Microsoft ASP.NET/.NET Vulnerabilities Advisory
This advisory updates information on multiple vulnerabilities in Microsoft ASP.NET and .NET, with a CVSS Base Score of 7.8. The update includes affected products on Ubuntu, Oracle, and Red Hat Linux, in addition to previously listed Microsoft ASP.NET Core and .NET versions.
FreeRDP Vulnerabilities - Remote Code Execution
CERT-Bund has issued an advisory for multiple vulnerabilities in FreeRDP, a Remote Desktop Protocol implementation. The vulnerabilities have a CVSS base score of 8.8 and allow for remote code execution, denial-of-service, and information disclosure.
CPython Vulnerabilities Allow Remote Code Execution
The German Federal Office for Information Security (BSI) has issued a security advisory regarding multiple vulnerabilities in CPython, with a CVSS base score of 7.7. These vulnerabilities allow remote attackers to manipulate files or execute arbitrary code on affected systems.
Vim Vulnerability Allows Code Execution (CVSS 6.6)
The German National Cybersecurity Agency (BSI) has issued a security advisory for a vulnerability in the Vim text editor. The vulnerability, with a CVSS score of 6.6, allows local attackers to execute arbitrary code. Mitigation is available.
Mozilla Firefox, Thunderbird Vulnerabilities (CVSS 8.8)
CERT-Bund has issued an advisory regarding multiple vulnerabilities in Mozilla Firefox, Firefox ESR, and Thunderbird, with a CVSS Base Score of 8.8. The advisory has been updated multiple times to include specific product versions and affected operating systems.
CISA Adds Two Exploited Vulnerabilities to KEV Catalog
CISA has added two new vulnerabilities, CVE-2026-3909 and CVE-2026-3910, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. Federal Civilian Executive Branch (FCEB) agencies are required to remediate these vulnerabilities per Binding Operational Directive (BOD) 22-01.
Critical Cisco Secure Firewall Management Center Vulnerabilities Addressed
Cisco has released security updates for critical vulnerabilities (CVSS 10.0) in its Secure Firewall Management Center software. Users of affected on-premises versions are advised to update immediately to prevent root access and arbitrary code execution.
Microsoft Security Patches for Critical Vulnerabilities
The Cyber Security Agency of Singapore (CSA) has issued an alert regarding Microsoft's release of security patches for critical vulnerabilities in its software. These patches address multiple security flaws, some with a base score of 9.8, requiring immediate attention from users and organizations.
HPE Patches Critical Aruba Networking AOS-CX Vulnerabilities
Hewlett Packard Enterprise (HPE) has released patches for critical vulnerabilities in its Aruba Networking AOS-CX operating system. The most severe flaw (CVE-2026-23813) allows unauthenticated remote attackers to reset administrator passwords. Users are urged to update immediately.
Fortinet Vulnerabilities Require Immediate Updates
The Cyber Security Agency of Singapore (CSA) has issued an alert regarding high-severity vulnerabilities in multiple Fortinet enterprise products. Users are strongly advised to update affected systems immediately to mitigate risks of unauthorized code execution, authentication bypass, and privilege escalation.
Multiple Vulnerabilities Found in IBM Products
The French National Cybersecurity Agency (ANSSI) has issued a notice regarding multiple vulnerabilities discovered in various IBM products. These vulnerabilities could allow remote code execution, denial of service, and data breaches. Affected users are advised to consult IBM's security bulletins for patch information.
Microsoft Office Vulnerability Advisory CVE-2026-26133
The French National Cybersecurity Agency (ANSSI) has issued an advisory regarding a vulnerability (CVE-2026-26133) in Microsoft Office applications. The vulnerability could lead to data confidentiality breaches.
Microsoft Loop, PowerBI, Teams Vulnerability Disclosure
The French National Cybersecurity Agency (ANSSI) has issued a notice regarding a vulnerability (CVE-2026-26133) affecting Microsoft Loop, PowerBI, and Teams. The vulnerability can lead to data confidentiality breaches. Users are advised to consult Microsoft's security bulletin for patch information.
Microsoft Edge Vulnerability Poses Data Confidentiality Risk
The French National Cybersecurity Agency (ANSSI) has issued a notice regarding a vulnerability in Microsoft Edge for Android and iOS. The vulnerability, identified as CVE-2026-26133, poses a risk of data confidentiality breaches. Users are advised to refer to Microsoft's security bulletin for patch information.
Debian Linux Kernel Vulnerabilities Affecting Confidentiality and Security
The French National Cybersecurity Agency (ANSSI) has issued a notice regarding multiple vulnerabilities discovered in the Debian Linux kernel. These vulnerabilities can lead to privilege escalation, data confidentiality breaches, and denial of service, affecting specific versions of Debian bookworm and trixie.
CISA: Ignition Software Vulnerable to Code Execution
CISA issued an advisory for Inductive Automation Ignition Software versions prior to 8.3.0, identifying a deserialization vulnerability (CVE-2025-13913) that could allow remote code execution. Users are recommended to upgrade to version 8.3.0 or later.
EU Commission Launches €75 Million EURO-3C Project for Telco-Edge-Cloud
The European Commission has announced the EURO-3C project, a €75 million initiative to build a federated Telco-Edge-Cloud infrastructure. This project aims to enhance Europe's digital service capabilities and reduce reliance on third-country providers.
EU Cooperation on Artificial Intelligence at India Summit
The European Union, represented by Executive Vice-President Henna Virkkunen, will attend the AI Impact Summit 2026 in New Delhi to strengthen cooperation with India on AI governance and innovation. The visit aims to advance the EU's approach to AI, emphasizing trust, innovation, and international collaboration.
Draft Code of Practice on AI Content Marking Published
The European Commission has published a second draft Code of Practice on AI content marking, intended to help providers and deployers meet AI Act requirements. This revised draft aims to streamline processes, reduce compliance burdens, and incorporate feedback from various stakeholders.
New Delhi Declaration on AI Endorsed by 92 Countries
92 countries and international organizations endorsed the New Delhi Declaration on AI Impact at the AI Impact Summit 2026. The declaration outlines a shared global vision for collaborative, trusted, and resilient AI, structured around seven pillars of action and supported by voluntary global initiatives.
EU Endorses AI Declaration and Launches Legal Gateway Office
The European Union has endorsed the Leaders' Declaration at the AI Impact Summit in India and launched the European Legal Gateway Office to connect EU companies with India's ICT talent. The initiative also aims to strengthen global AI governance and promote AI innovation.
ENISA Updates International Cybersecurity Strategy
ENISA has updated its International Strategy to enhance engagement with international partners and align with the EU's cybersecurity policies. The revised strategy focuses on cooperation with countries sharing EU values and includes specific working arrangements with Ukraine and the US, support for EU candidate countries, and operationalizing the EU Cybersecurity Reserve for third countries.
ENISA Cybersecurity Exercise Methodology Guidance
ENISA has released a new cybersecurity exercise methodology to guide organizations in planning and executing effective cybersecurity exercises. The methodology provides a framework for simulating cyber crises, training response capabilities, and building resilience against cyber threats.
ENISA Report: EU Public Administrations Targeted by DDoS Attacks
ENISA has released a report detailing that EU public administrations are increasingly targeted by cyberattacks, primarily DDoS attacks, with central governments being the most affected. The report analyzes 586 incidents from 2024 and highlights the sector's developing cybersecurity resilience under the NIS2 Directive.
ENISA Report: Cybersecurity Investments and NIS2 Challenges
ENISA's 6th NIS Investments report reveals a shift in cybersecurity spending from personnel to technology and services across 1080 EU organizations. The report highlights persistent talent shortages and challenges in implementing the NIS2 Directive, despite compliance being a key investment driver.
ENISA Seeks Feedback on Software Supply Chain Security Guidance
ENISA has launched public consultations on draft guidance for software supply chain security. Feedback is sought on an SBOM Landscape Analysis and a Technical Advisory for Secure Use of Package Managers, with a deadline of January 23, 2026.
IEEE Medical Device Registry Enhances Healthcare Cybersecurity
The IEEE Standards Association has launched the IEEE Medical Device Registry, a public database of medical devices that have successfully completed cybersecurity certification under the IEEE 2621 framework. This initiative aims to enhance transparency and trust in healthcare by providing verifiable information on device cybersecurity performance.
2026 Healthcare Trends: AI, Medical Device Cybersecurity, Digital Therapeutics
The IEEE Standards Association has identified key healthcare and life sciences trends for 2026, focusing on AI-driven health delivery, medical device cybersecurity, and digital therapeutics. The notice highlights opportunities and challenges associated with these evolving technologies.
AI, 5G, Cybersecurity, and Data Interoperability in Connectivity
The IEEE Standards Association (IEEE SA) published a blog post discussing the future of connectivity, focusing on the integration of AI, 5G, cybersecurity, and data interoperability into intelligent infrastructure. The post highlights the evolving trends and the importance of consensus-based standards in shaping these advancements.
Joint Advisory on SD-WAN Appliance Exploitation
The NSA, CISA, and international cybersecurity agencies have issued a joint advisory regarding the exploitation of Cisco SD-WAN appliances. Threat actors are exploiting a specific vulnerability (CVE-2026-20127) to gain root access and establish persistence. The advisory includes a threat hunt guide and mitigation recommendations.
NIST CSF 2.0 Cybersecurity Risk Management Guidance
The National Institute of Standards and Technology (NIST) has released version 2.0 of its Cybersecurity Framework (CSF). This updated guidance provides a comprehensive taxonomy for organizations of all sizes and sectors to manage cybersecurity risks, offering a flexible approach to assessing and communicating cybersecurity efforts.
NIST Cybersecurity Framework 2.0 Implementation Resources
The National Institute of Standards and Technology (NIST) has released quick start guides and implementation resources for the Cybersecurity Framework (CSF) 2.0. These resources aim to help organizations of all sizes, including small businesses, understand and implement the updated framework.
NIST Cybersecurity Framework 2.0 Profiles and Resources
The National Institute of Standards and Technology (NIST) has released updated resources for its Cybersecurity Framework (CSF) 2.0, including organizational profile templates and community profiles. These resources aim to help organizations assess and improve their cybersecurity posture.
NIST Cybersecurity Framework (CSF) 2.0 Anniversary and Updates
NIST is celebrating the two-year anniversary of the Cybersecurity Framework (CSF) 2.0. The blog post highlights updates and resources released over the past two years, including expanded guidance on governance and informative references to other standards, emphasizing the framework's widespread adoption and ongoing development.
SolarWinds Web Help Desk RCE Vulnerability CVE-2025-26399
CISA has added CVE-2025-26399, a critical remote code execution vulnerability in SolarWinds Web Help Desk, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability affects versions 12.8.7 and below and allows unauthenticated attackers to run commands on the host machine.
n8n RCE Vulnerability CVE-2025-68613
CISA has added CVE-2025-68613, a critical Remote Code Execution vulnerability in n8n's workflow evaluation system, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability affects versions prior to 1.120.4, 1.121.1, and 1.122.0 and allows authenticated attackers to execute arbitrary code.
Ivanti EPM Authentication Bypass Vulnerability
CISA has added a vulnerability (CVE-2026-1603) in Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, an authentication bypass allowing credential data leakage, affects versions before 2024 SU5.
VMware Workspace ONE UEM SSRF Vulnerability CVE-2021-22054
CISA has added VMware Workspace ONE UEM console versions to the Known Exploited Vulnerabilities (KEV) catalog due to an SSRF vulnerability (CVE-2021-22054). This vulnerability may allow a malicious actor to gain access to sensitive information.
Apple Use-After-Free Vulnerability Fixed in iOS/iPadOS 17
CISA has added a use-after-free vulnerability (CVE-2023-41974) affecting Apple iOS and iPadOS to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, which could allow an app to execute arbitrary code with kernel privileges, has been fixed by Apple in iOS 17, iPadOS 17, iOS 15.8.7, and iPadOS 15.8.7.
PCI SSC Asia-Pacific Community Meeting on Payment Security
The PCI Security Standards Council (PCI SSC) is hosting its annual Asia-Pacific Community Meeting in Bangkok on November 5-6, 2025. The event will bring together payment security experts to discuss evolving threats, new technologies, and best practices for preventing cyberattacks and fraud in the region.
PCI SSC Establishes India-South Asia Regional Engagement Board
The PCI Security Standards Council (PCI SSC) has established its first Regional Engagement Board (REB) for the India and South Asia region, effective for 2025-2026. The board comprises 27 organizations from the payment industry to advise on payment security issues and promote awareness of PCI SSC standards.
PCI SSC Meeting Advances Payment Security and AI Guidance
The PCI Security Standards Council held its North America Community Meeting, focusing on advancing payment security and launching AI guidance. The event brought together over 1,200 stakeholders to discuss evolving standards, best practices for AI in payments, and cross-industry collaboration.
PCI Security Standards Council Publishes Inaugural Annual Report
The PCI Security Standards Council has released its first-ever Annual Report, detailing progress in payment security during 2025 and outlining its vision for 2026. The report highlights advancements in standards, global collaboration, and the adoption of a product-led operating model.
HITRUST CSF v11.6 Assessment Creation Deadline
HITRUST has announced deadlines for creating and submitting e1 and i1 assessments using CSF v11.6.0. The ability to create new assessments using v11.6.0 will be disabled on March 31, 2026, and submission will be disabled on June 30, 2026.
HITRUST CSF v11.6 Assessment Creation Deadline
HITRUST has announced that effective August 22, 2025, all new e1 and i1 assessments must be created using CSF v11.6.0. Existing assessments using v11.5.1 can still be submitted, with a future deadline to be announced.
HITRUST CSF v11.7.0 Release Notes
HITRUST has released version 11.7.0 of its Common Security Framework (CSF), effective December 18, 2025. This update includes new authoritative sources, consolidation of requirement statements, and modifications to the e1 and i1 assessment baselines.
HITRUST Assessment Handbook v1.2 Updates Released
HITRUST has released version 1.2 of its Assessment Handbook, introducing updates to procedures for evidence generation, testing expectations, reporting, and inheritance eligibility. These changes will be enforced for assessments submitted on or after April 15, 2026.
HITRUST 2025 H2 Threat Analysis on AI Tactics and Assessments
HITRUST released its 2025 H2 Cyber Threat Adaptive Report, indicating that its e1, i1, and r2 assessments effectively mitigate top attack techniques, including AI-driven tactics. The report analyzed threat indicators, intelligence articles, and breaches, mapping data to the MITRE ATT&CK framework.
NCSC Advises UK Organizations on Middle East Conflict Cyber Threats
The UK's National Cyber Security Centre (NCSC) has issued an alert advising UK organizations to review their cybersecurity posture due to the evolving conflict in the Middle East. The advisory highlights a heightened risk of indirect cyber threats and encourages organizations to implement enhanced monitoring and review their external attack surface.
NCSC: Pro-Russia Hacktivists Target UK Organisations with DDoS Attacks
The UK's National Cyber Security Centre (NCSC) has issued guidance warning that pro-Russia hacktivist groups, particularly NoName057(16), continue to target UK organisations with DDoS attacks. The NCSC urges local government and critical infrastructure operators to review and harden their denial-of-service defences.
NCSC Warns of Hacktivist DoS Attacks on UK Organisations
The UK's National Cyber Security Centre (NCSC) has issued a warning regarding persistent denial of service (DoS) attacks by Russian-aligned hacktivist groups targeting UK organisations, particularly local government and critical infrastructure operators. The NCSC urges organisations to review their cyber defences and resilience measures.
NCSC Alert: Cisco SD-WAN Exploited Globally
The UK's NCSC, along with international partners, has issued an alert regarding the exploitation of Cisco Catalyst SD-WAN devices. Threat actors are gaining root and persistent access, and organizations are urged to investigate potential compromises and apply security updates.
CYBERUK 2026 Conference Announcement
The UK's National Cyber Security Centre (NCSC) has announced details for the flagship CYBERUK 2026 conference in Glasgow, scheduled for April 21-23. The event will focus on accelerating cyber defences and will feature international security chiefs and industry leaders. Registration for private sector delegates remains open until April 2, 2026.
Siemens Heliox EV Chargers Vulnerability Advisory
CISA has issued an advisory regarding a vulnerability in Siemens Heliox EV Chargers that could allow unauthorized access. Siemens has released updated versions and recommends immediate updates to mitigate the risk.
CISA Advisory: Trane Tracer SC/SC+/Concierge Vulnerabilities
CISA issued an advisory regarding multiple vulnerabilities (CVE-2026-28252, CVE-2026-28253, CVE-2026-28254) affecting Trane Tracer SC, Tracer SC+, and Tracer Concierge systems. Exploitation could lead to sensitive information disclosure, arbitrary command execution, or denial-of-service.
Siemens RUGGEDCOM APE1808 Devices Vulnerabilities
CISA has issued an advisory regarding multiple vulnerabilities affecting Siemens RUGGEDCOM APE1808 devices. These vulnerabilities, related to HTTP request smuggling and authentication bypass, have been assigned high CVSS scores. Siemens recommends updating to the latest version to address these security risks.
Siemens SIDIS Prime Vulnerabilities Advisory
CISA has issued an advisory regarding multiple vulnerabilities in Siemens SIDIS Prime versions prior to V4.0.800, affecting components like OpenSSL, SQLite, and Node.js packages. Siemens recommends updating to the latest version to address these high-severity issues.
UK Legal Sector Cyber Threat Report
The UK's National Cyber Security Centre (NCSC) has released a cyber threat report for the legal sector, detailing common threats and providing guidance for law firms of all sizes to enhance their resilience. The report highlights the extent to which the sector is being targeted, with an average of four nationally significant cyber attacks occurring weekly across the UK.
Active Cyber Defence Programme - Sixth Year Report
The UK's National Cyber Security Centre has published the sixth-year report on its Active Cyber Defence (ACD) programme. The report details findings on how the programme has protected the UK from cyber attacks since its launch in 2017.
NCSC Paper on Assessing 'Forgivable' vs 'Unforgivable' Vulnerabilities
The UK's National Cyber Security Centre (NCSC) has published a paper proposing a method to assess software vulnerabilities as 'forgivable' or 'unforgivable'. The research aims to help vendors eradicate common vulnerability classes by making top-level mitigations easier to implement.
NCSC Assessment: Impact of AI on Cyber Threats 2027
The UK's National Cyber Security Centre (NCSC) has released an assessment detailing how Artificial Intelligence (AI) is expected to significantly increase cyber threats by 2027. The report highlights that AI will make intrusion operations more effective and efficient, potentially leading to a digital divide in system vulnerability.
NCSC Report: AI to Increase Cyber Attack Volume and Impact
The UK's National Cyber Security Centre (NCSC) has released a report assessing the near-term impact of Artificial Intelligence on the cyber threat. The assessment concludes that AI will almost certainly increase the volume and impact of cyber attacks over the next two years, though the effect will be uneven across different threat actors.