Searching in Data Privacy & Cybersecurity · Search everything
685 changes Data Privacy & Cybersecurity
NIST Cybersecurity Framework (CSF) 2.0 Anniversary and Updates
NIST is celebrating the two-year anniversary of the Cybersecurity Framework (CSF) 2.0. The blog post highlights updates and resources released over the past two years, including expanded guidance on governance and informative references to other standards, emphasizing the framework's widespread adoption and ongoing development.
NIST Cybersecurity Framework 2.0 Profiles and Resources
The National Institute of Standards and Technology (NIST) has released updated resources for its Cybersecurity Framework (CSF) 2.0, including organizational profile templates and community profiles. These resources aim to help organizations assess and improve their cybersecurity posture.
NIST Cybersecurity Framework 2.0 Implementation Resources
The National Institute of Standards and Technology (NIST) has released quick start guides and implementation resources for the Cybersecurity Framework (CSF) 2.0. These resources aim to help organizations of all sizes, including small businesses, understand and implement the updated framework.
NIST CSF 2.0 Cybersecurity Risk Management Guidance
The National Institute of Standards and Technology (NIST) has released version 2.0 of its Cybersecurity Framework (CSF). This updated guidance provides a comprehensive taxonomy for organizations of all sizes and sectors to manage cybersecurity risks, offering a flexible approach to assessing and communicating cybersecurity efforts.
Ivanti EPM Authentication Bypass Vulnerability
CISA has added a vulnerability (CVE-2026-1603) in Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, an authentication bypass allowing credential data leakage, affects versions before 2024 SU5.
VMware Workspace ONE UEM SSRF Vulnerability CVE-2021-22054
CISA has added VMware Workspace ONE UEM console versions to the Known Exploited Vulnerabilities (KEV) catalog due to an SSRF vulnerability (CVE-2021-22054). This vulnerability may allow a malicious actor to gain access to sensitive information.
SolarWinds Web Help Desk RCE Vulnerability CVE-2025-26399
CISA has added CVE-2025-26399, a critical remote code execution vulnerability in SolarWinds Web Help Desk, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability affects versions 12.8.7 and below and allows unauthenticated attackers to run commands on the host machine.
Apple Use-After-Free Vulnerability Fixed in iOS/iPadOS 17
CISA has added a use-after-free vulnerability (CVE-2023-41974) affecting Apple iOS and iPadOS to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, which could allow an app to execute arbitrary code with kernel privileges, has been fixed by Apple in iOS 17, iPadOS 17, iOS 15.8.7, and iPadOS 15.8.7.
n8n RCE Vulnerability CVE-2025-68613
CISA has added CVE-2025-68613, a critical Remote Code Execution vulnerability in n8n's workflow evaluation system, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability affects versions prior to 1.120.4, 1.121.1, and 1.122.0 and allows authenticated attackers to execute arbitrary code.
PCI Security Standards Council Publishes Inaugural Annual Report
The PCI Security Standards Council has released its first-ever Annual Report, detailing progress in payment security during 2025 and outlining its vision for 2026. The report highlights advancements in standards, global collaboration, and the adoption of a product-led operating model.