17/06/2026
🚨URGENT ALERT 🚨FortiBleed Credential Leak
Thousands of Fortinet VPN device credentials have been exposed globally, with Jamaican domains identified among those affected. Organizations using Fortinet VPN solutions should review their security posture immediately, rotate credentials, and monitor for any signs of unauthorized access.
Stay informed and take proactive steps to protect your network.
🔗 Read the full advisory: https://cirt.gov.jm/alert/fortibleed-credential-leak-exposes-thousands-fortinet-vpn-devices-worldwide-jamaican-domains
12/06/2026
🚨URGENT ADVISORY 🚨 Update Chrome now. Google has released an emergency patch for an actively exploited zero-day vulnerability (CVE-2026-11645) affecting the Chrome browser. Users and organizations should update immediately to reduce their risk of compromise.
Read more: https://cirt.gov.jm/advisory/google-releases-emergency-patch-actively-exploited-chrome-zero-day-vulnerability-cve-2026
12/06/2026
🚨 URGENT ADVISORY!🚨 Beware of fake banking app updates.
The NFCShare Android malware is being spread through fraudulent banking app updates, putting users' financial data at risk. Only download apps and updates from trusted, official sources.
Read more: https://cirt.gov.jm/advisory/nfcshare-android-malware-distributed-through-fake-banking-app-updates-github
12/06/2026
🚨URENT ADVISORY! 🚨 Developers and security teams, take note.
The Shai-Hulud supply chain attack has compromised multiple PyPI packages, exposing developer secrets such as API keys, cloud credentials, and CI/CD tokens. This incident highlights the growing threat posed by malicious dependencies in open-source ecosystems.
Now is the time to review your software supply chain, audit dependencies, rotate exposed credentials, and strengthen security controls across development environments.
Read the full advisory: https://cirt.gov.jm/advisory/shai-hulud-supply-chain-attack-compromises-multiple-pypi-packages-steal-developer-secrets
09/06/2026
🚨 CIRT Division LEV Update: 6 New Vulnerabilities Added
Six (6) new vulnerabilities have been added to the CIRT LEV Catalogue—actively tracked for exploitation.
Organizations should review immediately, assess exposure, and prioritize remediation to reduce risk.
🔗https://cirt.gov.jm/page/locally-exploited-vulnerability-lev-catalogue
29/05/2026
🚨URGENT ADVISORY🚨Security researchers have identified ongoing attack activity targeting organizations that expose Remote Desktop Protocol (RDP) services directly to the public internet. Threat actors continue to abuse exposed RDP services as one of the most reliable and effective methods for gaining initial access to corporate networks.
Click here for more information👇
https://cirt.gov.jm/advisory/exposed-remote-desktop-protocol-rdp-services-continue-enable-unauthorized-network
29/05/2026
🚨URGENT ADVISORY🚨Security researchers have identified a sophisticated zero-click attack chain targeting WhatsApp users on vulnerable iOS 16 devices.
Click here for more information👇
https://cirt.gov.jm/advisory/zero-click-whatsapp-account-takeover-attack-targeting-ios-16-devices
29/05/2026
🚨URGENT ADVISORY🚨Cybersecurity researchers have disclosed a critical vulnerability tracked as CVE-2026-27771, affecting Gitea. The flaw allows unauthenticated attackers to retrieve private container images from vulnerable deployments without requiring authentication.
Click here for more information👇
https://cirt.gov.jm/advisory/gitea-vulnerability-could-allow-unauthenticated-access-private-container-images
21/05/2026
🚨URGENT ADVISORY🚨Security researchers have disclosed a new Linux kernel vulnerability dubbed “PinTheft,” which allows local attackers to escalate privileges to root by exploiting a double-free condition within the Linux kernel’s Reliable Datagram Sockets (RDS) zerocopy send functionality.
Click here for more information👇
https://cirt.gov.jm/advisory/pintheft-linux-kernel-vulnerability-could-allow-local-attackers-gain-root-access
21/05/2026
🚨URGENT ADVISORY🚨Security researchers have disclosed a critical vulnerability affecting the User Control Panel (UCP) component of the FreePBX platform. The vulnerability, tracked as CVE-2026-46376, stems from the presence of hard-coded credentials within the FreePBX userman module.
Click here for more information👇
https://cirt.gov.jm/advisory/critical-hard-coded-credential-vulnerability-freepbx-could-allow-unauthorized-access-user