Data Privacy & Cybersecurity

NIST Cybersecurity Framework (CSF) 2.0 Anniversary and Updates

NIST is celebrating the two-year anniversary of the Cybersecurity Framework (CSF) 2.0. The blog post highlights updates and resources released over the past two years, including expanded guidance on governance and informative references to other standards, emphasizing the framework's widespread adoption and ongoing development.

NIST Cybersecurity Framework 2.0 Profiles and Resources

The National Institute of Standards and Technology (NIST) has released updated resources for its Cybersecurity Framework (CSF) 2.0, including organizational profile templates and community profiles. These resources aim to help organizations assess and improve their cybersecurity posture.

Apple Use-After-Free Vulnerability Fixed in iOS/iPadOS 17

CISA has added a use-after-free vulnerability (CVE-2023-41974) affecting Apple iOS and iPadOS to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, which could allow an app to execute arbitrary code with kernel privileges, has been fixed by Apple in iOS 17, iPadOS 17, iOS 15.8.7, and iPadOS 15.8.7.

VMware Workspace ONE UEM SSRF Vulnerability CVE-2021-22054

CISA has added VMware Workspace ONE UEM console versions to the Known Exploited Vulnerabilities (KEV) catalog due to an SSRF vulnerability (CVE-2021-22054). This vulnerability may allow a malicious actor to gain access to sensitive information.

SolarWinds Web Help Desk RCE Vulnerability CVE-2025-26399

CISA has added CVE-2025-26399, a critical remote code execution vulnerability in SolarWinds Web Help Desk, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability affects versions 12.8.7 and below and allows unauthenticated attackers to run commands on the host machine.

Ivanti EPM Authentication Bypass Vulnerability

CISA has added a vulnerability (CVE-2026-1603) in Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, an authentication bypass allowing credential data leakage, affects versions before 2024 SU5.

n8n RCE Vulnerability CVE-2025-68613

CISA has added CVE-2025-68613, a critical Remote Code Execution vulnerability in n8n's workflow evaluation system, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability affects versions prior to 1.120.4, 1.121.1, and 1.122.0 and allows authenticated attackers to execute arbitrary code.

PCI SSC Meeting Advances Payment Security and AI Guidance

The PCI Security Standards Council held its North America Community Meeting, focusing on advancing payment security and launching AI guidance. The event brought together over 1,200 stakeholders to discuss evolving standards, best practices for AI in payments, and cross-industry collaboration.

PCI SSC Asia-Pacific Community Meeting on Payment Security

The PCI Security Standards Council (PCI SSC) is hosting its annual Asia-Pacific Community Meeting in Bangkok on November 5-6, 2025. The event will bring together payment security experts to discuss evolving threats, new technologies, and best practices for preventing cyberattacks and fraud in the region.

PCI SSC Establishes India-South Asia Regional Engagement Board

The PCI Security Standards Council (PCI SSC) has established its first Regional Engagement Board (REB) for the India and South Asia region, effective for 2025-2026. The board comprises 27 organizations from the payment industry to advise on payment security issues and promote awareness of PCI SSC standards.