Data Privacy & Cybersecurity

AI Chatbots Provide Biased Voting Advice, Ignoring Local Parties

The Dutch Data Protection Authority (AP) released a study showing AI chatbots rarely recommend local political parties when providing voting advice. The AP warns that this bias makes chatbots unreliable voting aids and calls on providers to implement measures to prevent their systems from being used for voting advice, especially in light of the EU AI Act.

HPE Patches Critical Aruba Networking AOS-CX Vulnerabilities

Hewlett Packard Enterprise (HPE) has released patches for critical vulnerabilities in its Aruba Networking AOS-CX operating system. The most severe flaw (CVE-2026-23813) allows unauthenticated remote attackers to reset administrator passwords. Users are urged to update immediately.

Microsoft Security Patches for Critical Vulnerabilities

The Cyber Security Agency of Singapore (CSA) has issued an alert regarding Microsoft's release of security patches for critical vulnerabilities in its software. These patches address multiple security flaws, some with a base score of 9.8, requiring immediate attention from users and organizations.

Fortinet Vulnerabilities Require Immediate Updates

The Cyber Security Agency of Singapore (CSA) has issued an alert regarding high-severity vulnerabilities in multiple Fortinet enterprise products. Users are strongly advised to update affected systems immediately to mitigate risks of unauthorized code execution, authentication bypass, and privilege escalation.

Critical Cisco Secure Firewall Management Center Vulnerabilities Addressed

Cisco has released security updates for critical vulnerabilities (CVSS 10.0) in its Secure Firewall Management Center software. Users of affected on-premises versions are advised to update immediately to prevent root access and arbitrary code execution.

Ransomware Incident Data Breach and Security Lapses

Singapore's Personal Data Protection Commission issued a decision regarding a ransomware incident affecting 39,000 individuals' data due to security lapses. Three separate undertakings were also accepted for similar incidents. The Commission directed the organization to strengthen its security posture and highlighted key takeaways for all organizations to prevent future breaches.

Data Breach Decision Highlights Security Lapses

The Singapore Personal Data Protection Commission (PDPC) issued a decision regarding a data breach affecting 665,000 individuals due to system misconfiguration. The case highlights lapses in security practices and emphasizes the need for robust technical and governance measures.

PDPC Steps Up NRIC Misuse Enforcement and Issues New Advisory

The Singapore Personal Data Protection Commission (PDPC) is stepping up enforcement against private organizations misusing NRIC numbers for authentication starting January 1, 2027. New advisories are also being issued to guide organizations on data protection lapses and recommend more secure authentication methods.

PDPC Publishes Four Undertakings on Ransomware and Unauthorized Access

Singapore's Personal Data Protection Commission (PDPC) has published four undertakings from organizations that experienced ransomware attacks and unauthorized access. These undertakings detail remediation measures to strengthen cybersecurity defenses and data protection practices.

Data Protection Breaches Result in Financial Penalties

Singapore's Personal Data Protection Commission issued financial penalties to four organizations for data protection breaches affecting over 1 million individuals. These breaches stemmed from inadequate security measures, including poor patch management and lack of data protection policies. An additional organization committed to an undertaking following a ransomware attack.