Cybersecurity

n8n RCE Vulnerability CVE-2025-68613

CISA has added CVE-2025-68613, a critical Remote Code Execution vulnerability in n8n's workflow evaluation system, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability affects versions prior to 1.120.4, 1.121.1, and 1.122.0 and allows authenticated attackers to execute arbitrary code.

Apple Use-After-Free Vulnerability Fixed in iOS/iPadOS 17

CISA has added a use-after-free vulnerability (CVE-2023-41974) affecting Apple iOS and iPadOS to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, which could allow an app to execute arbitrary code with kernel privileges, has been fixed by Apple in iOS 17, iPadOS 17, iOS 15.8.7, and iPadOS 15.8.7.

VMware Workspace ONE UEM SSRF Vulnerability CVE-2021-22054

CISA has added VMware Workspace ONE UEM console versions to the Known Exploited Vulnerabilities (KEV) catalog due to an SSRF vulnerability (CVE-2021-22054). This vulnerability may allow a malicious actor to gain access to sensitive information.

Ivanti EPM Authentication Bypass Vulnerability

CISA has added a vulnerability (CVE-2026-1603) in Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, an authentication bypass allowing credential data leakage, affects versions before 2024 SU5.

PCI SSC Asia-Pacific Community Meeting on Payment Security

The PCI Security Standards Council (PCI SSC) is hosting its annual Asia-Pacific Community Meeting in Bangkok on November 5-6, 2025. The event will bring together payment security experts to discuss evolving threats, new technologies, and best practices for preventing cyberattacks and fraud in the region.

PCI Security Standards Council Publishes Inaugural Annual Report

The PCI Security Standards Council has released its first-ever Annual Report, detailing progress in payment security during 2025 and outlining its vision for 2026. The report highlights advancements in standards, global collaboration, and the adoption of a product-led operating model.

PCI SSC Establishes India-South Asia Regional Engagement Board

The PCI Security Standards Council (PCI SSC) has established its first Regional Engagement Board (REB) for the India and South Asia region, effective for 2025-2026. The board comprises 27 organizations from the payment industry to advise on payment security issues and promote awareness of PCI SSC standards.

PCI SSC Meeting Advances Payment Security and AI Guidance

The PCI Security Standards Council held its North America Community Meeting, focusing on advancing payment security and launching AI guidance. The event brought together over 1,200 stakeholders to discuss evolving standards, best practices for AI in payments, and cross-industry collaboration.

HITRUST Assessment Handbook v1.2 Updates Released

HITRUST has released version 1.2 of its Assessment Handbook, introducing updates to procedures for evidence generation, testing expectations, reporting, and inheritance eligibility. These changes will be enforced for assessments submitted on or after April 15, 2026.

HITRUST 2025 H2 Threat Analysis on AI Tactics and Assessments

HITRUST released its 2025 H2 Cyber Threat Adaptive Report, indicating that its e1, i1, and r2 assessments effectively mitigate top attack techniques, including AI-driven tactics. The report analyzed threat indicators, intelligence articles, and breaches, mapping data to the MITRE ATT&CK framework.