Short Takes – 12-16-25 – Federal Register Edition

Information Collection: NASA Virtual Launch Guest Watch Party Registration. Federal Register NASA 30-day ICR reinstatement notice. Summary: “The Virtual Guest Program exists to leverage the excitement around launches and milestones to widely disseminate information about Earth and space phenomena through the sharing of information about research on launches, mission objectives, public engagement activities (coloring pages, social media filters) and the like. The program provides registration opportunities for individuals and watch parties so that NASA may provide them the specific information they are interested in receiving and to share a detailed slice of the NASA efforts in carrying out the other portions of the Space Act of 1958. By learning the information from the plans of Watch Party organizers, NASA can best provide appropriate resources and share information about its activities and results.” Comments due January 14^th, 2026.

Protecting the Nation's Communications Systems From Cybersecurity Threats. Federal Register FCC order on reconsideration. Summary: “In this document, the Federal Communications Commission (“Commission” or “FCC”) announces that it has reconsidered and rescinded a prior Declaratory Ruling and Notice of Proposed Rulemaking, neither of which had been published in the Federal Register. The Declaratory Ruling misconstrued the Communications Assistance for Law Enforcement Act (CALEA), and the Notice of Proposed Rulemaking was based in part on the Declaratory Ruling's flawed legal analysis and proposed ineffective cybersecurity requirements. This Order follows the FCC's engagement with providers to help strengthen their cybersecurity posture.”

EO 14365 - Ensuring a National Policy Framework for Artificial Intelligence. Federal Register.

EO 14366 - Protecting American Investors from Foreign-Owned and Politically-Motivated Proxy Advisors. Federal Register.

Short Takes – 12-15-25 – Space Geek Edition

Starfish Space and Impulse Space demonstrate autonomous spacecraft proximity operations. SpaceNews.com article. Pull quote: “What distinguished the demonstration from previous rendezvous and proximity operations, or RPO, tests was that the approaching Mira relied on only a single camera to close in on the other spacecraft. The camera fed images into a computer running Starfish’s CETACEAN and CEPHALOPOD software, which generated navigation data and maneuver commands for the LEO Express 2 vehicle.”

New Earth Mini-Moon Asteroid 2025 PN7 Discovered. Astronex.net article. Pull quote: “The asteroid 2025 PN7 belongs to the Arjuna class of near-Earth objects, known for their Earth-like orbits with low eccentricity and inclination. This classification means it maintains a stable relationship with Earth without being bound by our gravity like the Moon. Researchers have confirmed its status through detailed orbital calculations, showing it has been in this configuration for about 60 years and will continue for another roughly 60 years. This makes 2025 PN7 the newest addition to a small group of known quasi-satellites, providing valuable insights into orbital mechanics and the distribution of asteroids near Earth.”

MetaSeismic material mitigates vibration and shock in NASA Marshall testing. SpaceNews.com article. Pull quote: ““The technology is interesting because it offers a damping solution for vibrations that comes in a smaller form factor than other solutions that we may typically use,” Aaron Miller, NASA Marshall lead structural integration engineer, told SpaceNews. “It’s custom tunable for the specific vibration environment that the hardware, whether it be avionics, a battery or something else, may experience.””

Einstein was right: Time ticks faster on Mars, posing new challenges for future missions. LiveScience.com article. Pull quote: “The analysis showed that Martian clocks tick faster, when measured from Earth, than Earth-based ones by an average of 477 microseconds per Earth day. Strikingly, though, this value varies daily by 226 microseconds (about half the offset's value itself) over a Martian year. The variation stems from the egg-like shape of Mars’ orbit and changes in the gravitational tugs of its celestial neighbors as they approach and twirl away from Mars.”

Voyager 1 will reach one light-day from Earth in 2026. Here’s what that means. MSN.com article. Pull quote: ““If I send a command and say, ‘good morning, Voyager 1,’ at 8 a.m. on a Monday morning, I’m going to get Voyager 1’s response back to me on Wednesday morning at approximately 8 a.m.,” Dodd said.”

NASA Unveils a Space Station Mockup Designed for Commercial Spaceflight | NewsRadio 740 KTRH. UFOFeed.com article: pull quote: “NASA is working with Space Lab to create a first design to be used for future space stations. The plan is to kick off the commercial spaceflight program allowing private companies to open the program to customers who would like to explore space, with less government funding as private entities take over. “They’re selling research time to Nasa but they’re also hoping to go out and find business customers who want to do research in zero gravity.” He said.”

Overview Energy Emerges From Stealth. UFOFeed.com article. Pull quote: ““Our airborne milestone proved that the core transmission system works in motion—the same foundation that will operate in orbit,” Marc Berte, Overview’s founder and CEO, said in a statement. “Space solar energy will only matter when it powers real demand on Earth, and we’re designing for that scale from Day 1.””

How one controversial startup hopes to cool the planet. TechnologyReview.com article. Pull quote: “But numerous researchers focused on solar geoengineering are deeply skeptical that Stardust will line up the government customers it would need to carry out a global deployment as early as 2035, the plan described in its earlier investor materials—and aghast at the suggestion that it ever expected to move that fast. They’re also highly critical of the idea that a company would take on the high-stakes task of setting the global temperature, rather than leaving it to publicly funded research programs.”

Backlog List

• China’s Shijian spacecraft separate after pioneering geosynchronous orbit refueling tests,

• Potentially hazardous' asteroid 2024 YR4 was Earth's first real-life planetary defense test,

• It’s time to give NASA an astrophysics nervous system,

• The U.S. Senate vs. the Athena Plan — NASA on trial,

• 30 years of SOHO staring at the sun | Space photo of the day for Dec. 2, 2025, and

• A dying satellite could use its final moments to photograph the infamous asteroid Apophis in 2029.

Review – Committee Hearings – Week of 12-15-25

This week, with both the House and Senate preparing to close out this year’s session, there is a relatively light hearing schedule. In the House we have one markup hearing of potential interest, an advanced cybersecurity hearing, and a biosecurity hearing. The Senate will hold an FCC oversight hearing that may include items of interest.

Markup Hearings

On Tuesday the Subcommittee on Communications and Technology of the House Energy and Commerce Committee will hold a business meeting where seven bills will be considered.

Cybersecurity

On Wednesday two subcommittees of the House Homeland Security Committee will hold a joint hearing on “The Quantum, AI, and Cloud Landscape: Examining Opportunities, Vulnerabilities, and the Future of Cybersecurity”.

Biosecurity

On Wednesday the Subcommittee on Oversight and Investigations of the Energy and Commerce Committee will hold a hearing on “Examining Biosecurity at the Intersection of AI and Biology”.

FCC Oversight

On Wednesday the Senate Commerce, Science, and Transportation Committee will hold an oversight hearing on the Federal Communications Commission (FCC).

 

For more information on these hearings, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/committee-hearings-week-of-12-15 - subscription required.

Review – Public ICS Disclosures – Week of 12-6-25 – Part 2

For Part 2 we have nine bulk disclosures from Siemens. There are five additional vendor disclosures from Dell, Pheonix Contact, Schneider (2), and WAGO. There are 14 bulk updates from HP (6) and Siemens (8). We also have three other vendor updates from Hitachi Energy, Moxa, and Schneider. There is a researcher report on vulnerabilities in products from the Biosig Project (6). Finally, we have four exploits for products from Broadcom, Palo Alto Networks, and React Server Components (2).

Bulk Disclosures – Siemens

• Denial of service Vulnerability in Interniche IP-Stack based Industrial Devices,

• Multiple Vulnerabilities in RUGGEDCOM ROX Before V2.17,

• Multiple Vulnerabilities in SINEC Security Monitor before V4.10.0,

• Denial of Service Vulnerability in Ruggedcom ROS devices before V5.10.1,

• File Parsing Vulnerability in Simcenter Femap Before V2512,

• Multiple Vulnerabilities in SICAM T Before V3.0,

• Multiple Vulnerabilities in SIMATIC CN 4100 Before V4.0.1,

• Multiple Vulnerabilities in COMOS, and

• Multiple Vulnerabilities in Ruggedcom Rox Before V2.17.0.

Advisories

Dell Advisory - Dell published an advisory that discusses 36 vulnerabilities in their ThinOS product.

Pheonix Contact Advisory - Pheonix Contact published an advisory that describes 14 vulnerabilities in their SWITCH 2xxx Firmware.

Schneider Advisory #1 - Schneider published an advisory that discusses an exposure of sensitive information to unauthorized actor vulnerability in multiple Schneider products.

Schneider Advisory #2 - Schneider published an advisory that discusses a deserialization of untrusted data vulnerability in their EcoStruxure Foxboro DCS Advisor.

WAGO Advisory - CERT-VDE published an advisory that describes two stack-based buffer overflow vulnerabilities in the WAGO Industrial-Managed Switches.

Bulk Updates – HP

• NVIDIA GPU Display Driver October 2025 Security Update,

• NVIDIA GPU Display Driver July 2025 Security Update,

• Certain HP LaserJet Pro Printers – Potential Information Disclosure,

• AMD CPU Microcode Security Update,

• HP System Event Utility and Omen Gaming Hub – Potential Arbitrary Code Execution, and

• Intel System Security Report and System Resources Defense.

Bulk Updates – Siemens

• Deserialization Vulnerability in Siemens Engineering Platforms before V20,

• RADIUS Protocol Susceptible to Forgery Attacks (CVE-2024-3596) - Impact to SCALANCE, RUGGEDCOM and Related Products,

• Deserialization Vulnerability in Siemens Engineering Platforms,

• Buffer Overflow Vulnerability in Third-Party Component in SICAM and SITIPE Products,

• Deserialization Vulnerability in Siemens Engineering Platforms,

• Buffer Overflow Vulnerabilities in OpenSSL 3.0 Affecting Siemens Products,

• Local Arbitrary Code Execution Vulnerability in Siemens Engineering Platforms before V20, and

• DLL Hijacking Vulnerability in Siemens Web Installer used by the Online Software Delivery.

Updates

Hitachi Energy Update - Hitachi Energy published an update for their Relion 670/650 advisory that was originally published on June 24^th, 2025, and most recently updated on August 26^th, 2025.

Moxa Update - Moxa published an update for their ICMP Timestamp Request advisory that was originally published on October 21^st, 2025, and most recently updated on October 27^th, 2025.

Schneider Update - Schneider published an update for their Altivar Process Drives advisory that was originally published on September 9^th, 2025, and most recently updated on October 14^th, 2025.

Researcher Reports

Biosig Project Report - Cisco Talos published a report that describes six stack-based buffer overflow vulnerabilities in the Biosig Project libbiosig library.

Exploits

Broadcom Exploit - Indoushka published an exploit for an improper restriction of operations within the bounds of a memory buffer vulnerability in the Broadcom Wi-Fi Firmware.

Palo Alto Networks Exploit - Indoushka published an exploit for a deep-packet inspection vulnerability in the PanOS.

RSC Exploit #1 - Indoushka published a scanner for, and an exploit of, the deserialization of untrusted data vulnerability in React Server Components.

RSC Exploit #2 - Maksim Rogov, et al, published a Metasploit module for the the deserialization of untrusted data vulnerability in React Server Components.

 

For more information on these disclosures, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/public-ics-disclosures-week-of-12-0c5 - subscription required.

CISA Adds Sierra Wireless Vulnerability to KEV – 12-12-25

Yesterday CISA announced that it had added an unrestricted upload of file with dangerous type vulnerability in the Sierra Wireless AirLink ALEOS product to their Known Exploited Vulnerabilities (KEV) catalog. The vulnerability was reported by Cisco Talos on April 15^th, 2019; the report included proof-of-concept code. Sierra Wireless published their advisory on the vulnerability (along with 12 others) on April 30^th, 2019. CISA published their advisory on the vulnerability (along with six others) on August 20^th, 2019, and most recently updated it on April 23, 2020.

CISA has required that Federal agencies that use the affected products to apply “mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.” Those required actions are to be completed January 2^nd, 2026.

Review – CSB Updates Accidental Release Reporting Data – 12-1-25

On Thursday the CSB updated their published list of reported chemical release incidents. They added 58 new incidents that occurred since the previous version was published in July. These are not incidents that the CSB is investigating, these are incidents that were reported to the CSB under their Accidental Release Reporting rules (40 CFR 1604) through November 30^th, 2025.

The table below shows the top five states based upon the number of reported incidents since the July update was published.

 

For more information on the data, including a listing of chemical incidents reported in the news that should have been reported to CSB, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/csb-updates-accidental-release-reporting-313 - subscription required.

Chemical Transportation Incidents – Week of 11-8-25

Reporting Background

See this post for explanation, with the most recent update here (removed from paywall).

Data from PHMSA’s online database of transportation related chemical incidents that have been reported to the agency.

NOTE: PHMSA’s database is not currently allowing online downloads. I was able to request a copy of the week’s data directly from PHMSA. That is the reason for this late posting.

Incidents Summary

• Number of incidents – 486 (453 highway, 31 air, 2 rail, 0 water)

• Serious incidents – 4 (3 Bulk release, 0 evacuation, 1 injury, 0 death, 0 major artery closed, 2 fire/explosion, 30 no release)

• Largest container involved – 33,900-gal DOT 117J100W Railcar {Petroleum Gases, Liquefied or Liquefied Petroleum Gas} Vapor valve cracked open, plug not tool tight.

• Largest amount spilled – 250-gal Plastic IBC {Caustic Alkali Liquids, N.O.S.} Forklift strike.

• Total amount reported spilled in all incidents – 2174.4-gal

NOTE: Links to Form 5800.1 for the described incidents are not currently available online.

Most Interesting Chemical: Hydrofluoric Acid And Sulfuric Acid Mixtures: A clear colorless liquid with a pungent odor. Corrosive to metals and tissue. Exposure to the fumes or brief contact can cause severe burns as mixture penetrates to cause deep-seated ulceration that is sometimes complicated by gangrene. (Source: CameoChemicals.NOAA.gov).