The European Commission is making available €145.5 million to empower small and medium-sized enterprises and public administrations in deploying cybersecurity solutions and adopting the results of cybersecurity research.
A doctor holding a tablet, with icons hovering above it, representing cybersecurity in the heathcare sector.
AdobeStock © C Malambo_peopleimages.com
For this purpose, the European Cybersecurity Competence has launched two calls for proposals.
The first call is part of the Digital Europe Programme, with a budget of €55 million. €30 million of this amount will enhance the cybersecurity of hospitals and healthcare providers, helping them detect, monitor, and respond to cyber threats, particularly ransomware. This will boost the resilience of the European healthcare system, especially in the current geopolitical context, aligning with the EU action plan on cybersecurity in hospitals and healthcare.
The second call, under Horizon Europe Programme, has a budget of around €90.5 million. It will support the use and development of generative AI for cybersecurity applications, new advanced tools and processes for operational cybersecurity, and privacy-enhancing technologies as well as post-quantum cryptography.
The deadline for applications to the first call is 7 October, and for the second, it is 12 November. Both calls for proposals are managed by the European Cybersecurity Competence. The eligibility criteria and all relevant call documents are available on the Funding and Tenders portal.
Related topics
Cybersecurity Artificial intelligence Digital Europe Programme Funding for Digital Horizon Europe
Industrial solutions providers Siemens, Schneider Electric and Aveva have released June 2025 Patch Tuesday ICS security advisories.
While most of the vulnerabilities described in the advisories have been patched, only mitigations and workarounds are currently available for some of the flaws.
Siemens published six new advisories this Patch Tuesday. The most important describes CVE-2025-40585, a critical default credentials issue impacting Siemens Energy Services solutions that use the Elspec G5 Digital Fault Recorder (G5DFR).
According to Siemens, this component has default credentials with admin privileges and “a client configuration with remote access could allow an attacker to gain remote control of the G5DFR component and tamper outputs from the device”. Users can mitigate this issue by changing the default credentials from the G5DFR interface.
Critical issues are also described in an advisory for Simatic S7-1500 CPUs. Siemens is working on updates for the product to address dozens of vulnerabilities affecting the GNU/Linux subsystem.
Two advisories cover medium-severity issues in industrial communication devices that use the Sinec OS. The flaws allow an attacker to “perform actions that exceed the permissions of the ‘guest’ role”.
The industrial giant has also informed customers about a Tecnomatix Plant Simulation vulnerability that can lead to arbitrary code execution by tricking a user to open malicious files. The issue was reported by researcher Michael Heinzl, who is often credited by vendors for reporting vulnerabilities whose exploitation involves opening specially crafted files.
Siemens also informed customers about an XSS vulnerability in the Palo Alto Networks virtual firewall present in some Ruggedcom devices. Patches are being prepared by Siemens.
Schneider Electric has published three new advisories this Patch Tuesday. One of them describes XSS and DoS vulnerabilities affecting some Modicon controllers.
Four vulnerabilities have been patched in the EVLink WallBox electric vehicle charging station, including ones that can be exploited for reading or writing arbitrary files, launching XSS attacks, and taking remote control over the charging station.
Schneider has also informed customers about vulnerabilities in the third-party real-time operating system powering Insight Home and Insight Facility products. The products have reached end of life and cannot be updated, but users can implement mitigations to reduce the risk of exploitation.
Aveva has published three new advisories. One of them describes two high-severity DoS vulnerabilities in the PI Data Archive product. The other two advisories cover medium-severity XSS flaws in PI Connector for CygNet and PI Web API.
CISA also published three new advisories on Tuesday. One of them describes high-severity SinoTrack GPS receiver vulnerabilities that can allow an attacker to track vehicles and disconnect power to the fuel pump.
The other advisories describe the impact of a 2022 OpenSSL vulnerability on Hitachi Energy Relion products, and a remote code execution flaw discovered by Heinzl in MicroDicom DICOM Viewer.
ABB published advisories a few days before Patch Tuesday. The company informed customers about a critical EIBPORT vulnerability that leads to information disclosure, as well as flaws in third-party components used by its Welcome IP-Gateway product.
Also on Tuesday, Kaspersky published its ICS threat landscape report for Q1 2025, which shows that the security firm’s products blocked threats on nearly 22% of protected ICS devices.
The report looks at threat sources, regional trends, and the prevalence of various types of malware.
