Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore

Alerts & Advisories

Provides alerts and advisories on emerging cyber threats, vulnerabilities, and preventive measures to help individuals and organisations stay secure online.

1129 articles

4 May 2026

High Severity Vulnerability in Linux Kernel

A security update has been released to address a high severity vulnerability in the Linux kernel. Users and administrators of affected products are advised to update to the latest versions immediately.

Alerts

4 May 2026

Active Exploitation of Critical Vulnerability in cPanel, WebHost Manager (WHM) and WordPress Squared (WP2)

cPanel has released security updates to address a critical vulnerability in cPanel, WebHost Manager (WHM) and Wordpress Squared (WP2). Users and administrators of affected products are advised to update to the latest versions immediately.

Alerts

30 April 2026

High Severity Vulnerability in OpenSSH

Open SecureShell (OpenSSH) has released a security update to address a high severity vulnerability in OpenSSH. The vulnerability has a Common Vulnerability Scoring System (CVSS v3.1) score of 8.1 out of 10. Users and administrators of affected products are advised to update to the latest versions immediately.

Alerts

29 April 2026

Security Bulletin 29 Apr 2026 [PDF, 1.5 MB]

Bulletins

27 April 2026

Vulnerability in Notepad++

CSA has issued a CVE ID to a vulnerability reported in Notepad++ as part of CSA's Responsibility Vulnerability Disclosure Policy. Users and administrators of the affected product version are advised to update to the latest version 8.9.4 immediately.

Alerts

27 April 2026

Vulnerability in Windows File System Proxy (WinFsp)

CSA has issued a CVE ID to a vulnerability reported in WinFsp as part of CSA’s Responsible Vulnerability Disclosure Policy. Users and administrators of the affected product version are advised to update to the latest version immediately.

Alerts

23 April 2026

Vulnerability in Koollab Learning Management System (LMS)

CSA has issued a CVE ID to a vulnerability reported in Koollab LMS as part of CSA’s Responsible Vulnerability Disclosure Policy. Users and administrators of the affected product version are advised to update to the latest version 5.4.0 immediately.

Alerts

22 April 2026

Security Bulletin 22 April 2026 [PDF, 1.1 MB]

Bulletins

21 April 2026

Critical Vulnerability in protobuf.js

A critical vulnerability has been identified in protobuf.js, a JavaScript implementation of Google’s Protocol Buffers. Users and administrators of affected products are advised to update to the latest versions immediately.

Alerts

17 April 2026

Critical Vulnerabilities in Cisco ISE and Webex Services

Cisco has released security updates to address multiple security vulnerabilities in two of its products: Identity Services Engine (ISE) and Webex Services. There are no indications that these vulnerabilities are being exploited in the wild when this alert is reported. However,successful exploitation of these vulnerabilities may result in gaining root access and remote code execution. Users and administrators of affected products are advised to update to the latest versions immediately.

Alerts