Data Privacy & Cybersecurity

OpenCTI Vulnerability Allows Bypassing Security Measures

CERT-Bund has issued a security advisory for OpenCTI, a cyber threat intelligence platform. A vulnerability (CVE) allows remote, authenticated attackers to bypass security measures. The advisory affects OpenCTI versions prior to 6.9.1.

Langflow Vulnerabilities Allow Code Execution and Security Bypass

CERT-Bund has issued a security advisory (WID-SEC-2026-0747) regarding critical vulnerabilities in Langflow versions <=1.8.1 and <1.7.2. These flaws allow remote code execution and security bypass, with a CVSS base score of 10.0. Mitigation is available.

Vercel Next.js Vulnerabilities Allow DoS or Security Bypass

CERT-Bund has issued a security advisory for Vercel Next.js, detailing vulnerabilities that could allow remote attackers to perform Denial of Service attacks or bypass security measures. The advisory affects versions prior to 16.1.7 and 15.5.13, with a CVSS base score of 6.5.

ENISA Chairs EU Agencies Network, Strengthens Cybersecurity

ENISA has taken over the chair of the EU Agencies Network (EUAN) for 2025-2026, focusing on implementing a new governance framework and strengthening cybersecurity across EU agencies. A Memorandum of Understanding was signed to reassert cooperation on shared services, including HR, cybersecurity, and legal services.

PCPD Releases AI Storybook for Primary Students

The Office of the Privacy Commissioner for Personal Data (PCPD) in Hong Kong has published a new Chinese storybook titled “Adventure in the AI Labyrinth” for primary school students. This initiative aims to educate young students on the proper use of artificial intelligence and the importance of personal data privacy protection.

CISA KEV: Wing FTP Server Path Disclosure Vulnerability

CISA has added CVE-2025-47813, a path disclosure vulnerability in Wing FTP Server, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability affects versions prior to 7.4.4 and requires specific conditions to exploit.

ICO Decision: DFE FOI Request on Student Finance Costs

The UK's Information Commissioner's Office (ICO) issued a decision regarding a Freedom of Information (FOI) request to the Department for Education (DfE) concerning student finance costs. The ICO upheld the DfE's decision to withhold projected cost information under FOIA section 35(1)(a).

ICO upholds Cabinet Office refusal of Trump-Starmer communication records

The UK's Information Commissioner's Office (ICO) has upheld the Cabinet Office's refusal to release records of a communication between Donald Trump and Keir Starmer. The ICO found that the Cabinet Office was justified in citing section 27 (international relations) of the Freedom of Information Act as grounds for withholding the information.

ICO Decision: FOI Complaint Against Council for Delayed Response Upheld

The UK's Information Commissioner's Office (ICO) has upheld a Freedom of Information (FOI) complaint against the London Borough of Barking and Dagenham Council. The council failed to respond to an FOI request within the statutory 20 working days. The ICO has ordered the council to respond within 30 calendar days.

ICO Decision Notice: NPCC FOI Complaint Not Upheld

The ICO has decided not to uphold a Freedom of Information complaint against the National Police Chiefs' Council (NPCC). The NPCC confirmed it holds no further information beyond what was already provided regarding cross-force access, and the ICO agreed.