Searching in Data Privacy & Cybersecurity · Search everything
692 changes Data Privacy & Cybersecurity
Endpoint Management System Hardening Advisory Following Stryker Cyberattack
CISA released a cybersecurity alert on March 18, 2026, following a March 11 cyberattack against medical technology firm Stryker Corporation that compromised their Microsoft environment. The alert urges all U.S. organizations to harden endpoint management system configurations, specifically recommending Microsoft Intune security best practices including least privilege RBAC, phishing-resistant MFA, and Multi Admin Approval for sensitive operations.
Devolutions Server vulnerabilities allow remote authenticated admin takeover
Devolutions Server vulnerabilities allow remote authenticated admin takeover
pfSense Remote Code Execution Vulnerabilities
CERT-Bund issued Security Advisory WID-SEC-2026-0961 disclosing multiple high-severity vulnerabilities (CVSS Base Score 8.8) in Netgate pfSense Plus and CE software. Affected versions include pfSense Plus <26.03, <26.07 and CE <2.8.1. Remote attackers can exploit these flaws to execute arbitrary code or conduct cross-site scripting attacks. Mitigation measures are available.
HCL BigFix Platform Multiple Vulnerabilities
CERT-Bund issued a security advisory (WID-SEC-2026-0960) identifying multiple vulnerabilities in HCL BigFix Platform affecting versions prior to 11.0.6. The vulnerabilities carry a CVSS Base Score of 8.8 (high) and a Temporal Score of 7.7 (high). Local attackers can exploit these flaws to bypass security mechanisms and disclose sensitive information. Mitigation measures are available.
VertiGIS FM Critical Vulnerability - Remote Code Execution and XSS
CERT-Bund issued security advisory WID-SEC-2026-0959 disclosing critical vulnerabilities in VertiGIS FM building management software. The vulnerabilities carry a CVSS Base Score of 9.9 (critical) and CVSS Temporal Score of 8.9 (high), enabling remote authenticated attackers to execute arbitrary code and conduct cross-site scripting attacks. Affected versions are VertiGIS FM prior to 10.11.363 and 10.13.403.
Chrome Dawn Use-After-Free Remote Code Execution Vulnerability
CISA added CVE-2026-5281 to the Known Exploited Vulnerabilities catalog. This is a use-after-free vulnerability in Google Chrome's Dawn component (versions prior to 146.0.7680.178) that allows remote code execution via a crafted HTML page. The vulnerability has an active exploitation status per SSVC analysis and a CVSS score of 8.8 (High).
Zero-Day Chrome Vulnerability - Immediate Update Required
The Cyber Security Agency of Singapore issued an urgent alert regarding CVE-2026-5281, a use-after-free zero-day vulnerability in Google Chrome's Dawn WebGPU implementation. The vulnerability affects Chrome versions prior to 146.0.7680.177/178 on Windows and Mac, and 146.0.7680.177 on Linux, and is reportedly being actively exploited in the wild.
Critical Axios Supply Chain Compromise via npm
CSA issued an advisory on a critical supply chain compromise affecting Axios JavaScript HTTP client versions 1.14.1 and 0.30.4. Threat actors compromised a maintainer's npm account to inject a Remote Access Trojan (RAT) targeting Windows, macOS, and Linux systems. Affected organizations should immediately downgrade to safe versions (axios@1.14.0 or 0.30.3) and remove the malicious plain-crypto-js@4.2.1 package.
CVE-2026-5281 Google Dawn Use-After-Free Added to KEV Catalog
CISA added CVE-2026-5281, a Google Dawn Use-After-Free vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog based on evidence of active exploitation. The vulnerability poses significant risks to federal enterprise networks. BOD 22-01 establishes remediation requirements for Federal Civilian Executive Branch (FCEB) agencies.
Multiples vulnérabilités dans les produits Microsoft
CERT-FR issued advisory CERTFR-2026-AVI-0386 notifying of 14 Microsoft vulnerabilities affecting multiple software packages including bind, flannel, libssh, ocaml, telegraf, trident, nodejs18, and systemd-bootstrap. French organizations are advised to consult Microsoft's security bulletins and apply available patches. The vulnerabilities could allow attackers to cause unspecified security issues.