RSS feed source: National Institute of Health
Notice of Change to PAR-24-289 Ancillary Studies to Ongoing Clinical Projects (R01 Clinical Trial Not Allowed)
The purpose of this Notice is to extend the expiration date for PAR-24-289 Ancillary Studies to Ongoing Clinical Projects (R01 Clinical Trial Not Allowed) from September 06, 2025, to December 6, 2025. The last day applications will be accepted is December 5, 2025.
Currently, reads:
Application Due Date(s)
All applications are due by 5:00 PM local time of applicant organization.
Applicants are encouraged to apply early to allow adequate time to make any corrections to errors found in the application during the submission process by the due date.
Expiration Date: September 6, 2025
Modified to read:
Application Due Date(s)
All applications are due by 5:00 PM local time of applicant organization.
Applicants are encouraged to apply early to allow adequate time to make any corrections to errors found in the application during the submission
Click this link to continue reading the article on the source website.
RSS feed source: National Institute of Health
Participating Organization(s)
National Institutes of Health (NIH)
Components of Participating Organizations
National Heart, Lung, and Blood Institute (NHLBI)
National Institute on Aging (NIA)
National Institute on Alcohol Abuse and Alcoholism (NIAAA)
National Institute of Allergy and Infectious Diseases (NIAID)
Eunice Kennedy Shriver National Institute of Child Health and Human Development (NICHD)
National Institute on Deafness and Other Communication Disorders (NIDCD)
National Institute of Dental and Craniofacial Research (NIDCR)
National Institute on Drug Abuse (NIDA)
National Institute of Mental Health (NIMH)
National Institute of Nursing Research (NINR)
National Institute on Minority Health and Health Disparities (NIMHD)
National Cancer Institute (NCI)
All applications to this funding opportunity announcement should fall within the mission of the Institutes/Centers. The following NIH Offices may co-fund applications assigned to those Institutes/Centers.
Click this link to continue reading the article on the source website.
RSS feed source: National Institute of Health
Participating Organization(s)
National Institutes of Health (NIH)
Components of Participating Organizations
National Heart, Lung, and Blood Institute (NHLBI)
National Institute on Aging (NIA)
National Institute on Alcohol Abuse and Alcoholism (NIAAA)
National Institute of Allergy and Infectious Diseases (NIAID)
Eunice Kennedy Shriver National Institute of Child Health and Human Development (NICHD)
National Institute on Deafness and Other Communication Disorders (NIDCD)
National Institute of Dental and Craniofacial Research (NIDCR)
National Institute on Drug Abuse (NIDA)
National Institute of Mental Health (NIMH)
National Institute of Nursing Research (NINR)
National Institute on Minority Health and Health Disparities (NIMHD)
National Cancer Institute (NCI)
All applications to this funding opportunity announcement should fall within the mission of the Institutes/Centers. The following NIH Offices may co-fund applications assigned to those Institutes/Centers.
Click this link to continue reading the article on the source website.
RSS feed source: National Institute of Health
Note: The CVEs in this advisory are unrelated to vulnerabilities (CVE-2025-0282 and CVE-2025-0283) in Ivanti’s Connect Secure, Policy Secure and ZTA Gateways. For more information on mitigating CVE -2025-0282 and CVE-2025-0283, see Ivanti Releases Security Updates for Connect Secure, Policy Secure, and ZTA Gateways.
Summary
The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) are releasing this joint Cybersecurity Advisory in response to exploitation in September 2024 of vulnerabilities in Ivanti Cloud Service Appliances (CSA): CVE-2024-8963, an administrative bypass vulnerability; CVE-2024-9379, a SQL injection vulnerability; and CVE-2024-8190 and CVE-2024-9380, remote code execution vulnerabilities.
According to CISA and trusted third-party incident response data, threat actors chained the listed vulnerabilities to gain initial access, conduct remote code execution (RCE), obtain credentials, and implant webshells on victim networks. The actors’ primary exploit paths were two vulnerability chains. One exploit chain leveraged CVE-2024-8963 in conjunction with CVE-2024-8190 and CVE-2024-9380 and the other exploited CVE-2024-8963 and CVE-2024-9379. In one confirmed compromise, the actors moved laterally to two servers.
All four vulnerabilities affect Ivanti CSA version 4.6x versions before 519, and two of the vulnerabilities (CVE-2024-9379 and CVE-2024-9380) affect CSA versions 5.0.1 and below; according to Ivanti, these CVEs have not been exploited in version 5.0.[1]
Ivanti CSA 4.6 is End-of-Life (EOL) and no longer receives patches or third-party libraries. CISA and FBI strongly encourage network
Click this link to continue reading the article on the source website.