Canadian Centre for Cyber Security Alerts & Advisories

<article data-history-node-id="7782" about="/en/alerts-advisories/hpe-security-advisory-av26-543" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-543<br /><strong>Date: </strong>June 2, 2026</p> <p>On June 2, 2026, HPE published security advisories to address vulnerabilities, including some critical ones, in the following products:</p> <ul><li>HPE Telco Network Function Virtualization Orchestrator – version 7.6.0 and prior</li> <li>HPE Aruba Networking ArubaOS-CX Switches – version 10.16.1000 and prior</li> <li>HPE Aruba Networking ArubaOS-CX Switches – version 10.15.0005 and prior</li> <li>HPE Aruba Networking ArubaOS-CX Switches – version 10.13.1080 and prior</li> <li>HPE Aruba Networking ArubaOS-CX Switches – version 10.16.1000 and prior</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05062en_us&amp;docLocale=en_US ">HPESBNW05062 rev.1 – Status of OpenSSH Keystroke Obfuscation Bypass (CVE-2024-39894) on Aruba OS-CX</a></li> <li><a href="https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05060en_us&amp;docLocale=en_US">HPESBNW05060 rev.1 – HPE Telco Network Function Virtualization Orchestrator, Multiple Vulnerabilities</a></li> <li><a href="https://support.hpe.com/connect/s/securitybulletinlibrary?language=en_US ">HPE Security Bulletin Library</a></li> </ul><!–CUT & PASTE the French version info –></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7781" about="/en/alerts-advisories/mozilla-security-advisory-av26-542" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-542<br /><strong>Date: </strong>June 2, 2026</p> <p>On June 2, 2026, Mozilla published a security advisory to address vulnerabilities in the following product:</p> <ul><li>Firefox – versions prior to 151.0.3</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://www.mozilla.org/en-US/security/advisories/mfsa2026-54/">Mozilla Foundation Security Advisory 2026-54 </a></li> <li><a href="https://www.mozilla.org/en-US/security/advisories/">Mozilla Security Advisories</a></li> </ul><!–CUT & PASTE the French version info –></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7780" about="/en/alerts-advisories/jetbrains-security-advisory-av26-541" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-541<br /><strong>Date: </strong>June 2, 2026</p> <p>On May 29, 2026, JetBrains published security advisories to address vulnerabilities in the following products:</p> <ul><li>JetBrains IntelliJ IDEA – versions prior to 2026.1.1</li> <li>JetBrains TeamCity – versions prior to 2026.1.1 and 2025.11.5</li> <li>JetBrains YouTrack – versions prior to 2026.1.13162</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <p class="mrgn-bttm-md"> </p> <ul class="list-unstyled"><li><a href="https://www.jetbrains.com/privacy-security/issues-fixed/"><span lang="en" xml:lang="en" xml:lang="en">JetBrains – Fixed security issues</span></a></li> </ul><!–CUT & PASTE the French version info –></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7779" about="/en/alerts-advisories/control-systems-siemens-security-advisory-av26-540" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-540<br /><strong>Date:</strong> June 2, 2026</p> <p>On June 2, 2026, Siemens published a security advisory to address critical vulnerabilities in the following product:</p> <ul><li>RUGGEDCOM RST2428P (6GK6242-6PA00) – versions prior to V4.0</li> </ul><p>The Cyber Centre encourages users and administrators to review the web links provided, perform the suggested mitigations and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://cert-portal.siemens.com/productcert/html/ssa-253495.html">SSA-253495: <span lang="en" xml:lang="en" xml:lang="en">Multiple Vulnerabilities in</span> SINEC OS <span lang="en" xml:lang="en" xml:lang="en">before</span> V4.0</a></li> <li><a href="https://www.siemens.com/global/en/products/services/cert.html">Siemens Security Advisories</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7777" about="/en/alerts-advisories/android-security-advisory-june-2026-monthly-rollup-av26-538" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-538<br /><strong>Date: </strong>June 2, 2026</p> <p>On June 1, 2026, Android published a security bulletin to address vulnerabilities affecting Android devices.</p> <p>The vendor indicates that CVE-2025-48595 may be under limited, targeted exploitation.</p> <p><strong>Update 1</strong><br /> On June 2, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-48595 to their Known Exploited Vulnerabilities (KEV) Database.</p> <p>The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://source.android.com/docs/security/bulletin/2026/2026-06-01">Android Security Bulletin</a></li> <li><a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48595">CISA KEV: CVE-2025-48595</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7778" about="/en/alerts-advisories/hp-security-advisory-av26-539" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-539<br /><strong>Date: </strong>June 2, 2026</p> <p>On June 1, 2026, HP published a security advisory to address a critical vulnerability in the following products:</p> <ul><li>HP Poly VVX – versions prior to UCS 6.4.8 – Pending</li> <li>HP Poly Trio 8300 – versions prior to UCS 8.1.7</li> <li>HP Poly Trio 8500 – versions prior to UCS 7.2.8</li> <li>HP Poly Trio 8800 – versions prior to UCS 7.2.8</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates, once available.</p> <ul class="list-unstyled"><li><a href="https://support.hp.com/us-en/document/ish_15052661-15052687-16/hpsbpy04083">Poly Voice – Possible Remote Control of Certain Poly Devices</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7776" about="/en/alerts-advisories/samsung-mobile-security-advisory-av26-537" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-537<br /><strong>Date:</strong> June 2, 2026</p> <p>On June 2, 2026, Samsung published a security update to address vulnerabilities in the following product:</p> <ul><li>Samsung mobile devices – versions prior to SMR-JUN-2026</li> </ul><p>The most recent security update resolves multiple identified vulnerabilities.</p> <p>The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update.</p> <ul class="list-unstyled"><li><a href="https://security.samsungmobile.com/securityUpdate.smsb?year=2026&amp;month=06">Samsung Security Updates</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7775" about="/en/alerts-advisories/broadcom-vmware-security-advisory-av26-536" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-536<br /><strong>Date: </strong>June 1, 2026</p> <p>On May 29, 2026, Broadcom published a security advisory to address vulnerabilities in the following product. Included were critical updates for the following:</p> <ul><li>VMware Tanzu for Valkey – versions prior to 7.2.13</li> <li>VMware Tanzu for Valkey – versions prior to 8.0.9</li> <li>VMware Tanzu for Valkey – versions prior to 8.1.7</li> <li>VMware Tanzu for Valkey – versions prior to 9.0.4</li> </ul><p>The Cyber Centre encourages users and administrators to review the web links provided and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37556">Product Release Advisory – VMware Tanzu for Valkey 7.2.13, 8.0.9, 8.1.7, 9.0.4</a></li> <li><a href="https://support.broadcom.com/web/ecx/security-advisory?segment=VT">Security Advisories – VMware Cloud Foundation</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7774" about="/en/alerts-advisories/qualcomm-security-advisory-june-2026-monthly-rollup-av26-535" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-535<br /><strong>Date: </strong>June 1, 2026</p> <p>On June 1, 2026, Qualcomm published a security bulletin to address vulnerabilities affecting Qualcomm products.</p> <p>The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://docs.qualcomm.com/securitybulletin/june-2026-bulletin.html">Qualcomm Security Bulletin – June</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="5369" about="/en/alerts-advisories/oracle-security-advisory-july-2024-quarterly-rollup-av24-401" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><!–{C}%3C!%2D%2D***************************************************%20START%20ADVISORY%20-English-%20******************************************************%2D%2D%3E–></p> <p><strong>Serial number: </strong>AV24-401<br /><!–{C}%3C!%2D%2D%20DATES%20Pick%20one%20update%20the%20day%20xx%2C%20delete%20the%20rest%20%2D%2D%3E–><strong>Date: </strong>July 17, 2024<br /><strong>Updated: </strong>June 1, 2026</p> <p>On July 16, 2024, Oracle published a security advisory to address vulnerabilities in multiple products. Included were critical updates for the following:</p> <ul><li>Oracle Analytics</li> <li>Oracle Communications Applications</li> <li>Oracle Communications</li> <li>Oracle Financial Services Application</li> <li>Oracle Fusion Middleware</li> <li>Oracle MySQL</li> <li>Oracle Siebel CRM</li> </ul><h2 class="h3">Update 1</h2> <p>On June 1, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2024-21182 to their Known Exploited Vulnerabilities (KEV) Database.</p> <p>The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://www.oracle.com/security-alerts/cpujul2024.html">Oracle Critical Patch Update Advisory – July 2024</a></li> <li><a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-21182">CISA KEV: CVE-2024-21182</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7772" about="/en/alerts-advisories/plesk-security-advisory-av26-534" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-534<br /><strong>Date:</strong> June 1, 2026</p> <p>On May 27, 2026, Plesk published a security advisory to address a vulnerability in the following product:</p> <ul><li>Plesk for Linux – versions prior to 18.0.75.1</li> <li>Plesk for Linux – versions prior to 18.0.76.2</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://support.plesk.com/hc/en-us/articles/38633651286679-Vulnerability-CVE-2026-44962-in-Plesk-s-APS-Catalog">Vulnerability CVE-2026-44962 in Plesk’s APS Catalog</a></li> <li><a href="https://support.plesk.com/hc/en-us">Plesk Support</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7771" about="/en/alerts-advisories/ivanti-security-advisory-av26-533" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-533<br /><strong>Date: </strong>June 1, 2026</p> <p>On June 1, 2026, Ivanti published a security advisory to address a vulnerability in the following products:</p> <ul><li>Ivanti Neurons for ITSM (On-Premises) – version 2025.4 and prior</li> <li>Ivanti Neurons for ITSM (Cloud) – version 2026.1 and prior</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-Neurons-for-ITSM-CVE-2026-9614?language=en_US">Security Advisory Ivanti Neurons for ITSM (CVE-2026-9614)</a></li> <li><a href="https://forums.ivanti.com/s/searchallcontent?language=en_US#tab=All&amp;sortCriteria=date%20descending&amp;f-sfkbknowledgearticletypec=Security%20Advisory">Ivanti Security Advisories</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7770" about="/en/alerts-advisories/mozilla-security-advisory-av26-532" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-532<br /><strong>Date: </strong>June 1, 2026</p> <p>On June 1, 2026, Mozilla published a security advisory to address vulnerabilities in the following product:</p> <ul><li>Firefox for iOS – versions prior to 151.2</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://www.mozilla.org/en-US/security/advisories/mfsa2026-53/">Mozilla Foundation Security Advisory 2026-53</a></li> <li><a href="https://www.mozilla.org/en-US/security/advisories/">Mozilla Security Advisories</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7769" about="/en/alerts-advisories/red-hat-security-advisory-av26-531" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-531<br /><strong>Date: </strong>June 1, 2026</p> <p>Between May 25 and 31, 2026, Red Hat published security advisories to address vulnerabilities in multiple products. Included were updates to address vulnerabilities in the Linux kernel for the following products:</p> <ul><li>Red Hat CodeReady Linux Builder – multiple versions and platforms</li> <li>Red Hat Enterprise Linux – multiple versions and platforms</li> <li>Red Hat Enterprise Linux Server – multiple versions and platforms</li> <li>Red Hat Enterprise Linux for Real Time – multiple versions and platforms</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://access.redhat.com/security/security-updates/security-advisories">Red Hat Security Advisories</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7768" about="/en/alerts-advisories/control-systems-cisa-ics-security-advisories-av26-530" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number:</strong> AV26–530<br /><strong>Date:</strong> June 1, 2026</p> <p>Between May 25 and 31, 2026, CISA published ICS advisories to address vulnerabilities in the following products:</p> <ul><li>ABB AC500 V2 – versions prior to 2.5.2 and 2.5.3</li> <li>ABB Ability Camera Connect – versions prior to 1.5.0.14 and 1.5.0.15</li> <li>ABB Ability Zenon – versions 7.50 to 14</li> <li>ABB B&amp;R Automation Runtime – versions prior to 6.3 and Q4.93</li> <li>ABB EIBPORT V3 KNX (2CLA963710W1001) / (2CSM256242R2001) – versions prior to 3.9.2</li> <li>ABB EIBPORT V3 KNX GSM (2CLA963720W1001) – versions prior to 3.9.2</li> <li>ABB LVS MConfig – versions 1.4.9.21 and prior</li> <li>CP Plus 8 Ch. Network Video Recorder – multiple versions</li> <li>Eppendorf BioFlo 320 – all versions</li> <li>Frontier X Android application – versions prior to v15.0.0</li> <li>Frontier X IOS application– versions prior to v25.0.0</li> <li>Frontier X2 – all versions</li> <li>Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter – version 7.03T.07</li> <li>KMW CCTV Security Cameras – versions KM-IP521 IPCAM_V4.04.91.230307 and KM-IP421 IPCAM_V4.04.53.210416</li> <li>MacGregor Voyage Data Recorder (VDR) G4e – versions prior to V5.250</li> <li>Schneider Electric EcoStruxure Machine Expert HVAC – versions prior to 1.10.0</li> <li>Switch Actuator 4 DU – all versions</li> <li>Switch Actuator, door/light 4 DU – all versions</li> <li>Terra AC Wallbox – multiple versions and models</li> <li>XCharge C6 – version C6</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web link, perform the suggested mitigations and apply the necessary updates if available.</p> <ul class="list-unstyled"><li><a href="https://www.cisa.gov/news-events/ics-advisories">CISA ICS Advisories</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7767" about="/en/alerts-advisories/ubuntu-security-advisory-av26-529" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number:</strong> AV26-529<br /><strong>Date:</strong> June 1, 2026</p> <p>Between May 25 and 31, 2026, Ubuntu published security notices to address vulnerabilities in the Linux kernel affecting the following products:</p> <ul><li>Ubuntu 20.04 LTS</li> <li>Ubuntu 22.04 LTS</li> <li>Ubuntu 24.04 LTS</li> <li>Ubuntu 25.10</li> </ul><p>The Cyber Centre encourages users and administrators to review the web links provided and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://ubuntu.com/security/notices/USN-8305-2">USN-8305-2: Linux kernel (Low Latency) vulnerabilities</a></li> <li><a href="https://ubuntu.com/security/notices/USN-8305-1">USN-8305-1: Linux kernel (Intel IoTG Real-time) vulnerabilities</a></li> <li><a href="https://ubuntu.com/security/notices/USN-8310-1">USN-8310-1: Linux kernel (Azure) vulnerabilities</a></li> <li><a href="https://ubuntu.com/security/notices">Ubuntu Security Notices</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7766" about="/en/alerts-advisories/dell-security-advisory-av26-528" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number:</strong> AV26-528<br /><strong>Date:</strong> June 1, 2026</p> <p>Between May 25 and 31, 2026, Dell published security advisories to address vulnerabilities in multiple products:</p> <ul><li>PowerEdge Server Chipset Driver – multiple applications and versions</li> <li>Data Lakehouse – versions prior to 1.8.0.0</li> <li>Dell Enterprise SONiC Distribution – versions prior to 4.5.2</li> <li>Dell Unity – versions prior to 5.5.4</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://www.dell.com/support/kbdoc/en-ca/000469673/dsa-2026-232-security-update-for-amd-based-poweredge-server-chipset-driver-vulnerabilities">DSA-2026-232: Security Update for AMD-based PowerEdge Server Chipset Driver Vulnerabilities</a></li> <li><a href="https://www.dell.com/support/kbdoc/en-ca/000469911/dsa-2026-199-security-update-for-dell-data-lakehouse-multiple-third-party-component-vulnerabilities">DSA-2026-199: Security Update for Dell Data Lakehouse Multiple Third-Party Component Vulnerabilities</a></li> <li><a href="https://www.dell.com/support/kbdoc/en-ca/000470137/dsa-2026-241-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities">DSA-2026-241: Security Update for Dell Enterprise SONiC Distribution Vulnerabilities</a></li> <li><a href="https://www.dell.com/support/kbdoc/en-ca/000470814/dsa-2026-211—security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities">DSA-2026-211 -: Security Update for Dell Unity, Dell UnityVSA and Dell Unity XT Security Update for Multiple Vulnerabilities</a></li> <li><a href="https://www.dell.com/support/security/en-ca">Dell Security advisories and notices</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7765" about="/en/alerts-advisories/ibm-security-advisory-av26-527" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-527<br /><strong>Date: </strong>June 1, 2026</p> <p>Between May 25 and 31, 2026, IBM published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following:</p> <ul><li>IBM Aspera Enterprise WebApps – versions 1.0.0 to 1.0.2.1</li> <li>IBM Business Automation Workflow containers and traditional – multiple versions</li> <li>IBM Cloud Pak for Business Automation – multiple versions</li> <li>IBM Cloud Pak for Security – versions 1.10.0.0 to 1.10.11.0</li> <li>IBM Control Center – multiple versions</li> <li>IBM DataStax Enterprise – versions 5.1, 6.7, 6.8 and 6.9</li> <li>IBM Edge Application Manager – multiple versions</li> <li>IBM Engineering Lifecycle Management – Jazz Foundation – multiple versions</li> <li>IBM Library Support for Spring – version 3.3</li> <li>IBM License Metric Tool – versions 9.2.0 to 9.2.43</li> <li>IBM Maximo Application Suite – Monitor Component – version 9.1.0.0</li> <li>IBM Observability with Instana (Agent) – versions Build 1.0.303 to 1.0.318</li> <li>IBM Process Mining – versions 2.0.0 to 2.1.1 IF001</li> <li>IBM Security SOAR – multiple versions</li> <li>IBM Tivoli Application Dependency Discovery Manager – versions 7.3.0.0 to 7.3.0.12</li> <li>QRadar Suite Software – versions 1.10.12.0 to 1.11.10.0</li> <li>WebSphere Service Registry and Repository – version 8.5</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://www.ibm.com/support/pages/bulletin/">IBM Product Security Incident Response</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7686" about="/en/alerts-advisories/microsoft-security-advisory-may-2026-monthly-rollup-av26-456" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-456<br /><strong>Date: </strong>May 12, 2026<br /><strong>Updated:</strong> June 1, 2026</p> <p>On May 12, 2026, Microsoft published security advisories to address vulnerabilities in multiple products. Included were critical updates for the following products:</p> <ul><li>.NET 10.0 installed on Linux</li> <li>.NET 10.0 installed on Mac OS</li> <li>.NET 10.0 installed on Windows</li> <li>.NET 8.0 installed on Linux</li> <li>.NET 8.0 installed on Mac OS</li> <li>.NET 8.0 installed on Windows</li> <li>.NET 9.0 installed on Linux</li> <li>.NET 9.0 installed on Mac OS</li> <li>.NET 9.0 installed on Windows</li> <li>Azure AI Foundry</li> <li>Azure Cloud Shell</li> <li>Azure Connected Machine Agent</li> <li>Azure DevOps</li> <li>Azure Logic Apps</li> <li>Azure Machine Learning</li> <li>Azure Managed Instance for Apache Cassandra</li> <li>Azure Monitor Action Group notification system</li> <li>Azure Monitor Agent</li> <li>Azure Monitor Agent Metrics Extension</li> <li>Azure SDK for Java</li> <li>Copilot Chat (Microsoft Edge)</li> <li>Dynamics 365 Customer Insights</li> <li>M365 Copilot for Desktop</li> <li>Microsoft .NET Framework 3.5</li> <li>Microsoft .NET Framework 3.5 AND 4.7.2</li> <li>Microsoft .NET Framework 3.5 AND 4.8</li> <li>Microsoft .NET Framework 3.5 AND 4.8.1</li> <li>Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2</li> <li>Microsoft .NET Framework 4.8</li> <li>Microsoft 365</li> <li>Microsoft 365 Copilot for Android</li> <li>Microsoft 365 Copilot’s Business Chat</li> <li>Microsoft Confluence SAML SSO plugin</li> <li>Microsoft Data Formulator</li> <li>Microsoft Dynamics 365</li> <li>Microsoft Dynamics 365 Business Central</li> <li>Microsoft Edge (Chromium-based)</li> <li>Microsoft Enterprise Security Token Service (ESTS)</li> <li>Microsoft Excel 2016</li> <li>Microsoft Excel for Android</li> <li>Microsoft JIRA SAML SSO plugin</li> <li>Microsoft Office 2016</li> <li>Microsoft Office 2019</li> <li>Microsoft Office LTSC 2021</li> <li>Microsoft Office LTSC 2024</li> <li>Microsoft Office LTSC for Mac 2021</li> <li>Microsoft Office LTSC for Mac 2024</li> <li>Microsoft Office for Android</li> <li>Microsoft Outlook for iOS</li> <li>Microsoft Partner Center</li> <li>Microsoft PowerPoint for Android</li> <li>Microsoft SQL Server 2016</li> <li>Microsoft SQL Server 2017</li> <li>Microsoft SQL Server 2019</li> <li>Microsoft SQL Server 2022</li> <li>Microsoft SQL Server 2025</li> <li>Microsoft SharePoint Enterprise Server 2016</li> <li>Microsoft SharePoint Server 2019</li> <li>Microsoft SharePoint Server Subscription Edition</li> <li>Microsoft Teams</li> <li>Microsoft Teams for Android</li> <li>Microsoft Visual Studio 2017</li> <li>Microsoft Visual Studio 2019</li> <li>Microsoft Visual Studio 2022</li> <li>Microsoft Visual Studio 2026</li> <li>Microsoft Word 2016</li> <li>Microsoft Word for Android</li> <li>Office Online Server</li> <li>Power Automate for Desktop</li> <li>Visual Studio Code</li> <li>Visual Studio Code – Live Preview extension</li> <li>Windows 10</li> <li>Windows 11</li> <li>Windows Admin Center</li> <li>Windows Admin Center in Azure Portal</li> <li>Windows Server 2012</li> <li>Windows Server 2016</li> <li>Windows Server 2019</li> <li>Windows Server 2025</li> </ul><h2>Update 1</h2> <p>On May 21, 2026, Microsoft published an out-of-band (OOB) security update to address CVE-2026-45659, an additional vulnerability impacting Microsoft SharePoint Enterprise Server 2019, Microsoft SharePoint Server 2016 and Microsoft SharePoint Server Subscription Edition. The CVE was inadvertently omitted from the May 2026 Security Updates.</p> <h2>Update 2</h2> <p>Open-source reporting indicates that CVE-2026-41089 is being exploited in the wild.</p> <p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://msrc.microsoft.com/update-guide/releaseNote/2026-May">May 2026 Security Updates</a></li> <li><a href="https://msrc.microsoft.com/update-guide/en-us">Security Update Guide</a></li> <li><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659">Microsoft SharePoint Remote Code Execution Vulnerability CVE-2026-45659</a></li> <li><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41089">Windows Netlogon Remote Code Execution Vulnerability CVE-2026-41089</a></li> </ul></div> </div> </div> </div> </div> </article>

<article data-history-node-id="7694" about="/en/alerts-advisories/palo-alto-networks-security-advisory-av26-462" class="cccs-threats full clearfix"> <div class="content"> <div class="layout layout–onecol"> <div class="layout__region layout__region–content"> <div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix"> </div> <div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix"> <div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-462<br /><strong>Date: </strong>May 13, 2026<br /><strong>Updated:</strong> May 29, 2026</p> <p>On May 13, 2026, Palo Alto Networks published security advisories to address vulnerabilities in the following products:</p> <ul><li>PAN-OS 12.1 – versions prior to 12.1.4-h5</li> <li>PAN-OS 12.1 – versions prior to 12.1.7</li> <li>PAN-OS 11.2 – multiple versions</li> <li>PAN-OS 11.1 – multiple versions</li> <li>PAN-OS 10.2 – multiple versions</li> </ul><p><strong>Update 1</strong></p> <p>On May 29, 2026, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-0257 to their Known Exploited Vulnerabilities (KEV) Database.</p> <p>Impacted products for CVE-2026-0257:</p> <ul><li>PAN-OS 12.1 – versions prior to 12.1.4-h6</li> <li>PAN-OS 12.1 – versions prior to 12.1.7</li> <li>PAN-OS 11.2 – multiple versions</li> <li>PAN-OS 11.1 – multiple versions</li> <li>PAN-OS 10.2 – multiple versions</li> <li>Prisma Access 11.2.0 – versions prior to 11.2.7-h13</li> <li>Prisma Access 10.2.0 – versions prior to 10.2.10-h36</li> </ul><p>The Cyber Centre encourages users and administrators to review the provided web links, perform the suggested mitigations and apply the necessary updates.</p> <ul class="list-unstyled"><li><a href="https://security.paloaltonetworks.com/CVE-2026-0265">CVE-2026-0265 PAN-OS: Authentication Bypass with Cloud Authentication Service (CAS) enabled</a></li> <li><a href="https://security.paloaltonetworks.com/CVE-2026-0264">CVE-2026-0264 PAN-OS: Heap-Based Buffer Overflow in DNS Proxy and DNS Server Allows Unauthenticated Remote Code Execution</a></li> <li><a href="https://security.paloaltonetworks.com/CVE-2026-0263">CVE-2026-0263 PAN-OS: Remote Code Execution (RCE) in IKEv2 Processing</a></li> <li><a href="https://security.paloaltonetworks.com/">Palo Alto Network Security Advisories</a></li> <li><a href="https://security.paloaltonetworks.com/CVE-2026-0257">CVE-2026-0257 PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities</a></li> <li><a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-0257">CISA KEV: CVE-2026-0257</a></li> </ul></div> </div> </div> </div> </div> </article>