Daily MedTech
cybersecurity feed
Live: every CISA KEV add, FDA letter, ICS-MA advisory, and 524B move for MedTech manufacturers.
Get the Monday summary
One short email covering the previous week's notable items. No fluff.
Activity Pulse
28 items published in the last 30 days
Threat Velocity
Last 7d vs trailing 28d
Items today
No change vs yesterday
0
Critical today
No change vs same day last wk
0
Vs last week
same weekday
0%
Live ticker
-
OFFIS DCMTK Toolkit
CISA ICS Medical Advisories · 11d
-
FDA Recall: IPG Medical Corporation, Powered Laser Surgical Instrument
openFDA Device Recalls · 13d
-
pydicom pynetdicom Library
CISA ICS Medical Advisories · 13d
-
OHIF Viewers DICOM
CISA ICS Medical Advisories · 13d
-
CISA KEV: Microsoft Windows CVE-2008-0015 - Windows Video ActiveX Control Remote Code Execution Vulnerability
CISA Known Exploited Vulnerabilities · 20d
-
CISA KEV: Apache ActiveMQ CVE-2026-34197 - ActiveMQ Improper Input Validation Vulnerability
CISA Known Exploited Vulnerabilities · 20d
Today - Saturday, July 11, 2026 (UTC)
LiveNo items yet today.
The Blue Goat Cyber Research team curates the feed throughout the day. Check back later, or browse other periods.
About the Goat Feed
A MedTech-only cybersecurity feed, curated by Blue Goat Cyber
The Goat Feed is the daily intake we read ourselves. Every item is scoped to medical-device manufacturers and the regulators that oversee them - no enterprise IT noise, no consumer-tech CVEs, no generic breach roundups. Items are ingested from primary regulatory and vulnerability sources, classified by category and severity, and (for notable and critical items) annotated with a short Blue Goat Cyber Research take explaining what the item means for a MedTech program.
We publish corrections in-line, log source URLs for every item, and keep an Archive.org snapshot where the primary source allows it. The full classification rubric, source list, and editorial policy are documented on the Methodology page.
Scope
Medical-device cyber only. KEV, FDA, MAUDE, ICS-MA, EU regulators, 524B, breaches.
Cadence
Ingested multiple times per hour. Monday email summarizes the prior week.
Sources
CISA, FDA, openFDA, NVD, MHRA, AAMI, IMDRF, plus PubMed research.
Editorial
Blue Goat Cyber Research team. Corrections logged on each item.
Frequently asked questions
- What is the Goat Feed?
- The Goat Feed is a daily, MedTech-only cybersecurity feed maintained by Blue Goat Cyber. It curates every CISA KEV addition, FDA letter or recall, ICS-MA advisory, MAUDE adverse event with a cyber signal, EU regulator alert, and FDA Section 524B move that is relevant to medical-device manufacturers - and ignores everything else.
- How often is the feed updated?
- The feed pulls from upstream sources several times an hour. New items appear on /goatfeed as soon as they are ingested, classified, and reviewed. A short Monday email summarizes the previous week's notable and critical items.
- How are sources chosen?
-
Sources are chosen against four explicit rules. Items that do not clear all four are not ingested into the feed.
- Primary-source only. We ingest directly from CISA (KEV, ICS-MA), the FDA (Medical Devices RSS, Safety Communications), openFDA (recalls, 510(k), MAUDE), NVD, MHRA, ENISA, BSI, AAMI, IMDRF, and named vendor PSIRTs. No aggregator blogs, news rewrites, LinkedIn posts, or social media.
- MedTech relevance. Rule of thumb: would a medical-device manufacturer's regulatory, quality, or product-security team need to act on this before their next FDA submission, MDR technical-file update, or postmarket review? If yes, it's in. The item must affect a regulated medical device, a device manufacturer, a 510(k)/PMA/De Novo holder, an MDR/IVDR economic operator, or the cybersecurity processes that govern them - FDA Section 524B, the Feb 3, 2026 premarket cybersecurity guidance, MDCG cybersecurity guidance, or IMDRF principles.
- Concrete cyber signal. The item must name a specific technical or regulatory cyber artifact - for example, a CVE in an infusion-pump Wi-Fi stack, an FDA recall whose root cause is "unauthenticated firmware update", or a 524B refuse-to-accept letter citing a missing SBOM. Vague phrases like "cybersecurity concerns" without a named component, CVE, or regulator action do not qualify.
- Exclusion rules. We drop enterprise-IT CVEs with no MedTech vendor, consumer-tech advisories, generic ransomware roundups, drug-only recalls and sub-recalls, sterility / labeling / packaging recalls with no cyber cause, hospital-IT breaches that do not involve a device manufacturer, and duplicate cross-postings of the same primary item.
Borderline items are held for human review before publication; rejected items are logged with a reason. The full rubric lives on the Methodology page.
- What does the 'Blue Goat take' on each item mean?
- The Blue Goat take is a one-paragraph note from Blue Goat Cyber Research explaining what the item means for a medical-device manufacturer - typically the affected device class, the regulatory or technical implication, and what teams should look at next. It is editorial commentary, not regulatory guidance.
- How are severity labels (critical, notable, info) assigned?
- Critical = KEV-listed exploitation, Class I recalls, confirmed breaches, or active 524B enforcement signals. Notable = Class II recalls, ICS-MA advisories with patches available, and new guidance with material compliance impact. Info = background context, Class III recalls, and software-quality items without a confirmed cyber signal.
- Is the Goat Feed free?
- Yes. Reading the feed on bluegoatcyber.com/goatfeed is free and requires no account.
- How do I get notified of new items?
- Subscribe to the Monday email - a short summary of the previous week's notable and critical items, delivered once a week with no fluff. Personal watchlists, public RSS, JSON Feed, and an embed widget are on the roadmap and will be added later.
- How are corrections handled?
- When an item is updated after publication - for example, a vendor confirmation, a CVSS revision, or a clarification from the FDA - a Corrected badge appears on the item and the change is logged on the detail page. The article's dateModified reflects the latest correction.
Have a question we didn't answer? Contact the team or read the full Methodology.