Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore

Alerts & Advisories

Provides alerts and advisories on emerging cyber threats, vulnerabilities, and preventive measures to help individuals and organisations stay secure online.

1123 articles

23 April 2026

Vulnerability in Koollab Learning Management System (LMS)

CSA has issued a CVE ID to a vulnerability reported in Koollab LMS as part of CSA’s Responsibility Vulnerability Disclosure Policy. Users and administrators of the affected product version are advised to update to the latest version 5.4.0 immediately.

Alerts

22 April 2026

Security Bulletin 22 April 2026 [PDF, 1.1 MB]

Bulletins

21 April 2026

Critical Vulnerability in protobuf.js

A critical vulnerability has been identified in protobuf.js, a JavaScript implementation of Google’s Protocol Buffers. Users and administrators of affected products are advised to update to the latest versions immediately.

Alerts

17 April 2026

Critical Vulnerabilities in Cisco ISE and Webex Services

Cisco has released security updates to address multiple security vulnerabilities in two of its products: Identity Services Engine (ISE) and Webex Services. There are no indications that these vulnerabilities are being exploited in the wild when this alert is reported. However,successful exploitation of these vulnerabilities may result in gaining root access and remote code execution. Users and administrators of affected products are advised to update to the latest versions immediately.

Alerts

17 April 2026

Critical Vulnerability in Nginx UI

Nginx-UI has released a security advisory addressing a vulnerability affecting Nginx-UI with Model Context Protocol (MCP) support.This vulnerability is being exploited in the wild. Successful exploitation of this vulnerability can allow any network attacker to invoke all MCP tools without authentication and lead to a complete NGINX service takeover. Users and administrators of affected products are advised to update to the latest version immediately.

Alerts

16 April 2026

Critical Vulnerabilities in Fortinet Product

Fortinet has released software updates addressing vulnerabilities in FortiSandbox.Users and administrators of affected products are advised to update to the latest versions immediately.

Alerts

16 April 2026

Critical Vulnerability in Axios

Axios has released a software patch to address a critical security vulnerability in the Axios library. Users and administrators of affected product versions are advised to update to the latest version immediately.

Alerts

15 April 2026

April 2026 Monthly Patch

Microsoft has released security patches to address multiple vulnerabilities in their software and products.

Monthly Patch

15 April 2026

Advisory on Risks associated with Frontier AI Models

Frontier Artificial Intelligence (AI) models are the most recent advanced AI models available. These frontier AI models can reportedly reduce the time taken to identify vulnerabilities and engineer exploits cutting short the duration from months to hours, but this capability could also be misused by cyber threat actors. This advisory outlines how organisations can plan ahead and strengthen their cybersecurity posture to guard against such risks.

Advisory

15 April 2026

Security Bulletin 15 April 2026 [PDF, 1 MB]

Bulletins