The health platform covering 80+ countries' national disease surveillance has a basic, fixable security gap nobody's fixed
DHIS2 is the system behind malaria, TB, and immunization reporting across most of the developing world's national health ministries. It turns out the application ships with a default admin password, derived from the platform's name, and never forces anyone to change it, not at setup, not ever.
This was flagged to the team behind it in March, followed up on twice, no real response in 90 days. The fix is a single line of code, force a password change on first login, it just doesn't exist yet. Full piece here if you want the detail: https://scrutora.com/blog/dhis2-default-credentials
(I'm affiliated with the company that did this analysis, sharing because the underlying issue matters regardless of who found it.)