Speak to An Expert

Apr 2026: Monthly Security Bytes

Welcome to our LGA Monthly Security Bytes!

Here, you’ll find bite-sized security developments and practical insights to help you stay ahead of day-to-day security operations.

Advanced cybersecurity microchip with shield and lock icon on a digital circuit board, representing secure network infrastructure, data protection, and enterprise cloud security solutions for modern IT environments.

Today’s threats no longer stop at firewalls or endpoints. Core systems, automation tools like n8n, and AI applications are emerging as new entry points when misconfigured or left unpatched.

As these systems underpin operations and data flow, a single vulnerability can quickly escalate into high-impact breaches, causing disruption, data exposure and full environment compromise.

Key Security Updates

1. Critical Infrastructure Vulnerabilities Across Aruba and Fortinet Systems

Critical vulnerabilities in Aruba CX and Fortinet products may allow attackers to bypass authentication, execute commands and take control of network infrastructure, leading to unauthorised access and potential disruption of enterprise systems.

Critical Vulnerabilities were identified in the following:

1.  Palo Alto Networks PAN-OS
 • PAN-OS 12.1: Versions prior to 12.1.3-h3 or 12.1.4
 • PAN-OS 11.2: Versions prior to 11.2.4-h15, 11.2.7-h8, or 11.2.10-h2
 • PAN-OS 11.1: Versions prior to 11.1.4-h27, 11.1.6-h23, 11.1.10-h9, or 11.1.13
 • PAN-OS 10.2: Versions prior to 10.2.7-h32, 10.2.10-h30, 10.2.13-h18, 10.2.16-h6, or 10.2.18-h1
 • PAN-OS 10.1: Versions prior to 10.1.14-h20
 • Prisma Access 11.2: Versions prior 11.2.7-h8
 • Prisma Access 10.2: Versions prior 10.2.4-h43 or 10.2.10-h29

2. Fortinet Products
• FortiSwitchAX: CVE-2026-22627 – Unauthenticated code execution via crafted LLDP packet
• FortiWeb: CVE-2026-24017 – Authentication rate-limit bypass through crafted requests
• FortiManager: CVE-2025-54820 – Unauthenticated remote command execution if vulnerable service is enabled
• FortiClient Linux: CVE-2026-24018 – Local privilege escalation allowing root access

2. Critical Remote Code Execution Vulnerability in n8n

A critical RCE vulnerability has been identified in n8n, with approximately 24,700 publicly exposed servers discovered through internet scans.

If exploited, attackers could gain full control of the automation server, enabling credential theft, workflow manipulation, infrastructure compromise and data exfiltration.

Due to n8n’s role in connecting systems and automating processes, this vulnerability presents a high-impact risk, potentially allowing attackers to establish persistent access even after remediation.

3. AI Chat App Data Leak Highlights Ongoing Firebase Security Risks

A major breach exposed 300 million messages from over 25 million users of Chat & Ask AI due to an unsecured database:
• Firebase misconfiguration left backend data publicly accessible without authentication
• Single vulnerability amplified across AI services due to interconnected systems
• Persistent cloud security gaps despite known and preventable misconfigurations

Mitigate These Threats with LGA’s Managed Security Solutions

Cybersecurity solution overview featuring four key capabilities: accelerated threat detection and response, data loss protection (DLP) to prevent sensitive data exposure and exfiltration, cloud anomaly detection for deep workload behavior monitoring, and 24/7 round-the-clock security monitoring for continuous protection across network and cloud environments.
Speak with us today to enjoy a FREE 1-month trial of our Data Loss Protection (DLP) to:
• Prevent sensitive data exposure across users and devices
• Gain visibility and control over data shared with GenAI tools
Let’s Get Started

Safeguard Against Insider Threats Now

Enjoy un-interrupted data protection through our 24/7 security monitoring and end-to-end ownership from LGA

Enquire Now

Explore

Resources

Solutions

Contact

Linkedin Facebook

All-in-One IT Solutions: Secure, Connected and Cloud-Ready with LGA

Subscribe to our Newsletter now!

© 2025 LGA Telecom Pte Ltd. All Rights Reserved.