What is the Goat Feed?

The Goat Feed is a daily, MedTech-only cybersecurity feed maintained by Blue Goat Cyber. It curates every CISA KEV addition, FDA letter or recall, ICS-MA advisory, MAUDE adverse event with a cyber signal, EU regulator alert, and FDA Section 524B move that is relevant to medical-device manufacturers - and ignores everything else.

How often is the feed updated?

The feed pulls from upstream sources several times an hour. New items appear on /goatfeed as soon as they are ingested, classified, and reviewed. A short Monday email summarizes the previous week's notable and critical items.

How are sources chosen?

Sources are chosen against four explicit rules. (1) Primary-source only: we ingest directly from CISA, the FDA, openFDA, NVD, MHRA, ENISA, BSI, AAMI, IMDRF, and named vendor PSIRTs - never from aggregator blogs, news rewrites, or social media. (2) MedTech relevance - rule of thumb: would a medical-device manufacturer's regulatory, quality, or product-security team need to act on this before their next FDA submission, MDR technical-file update, or postmarket review? If yes, it's in. The item must affect a regulated medical device, a device manufacturer, a 510(k)/PMA/De Novo holder, an MDR/IVDR economic operator, or the cybersecurity processes that govern them (FDA Section 524B, the Feb 3, 2026 premarket cybersecurity guidance, MDCG cybersecurity guidance, IMDRF principles). (3) Concrete cyber signal: the item must name a specific technical or regulatory cyber artifact - for example, a CVE in an infusion-pump Wi-Fi stack, an FDA recall whose root cause is 'unauthenticated firmware update,' or a 524B refuse-to-accept letter citing missing SBOM. Vague phrases like 'cybersecurity concerns' without a named component, CVE, or regulatory action do not qualify. (4) Exclusion rules: we drop enterprise IT CVEs with no MedTech vendor, consumer-tech advisories, generic ransomware roundups, drug-only recalls and sub-recalls, sterility/labeling/packaging recalls without a cyber cause, hospital IT breaches that do not involve a device manufacturer, and duplicate cross-postings of the same primary item. Borderline items are held for human review before publication; rejected items are logged with a reason.

What does the 'Blue Goat take' on each item mean?

The Blue Goat take is a one-paragraph note from Blue Goat Cyber Research explaining what the item means for a medical-device manufacturer - typically the affected device class, the regulatory or technical implication, and what teams should look at next. It is editorial commentary, not regulatory guidance.

How are severity labels (critical, notable, info) assigned?

Critical = KEV-listed exploitation, Class I recalls, confirmed breaches, or active 524B enforcement signals. Notable = Class II recalls, ICS-MA advisories with patches available, and new guidance with material compliance impact. Info = background context, Class III recalls, and software-quality items without a confirmed cyber signal.

Is the Goat Feed free?

Yes. Reading the feed on bluegoatcyber.com/goatfeed is free and requires no account.

How do I get notified of new items?

Subscribe to the Monday email - a short summary of the previous week's notable and critical items, delivered once a week with no fluff. Personal watchlists, public RSS, JSON Feed, and an embed widget are on the roadmap and will be added later.

How are corrections handled?

When an item is updated after publication - for example, a vendor confirmation, a CVSS revision, or a clarification from the FDA - a Corrected badge appears on the item and the change is logged on the detail page. The article's dateModified reflects the latest correction.

Goat Feed

Daily MedTech
cybersecurity feed

Live: every CISA KEV add, FDA letter, ICS-MA advisory, and 524B move for MedTech manufacturers.

Coverage:CISA KEV · CISA ICS-MA · FDA Medical Devices · openFDA Recalls · openFDA 510(k) · openFDA MAUDE · MHRA · NVD (MedTech) · AAMI · IMDRFSee full methodology →

Get the Monday summary

One short email covering the previous week's notable items. No fluff.

Activity Pulse

8 items published in the last 30 days

Window

Days since last critical

13days

Quiet streak - last critical 13d ago

Critical

Notable

Informational

Synced just now

Goat Feed

2026-06-22

Pulse

Threat Velocity

Last 7d vs trailing 28d

-40%

1critical + notable
baseline 1.7

Items today

- vs yesterday

Critical today

- vs same day last wk

Vs last week

same weekday

-100%

Open full dashboard

Live ticker

Today - Monday, June 22, 2026

Live

No items yet today.

Christian curates the feed throughout the day. Check back later, or browse other periods.

← 2026-06-21

End of day

Recent · previous 7 days

notableGuidance16:14 UTC

Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT

Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive health-related information and prevent legitimate users from establishing a connection with the device.

SourceCISA ICS Medical Advisories

#icsma #advisory

Read full alert

infoSoftware Quality12:00 UTC

FDA Recall: Medtronic Navigation, Inc.-Boxborough, Interventional Fluoroscopic X-Ray System

Potential for image artifacts caused by an anomaly in the O-arm O2 Imaging System s detector panel firmware.

About the Goat Feed

A MedTech-only cybersecurity feed, curated by Blue Goat Cyber

The Goat Feed is the daily intake we read ourselves. Every item is scoped to medical-device manufacturers and the regulators that oversee them - no enterprise IT noise, no consumer-tech CVEs, no generic breach roundups. Items are ingested from primary regulatory and vulnerability sources, classified by category and severity, and (for notable and critical items) annotated with a short Blue Goat Cyber Research take explaining what the item means for a MedTech program.

We publish corrections in-line, log source URLs for every item, and keep an Archive.org snapshot where the primary source allows it. The full classification rubric, source list, and editorial policy are documented on the Methodology page.

Scope

Medical-device cyber only. KEV, FDA, MAUDE, ICS-MA, EU regulators, 524B, breaches.

Cadence

Ingested multiple times per hour. Monday email summarizes the prior week.

Sources

CISA, FDA, openFDA, NVD, MHRA, AAMI, IMDRF, plus PubMed research.

Editorial

Christian Espinosa and the Blue Goat Cyber Research team. Corrections logged on each item.

Frequently asked questions

What is the Goat Feed?: The Goat Feed is a daily, MedTech-only cybersecurity feed maintained by Blue Goat Cyber. It curates every CISA KEV addition, FDA letter or recall, ICS-MA advisory, MAUDE adverse event with a cyber signal, EU regulator alert, and FDA Section 524B move that is relevant to medical-device manufacturers - and ignores everything else.
How often is the feed updated?: The feed pulls from upstream sources several times an hour. New items appear on /goatfeed as soon as they are ingested, classified, and reviewed. A short Monday email summarizes the previous week's notable and critical items.
How are sources chosen?: Sources are chosen against four explicit rules. Items that do not clear all four are not ingested into the feed.

Primary-source only. We ingest directly from CISA (KEV, ICS-MA), the FDA (Medical Devices RSS, Safety Communications), openFDA (recalls, 510(k), MAUDE), NVD, MHRA, ENISA, BSI, AAMI, IMDRF, and named vendor PSIRTs. No aggregator blogs, news rewrites, LinkedIn posts, or social media.

MedTech relevance. Rule of thumb: would a medical-device manufacturer's regulatory, quality, or product-security team need to act on this before their next FDA submission, MDR technical-file update, or postmarket review? If yes, it's in. The item must affect a regulated medical device, a device manufacturer, a 510(k)/PMA/De Novo holder, an MDR/IVDR economic operator, or the cybersecurity processes that govern them - FDA Section 524B, the Feb 3, 2026 premarket cybersecurity guidance, MDCG cybersecurity guidance, or IMDRF principles.

Concrete cyber signal. The item must name a specific technical or regulatory cyber artifact - for example, a CVE in an infusion-pump Wi-Fi stack, an FDA recall whose root cause is "unauthenticated firmware update", or a 524B refuse-to-accept letter citing a missing SBOM. Vague phrases like "cybersecurity concerns" without a named component, CVE, or regulator action do not qualify.

Exclusion rules. We drop enterprise-IT CVEs with no MedTech vendor, consumer-tech advisories, generic ransomware roundups, drug-only recalls and sub-recalls, sterility / labeling / packaging recalls with no cyber cause, hospital-IT breaches that do not involve a device manufacturer, and duplicate cross-postings of the same primary item.

Borderline items are held for human review before publication; rejected items are logged with a reason. The full rubric lives on the Methodology page.
What does the 'Blue Goat take' on each item mean?: The Blue Goat take is a one-paragraph note from Blue Goat Cyber Research explaining what the item means for a medical-device manufacturer - typically the affected device class, the regulatory or technical implication, and what teams should look at next. It is editorial commentary, not regulatory guidance.
How are severity labels (critical, notable, info) assigned?: Critical = KEV-listed exploitation, Class I recalls, confirmed breaches, or active 524B enforcement signals. Notable = Class II recalls, ICS-MA advisories with patches available, and new guidance with material compliance impact. Info = background context, Class III recalls, and software-quality items without a confirmed cyber signal.
Is the Goat Feed free?: Yes. Reading the feed on bluegoatcyber.com/goatfeed is free and requires no account.
How do I get notified of new items?: Subscribe to the Monday email - a short summary of the previous week's notable and critical items, delivered once a week with no fluff. Personal watchlists, public RSS, JSON Feed, and an embed widget are on the roadmap and will be added later.
How are corrections handled?: When an item is updated after publication - for example, a vendor confirmation, a CVSS revision, or a clarification from the FDA - a Corrected badge appears on the item and the change is logged on the detail page. The article's dateModified reflects the latest correction.

Have a question we didn't answer? Contact the team or read the full Methodology.