30 Jan 2026
Week in review
Greetings,
Yesterday was Privacy Awareness Day, which serves as an important reminder that protecting personal information is a shared responsibility for organisations, government agencies, and the broader community. In an environment where digital services, data collection, and emerging technologies are increasingly embedded in everyday life, strong privacy practices are essential to maintaining public trust and meeting legal obligations.
The Office of the Australian Information Commissioner (OAIC) emphasises that privacy compliance is an ongoing commitment. Many organisations and Australian Government agencies are required to manage personal information in line with the Privacy Act 1988, ensuring information is collected lawfully, used transparently, stored securely, and disposed of appropriately when no longer needed. Embedding privacy by design into systems, policies, and processes helps reduce risk while demonstrating accountability and respect for individual rights.
This year, the OAIC has reinforced these principles through increased regulatory focus, including the commencement of its first privacy compliance sweep. The initiative highlights the importance of clear, accessible privacy policies and transparency about how personal information is handled, particularly where information is collected directly from individuals. These activities reflect growing community expectations that organisations take privacy governance seriously and remain proactive in strengthening their practices.
To support this, the OAIC provides a wide range of practical guidance for organisations and government agencies, covering areas such as privacy management frameworks, data breach preparedness, privacy impact assessments, and emerging issues like artificial intelligence. Privacy Awareness Day is an opportunity to revisit these resources, assess current practices, and reinforce a culture where privacy is treated as a core business priority rather than a compliance afterthought.
New sandbox escape flaw exposes n8n instances to RCE attacks
Date: 2026-01-28
Author: Bleeping Computer
[AUSCERT has identified the impacted members (where possible) and contacted them via email]
Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, access sensitive data, and execute arbitrary code on the underlying host.
Identified as CVE-2026-1470 and CVE-2026-0863, the vulnerabilities were discovered and reported by researchers at DevSecOps company JFrog.
SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws
Date: 2026-01-28
Author: Bleeping Computer
[AUSCERT has identified the impacted members (where possible) and contacted them via email]
SolarWinds has released security updates to patch critical authentication bypass and remote command execution vulnerabilities in its Web Help Desk IT help desk software.
The authentication bypass security flaws (tracked as CVE-2025-40552 and CVE-2025-40554) patched today by SolarWinds were reported by watchTowr's Piotr Bazydlo and can be exploited by remote unauthenticated threat actors in low-complexity attacks.
Microsoft Patches Office Zero-Day Likely Exploited in Targeted Attacks
Date: 2026-01-27
Author: Security Week
[See AUSCERT bulletin: https://portal.auscert.org.au/bulletins/ASB-2026.0039.2]
Microsoft has released patches for CVE-2026-21509, a newly disclosed Office zero-day vulnerability that can be exploited to bypass security features.
The tech giant’s advisory for CVE-2026-21509 mentions that it’s aware of active exploitation.
The vulnerability and the in-the-wild attacks were discovered by Microsoft’s own security researchers, but the company has yet to share any information on the malicious activity.
Cloudflare misconfiguration behind recent BGP route leak
Date: 2026-01-26
Author: Bleeping Computer
Cloudflare has shared more details about a recent 25-minute Border Gateway Protocol (BGP) route leak affecting IPv6 traffic, which caused measurable congestion, packet loss, and approximately 12 Gbps of dropped traffic.
The BGP system helps route data across different networks called autonomous systems (AS) that send it to destination through smaller networks on the internet.
The incident was caused by an accidental policy misconfiguration on a router and affected external networks beyond Cloudflare customers.
Fortinet blocks exploited FortiCloud SSO zero day until patch is ready
Date: 2026-01-27
Author: Bleeping Computer
[See AUSCERT bulletin: https://portal.auscert.org.au/bulletins/ESB-2026.0770/]
Fortinet has confirmed a new, actively exploited critical FortiCloud single sign-on (SSO) authentication bypass vulnerability, tracked as CVE-2026-24858, and says it has mitigated the zero-day attacks by blocking FortiCloud SSO connections from devices running vulnerable firmware versions.
The flaw allows attackers to abuse FortiCloud SSO to gain administrative access to FortiOS, FortiManager, and FortiAnalyzer devices registered to other customers, even when those devices were fully patched against a previously disclosed vulnerability.
ESB-2026.0895 – openssl: CVSS (Max): 9.8
Red Hat has released an Important security update for OpenSSL on RHEL 9.2 Update Services for SAP Solutions, fixing two critical flaws that could lead to remote code execution or denial of service during CMS and PKCS#12 processing.
ESB-2026.0876 – Juniper Networks Session Smart Router (SSR): CVSS (Max): 9.8
Juniper Networks has released a Critical security update for Session Smart Router, addressing numerous high-severity vulnerabilities in bundled third-party components that could enable remote code execution, privilege escalation, or denial of service.
ESB-2026.0687 – inetutils: CVSS (Max): 9.8
Debian has issued an LTS security advisory for inetutils, fixing CVE-2026-24061, an authentication bypass in telnetd that could allow remote root access.
ESB-2026.0673 – MozillaFirefox: CVSS (Max): 9.8
SUSE has released an Important security update for Mozilla Firefox ESR, fixing 13 vulnerabilities—including multiple critical sandbox escapes and memory safety issues.
ASB-2026.0037.2 – telnetd: CVSS (Max): 9.8
A vulnerability for GNU InetUtils telnetd has been issued. CVE-2026-24061, now listed in CISA’s Known Exploited Vulnerabilities catalog, allows remote attackers to bypass authentication and gain root access.
Stay safe, stay patched and have a good weekend!
The AUSCERT team
