional and Government Affairs (OCGA) is the principal liaison office between the National Academies of Sciences, Engineering,...
Increasing demand for pediatric subspecialists and declines in much of the subspecialty workforce size are turning long-standing discussions...
Mark Deutchman, MD; Meggan Grant-Nierman, DO; and Kevin Stansbury, MS, JD, FACHE, presented at the national level, rural health workshop...
To build on the learning children gain from a high-quality preschool curriculum, the preschool years need to be followed by meaningful...
A national survey of pre-K teachers serves as a valuable supplement to the NASEM report.
Register today for the 2026 Mirzayan Fellowship Info Session to learn more about the 2026 Christine Mirzayan Science and Technology Policy...
Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.22 and 4.0.0-RC1 through 4.17.15, an attacker with only a GitHub account can plant a JavaScript payload in a craftcms/cms issue title. When a Craft admin uses the CraftSupport widget’s "Give feedback" screen and types a search term that returns the poisoned issue, the payload executes in the admin’s control panel session. No control panel account or elevated privileges are required on the attacker’s side. This issue has been fixed in versions 4.17.16 and 5.9.23.
Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.21 and 4.0.0-RC1 through 4.17.14, theAssetsController::actionDeleteFolder() only requires the deleteAssets:<volume-uid> permission for the target folder. It never enforces deletePeerAssets:<volume-uid>, even though Assets::deleteFoldersByIds() cascades deletion to every descendant folder and every asset inside, regardless of the uploader's assigned privileges. A low-privilege user who has been granted folder-management rights on a shared volume can therefore destroy assets uploaded by other users (peer assets), bypassing the per-asset peer-permission check that the sibling actionDeleteAsset endpoint correctly applies. This issue has been fixed in versions 4.17.15 and 5.9.22.
Craft CMS is a content management system (CMS). Versions 5.0.0-RC1 through 5.9.20, and 4.0.0-RC1 through 4.17.13 contain an authorization issue in the AssetsController::actionReplaceFile that can delete a source asset without source delete permission by supplying both assetId and sourceAssetId. AssetsController::actionReplaceFile() supports replacing a target asset file using another existing asset as the source. The action loads: assetId -> $assetToReplace and sourceAssetId -> $sourceAsset, then enforces replace permissions using ($assetToReplace ?: $sourceAsset). When both IDs are provided, this expression resolves to the target asset so no permission check is performed against the source asset volume. When both assets are present, Craft copies the source file into the target and then deletes the source asset. There is no deletion check for for the source asset. An authenticated user who can replace files in one volume can delete assets in another volume where they do not have delete permission, as long as they can obtain a sourceAssetId, leading to broken content references and data loss. This issue has been fixed in versions 4.17.14 and 5.9.21.
Description: To issue and renew TLS certificates on behalf of customers, Cloudflare's Universal SSL feature automatically manages the CAA RRset for the customer's zone. This auto-managed RRset is permissive by design (e.g. 'issue "letsencrypt.org"' without parameters). On Universal SSL zones, Cloudflare's authoritative DNS serves this auto-managed RRset at query time, superseding any customer-configured CAA records on the zone. When a customer publishes a stricter CAA record using the RFC 8657 accounturi or validationmethods parameters, the Certificate Authority does not observe those parameters when evaluating the served RRset under RFC 8659. As a result, the RFC 8657 account-binding and validation-method-binding protections are not enforced end-to-end on Universal SSL zones. Successful exploitation could result in issuance of a browser-trusted TLS certificate to an attacker, enabling MITM against the affected domain. Exploitation is non-trivial in practice: an attacker would need to hold an ACME account at one of the Certificate Authorities in the served CAA RRset and to simultaneously satisfy domain control validation across the multiple geographically distinct Network Perspectives the CA relies on for Multi-Perspective Issuance Corroboration. Cloudflare prefixes are anycast-announced from hundreds of locations globally, raising the bar against single-vantage-point BGP hijacks. Any resulting misissuance of a browser-trusted certificate is subject to Certificate Transparency logging required by major browsers, and would be visible to CT monitoring. Mitigation: Customers requiring strict RFC 8657 enforcement need to disable Universal SSL on the affected zone. Universal SSL's automatic CAA management and customer-set RFC 8657 accounturi and validationmethods enforcement are mutually exclusive by the nature of the issue, so there is no in-product workaround that preserves both. Certificate Transparency monitoring is recommended for all customers as a general detection control. Credits: David Osipov (ORCID: https://orcid.org/0009-0005-2713-9242), independent researcher
Out of bounds read and write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.