Canadian Government Cyber Alerts

<article data-history-node-id="7782" about="/en/alerts-advisories/hpe-security-advisory-av26-543" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-543<br /><strong>Date: </strong>June 2, 2026</p> <p>On June 2, 2026, HPE published security advisories to address vulnerabilities, including some critical ones, in the following products:</p> <ul><li>HPE Telco Network Function Virtualization Orchestrator – version 7.6.0 and prior</li> <li>HPE Aruba Networking ArubaOS-CX Switches – version 10.16.1000 and prior</li> <li>HPE Aruba Networking ArubaOS-CX Switches – version 10.15.0005 and prior</li> <li>HPE Aruba Networking ArubaOS-CX Switches – version 10.13.1080 and prior</li> <li>HPE Aruba Networking ArubaOS-CX Switches – version 10.16.1000 and prior</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05062en_us&amp;docLocale=en_US ">HPESBNW05062 rev.1 – Status of OpenSSH Keystroke Obfuscation Bypass (CVE-2024-39894) on Aruba OS-CX</a></li> <li><a href="https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05060en_us&amp;docLocale=en_US">HPESBNW05060 rev.1 – HPE Telco Network Function Virtualization Orchestrator, Multiple Vulnerabilities</a></li> <li><a href="https://support.hpe.com/connect/s/securitybulletinlibrary?language=en_US ">HPE Security Bulletin Library</a></li> </ul><!–CUT & PASTE the French version info –></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7781" about="/en/alerts-advisories/mozilla-security-advisory-av26-542" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-542<br /><strong>Date: </strong>June 2, 2026</p> <p>On June 2, 2026, Mozilla published a security advisory to address vulnerabilities in the following product:</p> <ul><li>Firefox – versions prior to 151.0.3</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://www.mozilla.org/en-US/security/advisories/mfsa2026-54/">Mozilla Foundation Security Advisory 2026-54 </a></li> <li><a href="https://www.mozilla.org/en-US/security/advisories/">Mozilla Security Advisories</a></li> </ul><!–CUT & PASTE the French version info –></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7780" about="/en/alerts-advisories/jetbrains-security-advisory-av26-541" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-541<br /><strong>Date: </strong>June 2, 2026</p> <p>On May 29, 2026, JetBrains published security advisories to address vulnerabilities in the following products:</p> <ul><li>JetBrains IntelliJ IDEA – versions prior to 2026.1.1</li> <li>JetBrains TeamCity – versions prior to 2026.1.1 and 2025.11.5</li> <li>JetBrains YouTrack – versions prior to 2026.1.13162</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <p class="mrgn-bttm-md"> </p> <ul class="list-unstyled"><li><a href="https://www.jetbrains.com/privacy-security/issues-fixed/"><span lang="en" xml:lang="en" xml:lang="en">JetBrains – Fixed security issues</span></a></li> </ul><!–CUT & PASTE the French version info –></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7779" about="/en/alerts-advisories/control-systems-siemens-security-advisory-av26-540" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-540<br /><strong>Date:</strong> June 2, 2026</p> <p>On June 2, 2026, Siemens published a security advisory to address critical vulnerabilities in the following product:</p> <ul><li>RUGGEDCOM RST2428P (6GK6242-6PA00) – versions prior to V4.0</li> </ul><p>The Cyber Centre encourages users and administrators to review the web links provided, perform the suggested mitigations and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://cert-portal.siemens.com/productcert/html/ssa-253495.html">SSA-253495: <span lang="en" xml:lang="en" xml:lang="en">Multiple Vulnerabilities in</span> SINEC OS <span lang="en" xml:lang="en" xml:lang="en">before</span> V4.0</a></li> <li><a href="https://www.siemens.com/global/en/products/services/cert.html">Siemens Security Advisories</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7777" about="/en/alerts-advisories/android-security-advisory-june-2026-monthly-rollup-av26-538" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-538<br /><strong>Date: </strong>June 2, 2026</p> <p>On June 1, 2026, Android published a security bulletin to address vulnerabilities affecting Android devices.</p> <p>The vendor indicates that CVE-2025-48595 may be under limited, targeted exploitation.</p> <p><strong>Update 1</strong><br /> On June 2, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-48595 to their Known Exploited Vulnerabilities (KEV) Database.</p> <p>The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://source.android.com/docs/security/bulletin/2026/2026-06-01">Android Security Bulletin</a></li> <li><a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48595">CISA KEV: CVE-2025-48595</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7778" about="/en/alerts-advisories/hp-security-advisory-av26-539" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-539<br /><strong>Date: </strong>June 2, 2026</p> <p>On June 1, 2026, HP published a security advisory to address a critical vulnerability in the following products:</p> <ul><li>HP Poly VVX – versions prior to UCS 6.4.8 – Pending</li> <li>HP Poly Trio 8300 – versions prior to UCS 8.1.7</li> <li>HP Poly Trio 8500 – versions prior to UCS 7.2.8</li> <li>HP Poly Trio 8800 – versions prior to UCS 7.2.8</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates, once available.</p> <ul class="list-unstyled"><li><a href="https://support.hp.com/us-en/document/ish_15052661-15052687-16/hpsbpy04083">Poly Voice – Possible Remote Control of Certain Poly Devices</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7776" about="/en/alerts-advisories/samsung-mobile-security-advisory-av26-537" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-537<br /><strong>Date:</strong> June 2, 2026</p> <p>On June 2, 2026, Samsung published a security update to address vulnerabilities in the following product:</p> <ul><li>Samsung mobile devices – versions prior to SMR-JUN-2026</li> </ul><p>The most recent security update resolves multiple identified vulnerabilities.</p> <p>The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update.</p> <ul class="list-unstyled"><li><a href="https://security.samsungmobile.com/securityUpdate.smsb?year=2026&amp;month=06">Samsung Security Updates</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7775" about="/en/alerts-advisories/broadcom-vmware-security-advisory-av26-536" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-536<br /><strong>Date: </strong>June 1, 2026</p> <p>On May 29, 2026, Broadcom published a security advisory to address vulnerabilities in the following product. Included were critical updates for the following:</p> <ul><li>VMware Tanzu for Valkey – versions prior to 7.2.13</li> <li>VMware Tanzu for Valkey – versions prior to 8.0.9</li> <li>VMware Tanzu for Valkey – versions prior to 8.1.7</li> <li>VMware Tanzu for Valkey – versions prior to 9.0.4</li> </ul><p>The Cyber Centre encourages users and administrators to review the web links provided and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37556">Product Release Advisory – VMware Tanzu for Valkey 7.2.13, 8.0.9, 8.1.7, 9.0.4</a></li> <li><a href="https://support.broadcom.com/web/ecx/security-advisory?segment=VT">Security Advisories – VMware Cloud Foundation</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7774" about="/en/alerts-advisories/qualcomm-security-advisory-june-2026-monthly-rollup-av26-535" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-535<br /><strong>Date: </strong>June 1, 2026</p> <p>On June 1, 2026, Qualcomm published a security bulletin to address vulnerabilities affecting Qualcomm products.</p> <p>The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://docs.qualcomm.com/securitybulletin/june-2026-bulletin.html">Qualcomm Security Bulletin – June</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="5369" about="/en/alerts-advisories/oracle-security-advisory-july-2024-quarterly-rollup-av24-401" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><!–{C}%3C!%2D%2D***************************************************%20START%20ADVISORY%20-English-%20******************************************************%2D%2D%3E–></p> <p><strong>Serial number: </strong>AV24-401<br /><!–{C}%3C!%2D%2D%20DATES%20Pick%20one%20update%20the%20day%20xx%2C%20delete%20the%20rest%20%2D%2D%3E–><strong>Date: </strong>July 17, 2024<br /><strong>Updated: </strong>June 1, 2026</p> <p>On July 16, 2024, Oracle published a security advisory to address vulnerabilities in multiple products. Included were critical updates for the following:</p> <ul><li>Oracle Analytics</li> <li>Oracle Communications Applications</li> <li>Oracle Communications</li> <li>Oracle Financial Services Application</li> <li>Oracle Fusion Middleware</li> <li>Oracle MySQL</li> <li>Oracle Siebel CRM</li> </ul><h2 class="h3">Update 1</h2> <p>On June 1, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2024-21182 to their Known Exploited Vulnerabilities (KEV) Database.</p> <p>The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://www.oracle.com/security-alerts/cpujul2024.html">Oracle Critical Patch Update Advisory – July 2024</a></li> <li><a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-21182">CISA KEV: CVE-2024-21182</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7772" about="/en/alerts-advisories/plesk-security-advisory-av26-534" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-534<br /><strong>Date:</strong> June 1, 2026</p> <p>On May 27, 2026, Plesk published a security advisory to address a vulnerability in the following product:</p> <ul><li>Plesk for Linux – versions prior to 18.0.75.1</li> <li>Plesk for Linux – versions prior to 18.0.76.2</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://support.plesk.com/hc/en-us/articles/38633651286679-Vulnerability-CVE-2026-44962-in-Plesk-s-APS-Catalog">Vulnerability CVE-2026-44962 in Plesk’s APS Catalog</a></li> <li><a href="https://support.plesk.com/hc/en-us">Plesk Support</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7771" about="/en/alerts-advisories/ivanti-security-advisory-av26-533" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-533<br /><strong>Date: </strong>June 1, 2026</p> <p>On June 1, 2026, Ivanti published a security advisory to address a vulnerability in the following products:</p> <ul><li>Ivanti Neurons for ITSM (On-Premises) – version 2025.4 and prior</li> <li>Ivanti Neurons for ITSM (Cloud) – version 2026.1 and prior</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2026-9614?language=en_US">Security Advisory Ivanti Neurons for ITSM (CVE-2026-9614)</a></li> <li><a href="https://forums.ivanti.com/s/searchallcontent?language=en_US#tab=All&amp;sortCriteria=date%20descending&amp;f-sfkbknowledgearticletypec=Security%20Advisory">Ivanti Security Advisories</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7770" about="/en/alerts-advisories/mozilla-security-advisory-av26-532" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-532<br /><strong>Date: </strong>June 1, 2026</p> <p>On June 1, 2026, Mozilla published a security advisory to address vulnerabilities in the following product:</p> <ul><li>Firefox for iOS – versions prior to 151.2</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://www.mozilla.org/en-US/security/advisories/mfsa2026-53/">Mozilla Foundation Security Advisory 2026-53</a></li> <li><a href="https://www.mozilla.org/en-US/security/advisories/">Mozilla Security Advisories</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7769" about="/en/alerts-advisories/red-hat-security-advisory-av26-531" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-531<br /><strong>Date: </strong>June 1, 2026</p> <p>Between May 25 and 31, 2026, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:</p> <ul><li>Red Hat CodeReady Linux Builder – multiple versions and platforms</li> <li>Red Hat Enterprise Linux – multiple versions and platforms</li> <li>Red Hat Enterprise Linux Server – multiple versions and platforms</li> <li>Red Hat Enterprise Linux for Real Time – multiple versions and platforms</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://access.redhat.com/security/security-updates/security-advisories">Red Hat Security Advisories</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7768" about="/en/alerts-advisories/control-systems-cisa-ics-security-advisories-av26-530" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number:</strong> AV26–530<br /><strong>Date:</strong> June 1, 2026</p> <p>Between May 25 and 31, 2026, CISA published ICS advisories to address vulnerabilities in the following products:</p> <ul><li>ABB AC500 V2 – versions prior to 2.5.2 and 2.5.3</li> <li>ABB Ability Camera Connect – versions prior to 1.5.0.14 and 1.5.0.15</li> <li>ABB Ability Zenon – versions 7.50 to 14</li> <li>ABB B&amp;R Automation Runtime – versions prior to 6.3 and Q4.93</li> <li>ABB EIBPORT V3 KNX (2CLA963710W1001) / (2CSM256242R2001) – versions prior to 3.9.2</li> <li>ABB EIBPORT V3 KNX GSM (2CLA963720W1001) – versions prior to 3.9.2</li> <li>ABB LVS MConfig – versions 1.4.9.21 and prior</li> <li>CP Plus 8 Ch. Network Video Recorder – multiple versions</li> <li>Eppendorf BioFlo 320 – all versions</li> <li>Frontier X Android application – versions prior to v15.0.0</li> <li>Frontier X IOS application– versions prior to v25.0.0</li> <li>Frontier X2 – all versions</li> <li>Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter – version 7.03T.07</li> <li>KMW CCTV Security Cameras – versions KM-IP521 IPCAM_V4.04.91.230307 and KM-IP421 IPCAM_V4.04.53.210416</li> <li>MacGregor Voyage Data Recorder (VDR) G4e – versions prior to V5.250</li> <li>Schneider Electric EcoStruxure Machine Expert HVAC – versions prior to 1.10.0</li> <li>Switch Actuator 4 DU – all versions</li> <li>Switch Actuator, door/light 4 DU – all versions</li> <li>Terra AC Wallbox – multiple versions and models</li> <li>XCharge C6 – version C6</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.</p> <ul class="list-unstyled"><li><a href="https://www.cisa.gov/news-events/ics-advisories">CISA ICS Advisories</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7767" about="/en/alerts-advisories/ubuntu-security-advisory-av26-529" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number:</strong> AV26-529<br /><strong>Date:</strong> June 1, 2026</p> <p>Between May 25 and 31, 2026, Ubuntu published security notices to address vulnerabilities in the Linux kernel affecting the following products:</p> <ul><li>Ubuntu 20.04 LTS</li> <li>Ubuntu 22.04 LTS</li> <li>Ubuntu 24.04 LTS</li> <li>Ubuntu 25.10</li> </ul><p>The Cyber Centre encourages users and administrators to review the web links provided and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://ubuntu.com/security/notices/USN-8305-2">USN-8305-2: Linux kernel (Low Latency) vulnerabilities</a></li> <li><a href="https://ubuntu.com/security/notices/USN-8305-1">USN-8305-1: Linux kernel (Intel IoTG Real-time) vulnerabilities</a></li> <li><a href="https://ubuntu.com/security/notices/USN-8310-1">USN-8310-1: Linux kernel (Azure) vulnerabilities</a></li> <li><a href="https://ubuntu.com/security/notices">Ubuntu Security Notices</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7766" about="/en/alerts-advisories/dell-security-advisory-av26-528" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number:</strong> AV26-528<br /><strong>Date:</strong> June 1, 2026</p> <p>Between May 25 and 31, 2026, Dell published security advisories to address vulnerabilities in multiple products:</p> <ul><li>PowerEdge Server Chipset Driver – multiple applications and versions</li> <li>Data Lakehouse – versions prior to 1.8.0.0</li> <li>Dell Enterprise SONiC Distribution – versions prior to 4.5.2</li> <li>Dell Unity – versions prior to 5.5.4</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://www.dell.com/support/kbdoc/en-ca/000469673/dsa-2026-232-security-update-for-amd-based-poweredge-server-chipset-driver-vulnerabilities">DSA-2026-232: Security Update for AMD-based PowerEdge Server Chipset Driver Vulnerabilities</a></li> <li><a href="https://www.dell.com/support/kbdoc/en-ca/000469911/dsa-2026-199-security-update-for-dell-data-lakehouse-multiple-third-party-component-vulnerabilities">DSA-2026-199: Security Update for Dell Data Lakehouse Multiple Third-Party Component Vulnerabilities</a></li> <li><a href="https://www.dell.com/support/kbdoc/en-ca/000470137/dsa-2026-241-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities">DSA-2026-241: Security Update for Dell Enterprise SONiC Distribution Vulnerabilities</a></li> <li><a href="https://www.dell.com/support/kbdoc/en-ca/000470814/dsa-2026-211—security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities">DSA-2026-211 -: Security Update for Dell Unity, Dell UnityVSA and Dell Unity XT Security Update for Multiple Vulnerabilities</a></li> <li><a href="https://www.dell.com/support/security/en-ca">Dell Security advisories and notices</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7765" about="/en/alerts-advisories/ibm-security-advisory-av26-527" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-527<br /><strong>Date: </strong>June 1, 2026</p> <p>Between May 25 and 31, 2026, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:</p> <ul><li>IBM Aspera Enterprise WebApps – versions 1.0.0 to 1.0.2.1</li> <li>IBM Business Automation Workflow containers and traditional – multiple versions</li> <li>IBM Cloud Pak for Business Automation – multiple versions</li> <li>IBM Cloud Pak for Security – versions 1.10.0.0 to 1.10.11.0</li> <li>IBM Control Center – multiple versions</li> <li>IBM DataStax Enterprise – versions 5.1, 6.7, 6.8 and 6.9</li> <li>IBM Edge Application Manager – multiple versions</li> <li>IBM Engineering Lifecycle Management – Jazz Foundation – multiple versions</li> <li>IBM Library Support for Spring – version 3.3</li> <li>IBM License Metric Tool – versions 9.2.0 to 9.2.43</li> <li>IBM Maximo Application Suite – Monitor Component – version 9.1.0.0</li> <li>IBM Observability with Instana (Agent) – versions Build 1.0.303 to 1.0.318</li> <li>IBM Process Mining – versions 2.0.0 to 2.1.1 IF001</li> <li>IBM Security SOAR – multiple versions</li> <li>IBM Tivoli Application Dependency Discovery Manager – versions 7.3.0.0 to 7.3.0.12</li> <li>QRadar Suite Software – versions 1.10.12.0 to 1.11.10.0</li> <li>WebSphere Service Registry and Repository – version 8.5</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://www.ibm.com/support/pages/bulletin/">IBM Product Security Incident Response</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7686" about="/en/alerts-advisories/microsoft-security-advisory-may-2026-monthly-rollup-av26-456" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-456<br /><strong>Date: </strong>May 12, 2026<br /><strong>Updated:</strong> June 1, 2026</p> <p>On May 12, 2026, Microsoft published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products:</p> <ul><li>.NET 10.0 installed on Linux</li> <li>.NET 10.0 installed on Mac OS</li> <li>.NET 10.0 installed on Windows</li> <li>.NET 8.0 installed on Linux</li> <li>.NET 8.0 installed on Mac OS</li> <li>.NET 8.0 installed on Windows</li> <li>.NET 9.0 installed on Linux</li> <li>.NET 9.0 installed on Mac OS</li> <li>.NET 9.0 installed on Windows</li> <li>Azure AI Foundry</li> <li>Azure Cloud Shell</li> <li>Azure Connected Machine Agent</li> <li>Azure DevOps</li> <li>Azure Logic Apps</li> <li>Azure Machine Learning</li> <li>Azure Managed Instance for Apache Cassandra</li> <li>Azure Monitor Action Group notification system</li> <li>Azure Monitor Agent</li> <li>Azure Monitor Agent Metrics Extension</li> <li>Azure SDK for Java</li> <li>Copilot Chat (Microsoft Edge)</li> <li>Dynamics 365 Customer Insights</li> <li>M365 Copilot for Desktop</li> <li>Microsoft .NET Framework 3.5</li> <li>Microsoft .NET Framework 3.5 AND 4.7.2</li> <li>Microsoft .NET Framework 3.5 AND 4.8</li> <li>Microsoft .NET Framework 3.5 AND 4.8.1</li> <li>Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2</li> <li>Microsoft .NET Framework 4.8</li> <li>Microsoft 365</li> <li>Microsoft 365 Copilot for Android</li> <li>Microsoft 365 Copilot’s Business Chat</li> <li>Microsoft Confluence SAML SSO plugin</li> <li>Microsoft Data Formulator</li> <li>Microsoft Dynamics 365</li> <li>Microsoft Dynamics 365 Business Central</li> <li>Microsoft Edge (Chromium-based)</li> <li>Microsoft Enterprise Security Token Service (ESTS)</li> <li>Microsoft Excel 2016</li> <li>Microsoft Excel for Android</li> <li>Microsoft JIRA SAML SSO plugin</li> <li>Microsoft Office 2016</li> <li>Microsoft Office 2019</li> <li>Microsoft Office LTSC 2021</li> <li>Microsoft Office LTSC 2024</li> <li>Microsoft Office LTSC for Mac 2021</li> <li>Microsoft Office LTSC for Mac 2024</li> <li>Microsoft Office for Android</li> <li>Microsoft Outlook for iOS</li> <li>Microsoft Partner Center</li> <li>Microsoft PowerPoint for Android</li> <li>Microsoft SQL Server 2016</li> <li>Microsoft SQL Server 2017</li> <li>Microsoft SQL Server 2019</li> <li>Microsoft SQL Server 2022</li> <li>Microsoft SQL Server 2025</li> <li>Microsoft SharePoint Enterprise Server 2016</li> <li>Microsoft SharePoint Server 2019</li> <li>Microsoft SharePoint Server Subscription Edition</li> <li>Microsoft Teams</li> <li>Microsoft Teams for Android</li> <li>Microsoft Visual Studio 2017</li> <li>Microsoft Visual Studio 2019</li> <li>Microsoft Visual Studio 2022</li> <li>Microsoft Visual Studio 2026</li> <li>Microsoft Word 2016</li> <li>Microsoft Word for Android</li> <li>Office Online Server</li> <li>Power Automate for Desktop</li> <li>Visual Studio Code</li> <li>Visual Studio Code – Live Preview extension</li> <li>Windows 10</li> <li>Windows 11</li> <li>Windows Admin Center</li> <li>Windows Admin Center in Azure Portal</li> <li>Windows Server 2012</li> <li>Windows Server 2016</li> <li>Windows Server 2019</li> <li>Windows Server 2025</li> </ul><h2>Update 1</h2> <p>On May 21, 2026, Microsoft published an out-of-band (OOB) security update to address CVE-2026-45659, an additional vulnerability impacting Microsoft SharePoint Enterprise Server 2019, Microsoft SharePoint Server 2016 and Microsoft SharePoint Server Subscription Edition. The CVE was inadvertently omitted from the May 2026 Security Updates.</p> <h2>Update 2</h2> <p>Open-source reporting indicates that CVE-2026-41089 is being exploited in the wild.</p> <p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://msrc.microsoft.com/update-guide/releaseNote/2026-May">May 2026 Security Updates</a></li> <li><a href="https://msrc.microsoft.com/update-guide/en-us">Security Update Guide</a></li> <li><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659">Microsoft SharePoint Remote Code Execution Vulnerability CVE-2026-45659</a></li> <li><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41089">Windows Netlogon Remote Code Execution Vulnerability CVE-2026-41089</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7694" about="/en/alerts-advisories/palo-alto-networks-security-advisory-av26-462" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-462<br /><strong>Date: </strong>May 13, 2026<br /><strong>Updated:</strong> May 29, 2026</p> <p>On May 13, 2026, Palo Alto Networks published security advisories to address vulnerabilities in the following products:</p> <ul><li>PAN-OS 12.1 – versions prior to 12.1.4-h5</li> <li>PAN-OS 12.1 – versions prior to 12.1.7</li> <li>PAN-OS 11.2 – multiple versions</li> <li>PAN-OS 11.1 – multiple versions</li> <li>PAN-OS 10.2 – multiple versions</li> </ul><p><strong>Update 1</strong></p> <p>On May 29, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-0257 to their Known Exploited Vulnerabilities (KEV) Database.</p> <p>Impacted products for CVE-2026-0257:</p> <ul><li>PAN-OS 12.1 – versions prior to 12.1.4-h6</li> <li>PAN-OS 12.1 – versions prior to 12.1.7</li> <li>PAN-OS 11.2 – multiple versions</li> <li>PAN-OS 11.1 – multiple versions</li> <li>PAN-OS 10.2 – multiple versions</li> <li>Prisma Access 11.2.0 – versions prior to 11.2.7-h13</li> <li>Prisma Access 10.2.0 – versions prior to 10.2.10-h36</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://security.paloaltonetworks.com/CVE-2026-0265">CVE-2026-0265 PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled</a></li> <li><a href="https://security.paloaltonetworks.com/CVE-2026-0264">CVE-2026-0264 PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution</a></li> <li><a href="https://security.paloaltonetworks.com/CVE-2026-0263">CVE-2026-0263 PAN-OS: Remote Code Execution (RCE) in IKEv2 Processing</a></li> <li><a href="https://security.paloaltonetworks.com/">Palo Alto Network Security Advisories</a></li> <li><a href="https://security.paloaltonetworks.com/CVE-2026-0257">CVE-2026-0257 PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities</a></li> <li><a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0257">CISA KEV: CVE-2026-0257</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7763" about="/en/alerts-advisories/al26-013-security-incident-impacting-github-internal-repositories" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Number:</strong> AL26-013<br /><strong>Date:</strong> May 29, 2026</p> <h2>Audience</h2> <p>This Alert is intended for <abbr title="information technology">IT</abbr> professionals and managers.</p> <h2>Purpose</h2> <p>An Alert is used to raise awareness of a recently identified cyber threat that may impact cyber information assets, and to provide additional detection and mitigation advice to recipients. The Canadian Centre for Cyber Security ("Cyber Centre") is also available to provide additional assistance regarding the content of this Alert to recipients as requested.</p> <h2>Details</h2> <p>On <span class="nowrap">May 18, 2026</span>, GitHub detected unauthorized access to its internal systems originating from a compromised employee device<sup id="fn1-rf"><a class="fn-lnk" href="#fn1"><span class="wb-inv">Footnote </span>1</a></sup>. The intrusion was facilitated by a maliciously modified version of the Nx Console Visual Studio Code extension (version 18.95.0)<sup id="fn2-rf"><a class="fn-lnk" href="#fn2"><span class="wb-inv">Footnote </span>2</a></sup>. The attacker successfully exfiltrated approximately <span class="nowrap">3,800</span> internal GitHub repositories, containing proprietary source code and internal configuration data. GitHub Enterprise Server customers are advised to follow vendors recommendations. No action is required for GitHub Enterprise Cloud clients.</p> <p>In response to this security incident, and the release of the GitHub Security Notification, the Cyber Centre released <span class="nowrap">AV26-512</span> on <span class="nowrap">May 27, 2026<sup id="fn3-rf"><a class="fn-lnk" href="#fn3"><span class="wb-inv">Footnote </span>3</a></sup></span>.</p> <p>The purpose of this alert is to increase awareness of the reported incident and to take necessary measures.</p> <h2>Suggested actions</h2> <p>The Cyber Centre suggests the following actions:</p> <ul><li>Monitor for compromise by reviewing CI/CD (Continuous Integration/Continuous Deployment) logs for unexpected repository access/cloning, unauthorized admin actions, authentication/access control changes, unauthorized pushes or orphan commits, and suspicious commits after May 18, 2026 — especially from bot/service accounts (e.g., ci-bot, build-bot).</li> <li>Remove Nx Console v18.95.0 from all environments and downgrade/upgrade to a known good version (18.94.0 or 18.96.0+).</li> <li>If the malicious version of Nx Console is present: <ul><li>Check macOS systems for <code>~/.local/share/kitty/cat.py</code> and related persistence (launch agents)</li> <li>Immediately rotate all credentials (AWS, GCP, Azure, GitHub, npm) exposed on developer machines between <span class="nowrap">May 11–20, 2026.</span></li> </ul></li> <li>Strengthen controls by disabling IDE extension auto-updates in high-security environments and enforcing an approved allowlist of developer tools.</li> <li>Rotate GitHub Enterprise Server GPG (GNU Privacy Guard) public keys per vendor guidance, as future patches/releases require the new key before installation.</li> </ul><p>In addition, the Cyber Centre strongly recommends that organizations review and implement the Cyber Centre’s Top 10 <abbr title="information technology">IT</abbr> Security Actions with an emphasis on the following topics<sup id="fn4-rf"><a class="fn-lnk" href="#fn4"><span class="wb-inv">Footnote </span>4</a></sup>.</p> <ul><li>Patch operating systems and applications</li> <li>Harden operating systems and applications</li> <li>Isolate web-facing applications</li> </ul><p>Should activity matching the content of this alert be discovered, recipients are encouraged to report via <a href="/en/incident-management">My Cyber Portal</a>, or email <a href="mailto:contact@cyber.gc.ca">contact@cyber.gc.ca</a>.</p> <!–FOOTNOTE SECTION EN–> <aside class="wb-fnote" role="note"><h2 id="reference">References</h2> <dl><dt>Footnote 1</dt> <dd id="fn1"> <p><a href="https://github.blog/security/investigating-unauthorized-access-to-githubs-internal-repositories/">Investigation update: GitHub Enterprise Server signing key rotation</a></p> <p class="fn-rtn"><a href="#fn1-rf"><span class="wb-inv">Return to footnote</span>1<span class="wb-inv"> referrer</span></a></p> </dd> <dt>Footnote 2</dt> <dd id="fn2"> <p><a href="https://nx.dev/blog/nx-console-v18-95-0-postmortem">Postmortem: Nx Console v18.95.0 supply-chain compromise</a></p> <p class="fn-rtn"><a href="#fn2-rf"><span class="wb-inv">Return to footnote</span>2<span class="wb-inv"> referrer</span></a></p> </dd> <dt>Footnote 3</dt> <dd id="fn3"> <p><a href="/en/alerts-advisories/github-security-advisory-av26-512">AV26-512 – GitHub security advisory</a></p> <p class="fn-rtn"><a href="#fn3-rf"><span class="wb-inv">Return to footnote</span>3<span class="wb-inv"> referrer</span></a></p> </dd> <dt>Footnote 4</dt> <dd id="fn4"> <p><a href="/en/guidance/top-10-it-security-actions-protect-internet-connected-networks-and-information-itsm10089">Top 10 <abbr title="information technology">IT</abbr> security actions to protect Internet connected networks and information (ITSM.10.089)</a></p> <p class="fn-rtn"><a href="#fn4-rf"><span class="wb-inv">Return to footnote</span>4<span class="wb-inv"> referrer</span></a></p> </dd> </dl></aside></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7761" about="/en/alerts-advisories/oracle-security-advisory-av26-526" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-526 <br /><strong>Date:</strong> May 29, 2026</p> <p>On May 28, 2026, Oracle published a security advisory to address critical vulnerabilities in the following products:</p> <ul><li>Oracle Communications Unified Assurance – versions 6.1.1 to 7.0.0</li> <li>Oracle Database Server – versions 23.4.0 to 23.26.2</li> <li>Oracle E-Business Suite – versions 12.2.3 to 12.2.15</li> <li>Oracle Hospitality OPERA 5 Property Services – versions 5.6.19.24, 5.6.22, 5.6.25.19, 5.6.27.6 and 5.6.28</li> <li>Oracle REST Data Services – versions 24.2.0 to 26.1.0</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web links and perform the suggested mitigations.</p> <ul class="list-unstyled"><li><a href="https://www.oracle.com/security-alerts/cspumay2026.html">Oracle Critical Security Patch Update Advisory – May 2026</a></li> <li><a href="https://www.oracle.com/security-alerts/">Oracle Critical Patch Updates, Security Alerts and Bulletins</a></li> </ul><!–CUT & PASTE the French version info –></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7760" about="/en/alerts-advisories/microsoft-edge-security-advisory-av26-525" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-525<br /><strong>Date:</strong> May 29, 2026</p> <p>On May 28, 2026, Microsoft published a security update to address vulnerabilities in the following product:</p> <ul><li>Microsoft Edge Stable Channel – versions prior to 148.0.3967.96</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update.</p> <ul class="list-unstyled"><li><a href="https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#may-28-2026">Microsoft Edge Stable Channel Release Notes</a></li> </ul><!–CUT & PASTE the French version info –></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7759" about="/en/alerts-advisories/mitel-security-advisory-av26-524" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-524<br /><strong>Date: </strong>May 28, 2026</p> <p>On May 28, 2026, Mitel published a security advisory to address vulnerabilities in the following products:</p> <ul><li>Mitel Standard Linux – versions 12.x and prior</li> <li>MiVoice 5000 – versions 8.x and prior</li> <li>MiVoice Border Gateway – versions 11.6.x, 12.x and prior</li> <li>MiVoice Business – versions 10.1.x to 10.5.x</li> <li>MiVoice Business Solution Virtual Instance – versions 2.x and prior</li> <li>MiVoice MX-ONE – versions 7.3 to 7.8 and version 8.x and prior</li> <li>OpenScape 4000 – versions V10 R1.x, V11 R0.22, V11 R1.26 and prior</li> <li>OpenScape Branch – versions V10.3 and V11.x and prior</li> <li>OpenScape SBC – versions V10.3 and V11.x and prior</li> <li>OpenScape Voice Server – versions V9R3 JITC, V10, V11 and prior</li> <li>MiCollab – versions 10.x and prior</li> <li>MiCloud Management Portal – versions 6.3.x and prior</li> <li>Mitel Open Integration Gateway – versions 4.3.x and prior</li> <li>Mitel Performance Analytics MPA – versions 3.6x and prior</li> <li>OpenScape Contact Media Service (used by Mitel CX and OpenScape Contact Center) – versions V12Rx and prior</li> <li>Mitel SIP DECT – versions 9.1, 9.2, 10.0, 10.1 and prior</li> <li>OpenScape Xpert Clients 6010P – versions V7, V8 and prior</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2026-0004">Linux Kernel Local Privilege Escalation Vulnerabilities "Dirty Frag" (CVE-2026-43284, CVE-2026-43500)</a></li> <li><a href="https://www.mitel.com/support/security-advisories">Mitel Security Bulletins</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7758" about="/en/alerts-advisories/tanium-security-advisory-av26-523" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-523<br /><strong>Date: </strong>May 28, 2026</p> <p>On May 27, 2026, Tanium published security advisories to address vulnerabilities in the following products:</p> <ul><li>Connect 2024H2 – versions prior to Update 25 (v5.26.191)</li> <li>Connect 2025H1 – versions prior to Update 19 (v5.29.237)</li> <li>Connect 2025H2 – versions prior to Update 9 (v5.37.140)</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://security.tanium.com/TAN-2026-015/ ">Tanium Security Advisories – TAN-2026-015</a></li> <li><a href="https://security.tanium.com/TAN-2026-014/">Tanium Security Advisories – TAN-2026-014</a></li> <li><a href="https://security.tanium.com/">Tanium Security Advisories</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7757" about="/en/alerts-advisories/erlang-security-advisory-av26-522" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-522<br /><strong>Date: </strong>May 28, 2026</p> <p>On May 27, 2026, Erlang published security advisories to address vulnerabilities in the following products:</p> <ul><li>OTP – versions prior to 29.0.1, 28.5.0.1, 27.3.4.12 and 26.2.5.21</li> <li>Public_key (OTP) – versions prior to 1.21.1, 1.20.3.1, 1.17.1.3 and 1.15.1.7</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://github.com/erlang/otp/security/advisories/GHSA-22cw-4ph4-6447">Name Constraints and Subject CommonName Fallback in TLS hostname Verification</a></li> <li><a href="https://github.com/erlang/otp/security/advisories/GHSA-c99q-jmpx-v8qq">public_key Accepts non-CA Certificate as Intermediate Issuer, Enabling Chain Forgery</a></li> <li><a href="https://github.com/erlang/otp/security/advisories/GHSA-cjxj-wj6x-3fff">OCSP Responder Certificate Accepted After Expiry in public_key</a></li> <li><a href="https://github.com/erlang/otp/security">Erlang Security</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7755" about="/en/alerts-advisories/notepad-security-advisory-av26-521" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-521<br /><strong>Date:</strong> May 28, 2026</p> <p>On May 26, 2026, Notepad++ published a security advisory to address vulnerabilities in the following product:</p> <ul><li>Notepad++ – versions prior to v8.9.6.1</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://notepad-plus-plus.org/news/v8961-released/">Notepad++ v8.9.6.1 release</a></li> <li><a href="https://community.notepad-plus-plus.org/category/1/announcements">Notepad++ community</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7754" about="/en/alerts-advisories/zimbra-security-advisory-av26-520" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-520<br /><strong>Date: </strong>May 28, 2026</p> <p>On May 28, 2026, Zimbra published a security advisory to address vulnerabilities in the following product:</p> <ul><li>Zimbra Daffodil – versions prior to v10.1.17</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.17">Zimbra Daffodil (v10.1.17) Patch Release</a></li> <li><a href="https://blog.zimbra.com/">Zimbra Patch Release Updates</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7753" about="/en/alerts-advisories/veeam-security-advisory-av26-519" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-519<br /><strong>Date: </strong>May 28, 2026</p> <p>On May 27, 2026, Veeam published security advisories to address vulnerabilities in the following products:</p> <ul><li>Veeam Backup for AWS 10.1 – versions prior to 10.1.0.40</li> <li>Veeam Backup for Google Cloud 7.0.1 – versions prior to 7.0.1.4</li> <li>Veeam Backup for Microsoft Azure 8.1 Patch 2 – versions prior to 8.0.236</li> <li>Veeam Recovery Orchestrator – versions prior to 13.0.2.27</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://www.veeam.com/kb4857">List of Security Fixes and Improvements in Veeam Recovery Orchestrator</a></li> <li><a href="https://www.veeam.com/kb4851">Release Information for Veeam Backup for AWS 10.1</a></li> <li><a href="https://www.veeam.com/kb4859">Release Information for Veeam Backup for Google Cloud 7.0.1 </a></li> <li><a href="https://www.veeam.com/kb4850">Release Information for Veeam Backup for Microsoft Azure 8.1 Patch 2 </a></li> <li><a href="https://www.veeam.com/knowledge-base.html">Veeam Knowledge Base</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7752" about="/en/alerts-advisories/drupal-security-advisory-av26-518" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-518<br /><strong>Date: </strong>May 28, 2026</p> <p>On May 27, 2026, Drupal published a security advisory to address a critical vulnerability in the following product:</p> <ul><li>Drupal AlternativeCommerce (Basket) – versions prior to 2.1.17</li> </ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates or perform the suggested mitigations.</p> <ul class="list-unstyled"><li><a href="https://www.drupal.org/sa-contrib-2026-038 ">Drupal AlternativeCommerce (Basket) – Highly critical – Arbitrary PHP code execution – SA-CONTRIB-2026-038</a></li> <li><a href="https://www.drupal.org/security">Drupal Security Advisories</a></li> </ul></div> </div> </div> </div> </div> </article>