Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore

Alerts & Advisories

Provides alerts and advisories on emerging cyber threats, vulnerabilities, and preventive measures to help individuals and organisations stay secure online.

1125 articles

27 April 2026

Vulnerability in Notepad++

CSA has issued a CVE ID to a vulnerability reported in Notepad++ as part of CSA's Responsibility Vulnerability Disclosure Policy. Users and administrators of the affected product version are advised to update to the latest version 8.9.4 immediately.

Alerts

27 April 2026

Vulnerability in Windows File System Proxy (WinFsp)

CSA has issued a CVE ID to a vulnerability reported in WinFsp as part of CSA’s Responsible Vulnerability Disclosure Policy. Users and administrators of the affected product version are advised to update to the latest version immediately.

Alerts

23 April 2026

Vulnerability in Koollab Learning Management System (LMS)

CSA has issued a CVE ID to a vulnerability reported in Koollab LMS as part of CSA’s Responsible Vulnerability Disclosure Policy. Users and administrators of the affected product version are advised to update to the latest version 5.4.0 immediately.

Alerts

22 April 2026

Security Bulletin 22 April 2026 [PDF, 1.1 MB]

Bulletins

21 April 2026

Critical Vulnerability in protobuf.js

A critical vulnerability has been identified in protobuf.js, a JavaScript implementation of Google’s Protocol Buffers. Users and administrators of affected products are advised to update to the latest versions immediately.

Alerts

17 April 2026

Critical Vulnerabilities in Cisco ISE and Webex Services

Cisco has released security updates to address multiple security vulnerabilities in two of its products: Identity Services Engine (ISE) and Webex Services. There are no indications that these vulnerabilities are being exploited in the wild when this alert is reported. However,successful exploitation of these vulnerabilities may result in gaining root access and remote code execution. Users and administrators of affected products are advised to update to the latest versions immediately.

Alerts

17 April 2026

Critical Vulnerability in Nginx UI

Nginx-UI has released a security advisory addressing a vulnerability affecting Nginx-UI with Model Context Protocol (MCP) support.This vulnerability is being exploited in the wild. Successful exploitation of this vulnerability can allow any network attacker to invoke all MCP tools without authentication and lead to a complete NGINX service takeover. Users and administrators of affected products are advised to update to the latest version immediately.

Alerts

16 April 2026

Critical Vulnerabilities in Fortinet Product

Fortinet has released software updates addressing vulnerabilities in FortiSandbox.Users and administrators of affected products are advised to update to the latest versions immediately.

Alerts

16 April 2026

Critical Vulnerability in Axios

Axios has released a software patch to address a critical security vulnerability in the Axios library. Users and administrators of affected product versions are advised to update to the latest version immediately.

Alerts

15 April 2026

April 2026 Monthly Patch

Microsoft has released security patches to address multiple vulnerabilities in their software and products.

Monthly Patch