These are the 5 security notices from 22 December 2025

---

1. AL25‑020 – Vulnerability Impacting WatchGuard Fireware OS – CVE‑2025‑14733

Link: https://www.cyber.gc.ca/en/alerts-advisories/AL25-020

Severity / Exploitation: The advisory notes that this vulnerability is actively being exploited in the wild.
Recommended actions:

• Review the full advisory for technical details.
• Apply any patches or firmware updates released by WatchGuard immediately.
• Verify that all WatchGuard firewalls are running the latest supported version and that default credentials have been changed.

---

2. AV25‑857 – n8n security advisory

Link: https://www.cyber.gc.ca/en/alerts-advisories/AV25-857

Severity: Critical.
Recommended actions:

• Update n8n to the version specified in the advisory.
• Follow the vendor’s hardening checklist (disable unnecessary plugins, enforce strong authentication).

---

3. AV25‑856 – Dell security advisory

Link: https://www.cyber.gc.ca/en/alerts-advisories/AV25-856

Severity: Not specified in the excerpt.
Recommended actions:

• Consult the Dell advisory for the exact list of affected products.
• Install the Dell‑provided patches or firmware updates for those products.
• Review Dell’s configuration recommendations and ensure logging is enabled.

Note: These Dell products were referenced

• Dell Metro node – version mn-114, mn-215 and mn-216
• Dell PowerEdge – multiple versions and models
• Dell PowerProtect Data Domain – multiple versions
• Dell RecoverPoint for Virtual Machines – Debian 12 – versions prior to 6.0 SP3 P1
• Dell RecoverPoint for Virtual Machines – SUSE Linux Enterprise 12 SP6 – versions prior to 6.0 SP3 P1
• Dell Storage Resource Manager (SRM) – version prior to 6.0.0.1
• Dell Storage Monitoring and Reporting (SMR) – version prior to 6.0.0.1

---

4. AV25‑855 – IBM security advisory

Link: https://www.cyber.gc.ca/en/alerts-advisories/AV25-855

Severity: Critical updates are included in this advisory.
Recommended actions:

• Identify the IBM products mentioned in the advisory and apply the critical updates immediately.
• Follow IBM’s post‑patch validation steps to confirm the issue is resolved.

Note: These specific IBM products were referenced

• IBM API Connect – version 10.0.8.0 to 10.0.8.5 and V10.0.11.0
• IBM CloudPak for AIOps – versions 4.1.0 to 4.11.1
• IBM Concert Software – version 1.0.0 to 2.1.0
• IBM DataPower Gateway – version 10.6.6.0
• IBM Data Virtualization on Cloud Pak for Data – versions 3.0, 3.1 and 3.2
• IBM Db2 on Cloud Pak for Data versions – versions v4.8, v5.0, v5.1, v5.2 and v5.3
• IBM Db2 Warehouse on Cloud Pak for Data – versions v4.8, v5.0, v5.1, v5.2 and v5.3
• IBM DS8A00 – multiple versions
• IBM Edge Data Collector – version 8.11
• IBM Fusion – versions 2.2.0 to 2.11.1
• IBM Fusion HCI – versions 2.2.0 to 2.11.1
• IBM Fusion HCI for watson – versions 2.2.0 to 2.11.1
• IBM Library Support for Spring – Spring-boot – versions 2.7.0 to 2.7.18
• IBM Library Support for Spring – Spring-framework – versions 5.3.0 to 5.3.39
• IBM Library Support for Struts – versions 1.1.1 to 1.1.3
• IBM MANTA Automated Data Lineage for IBM Cloud Pak for Data – version 4.5.0 to 5.3.0
• IBM QRadar Suite Software – versions 1.11.0.0 to 1.11.7.0
• IBM QRadar Suite Software – versions 4.1.15 to 5.0.2
• IBM Rhapsody Systems Engineering – multiple versions
• IBM Security QRadar Analyst Wrokflow for IBM QRadar SIEM – versions 2.32.0 to 3.0.0
• IBM Sterling Partner Engagement Manager – multiple versions
• IBM Watson Query on Cloud Pak for Data – version 2.2
• IBM Watson Speech Services Cartridge – versions 4.0.0 – 5.2.2
• IBM watsonx Code Assistant On Prem – version 5.1.1, 5.1.2, 5.1.3, 5.2, 5.2.1 and 5.2.2
• IBM watsonx Orchestrate Developer Edition – versions 1.4.0 – 1.15.0

---

5. AV25‑854 – Control systems (CISA ICS) security advisory

Link: https://www.cyber.gc.ca/en/alerts-advisories/AV25-854

Severity: Not specified in the excerpt.
Recommended actions:

• Review the advisory for the exact control‑system devices and software affected.
• Apply any vendor‑issued patches or mitigation steps.
• Consider network segmentation and enhanced monitoring for the listed control‑system components.

Note: Below are some of the mentioned products, if you run these or other ICS systems please review the advisory:

• Advantech – WebAccess/SCADA
• Axis Communications – Camera Station Device Manager
• Axis Communications – Camera Station Pro
• Axis Communications – Camera Station Station
• Güralp Systems – Fortimus Series, Minimus Series, and Certimus Series
• Hitachi Energy – AFS, AFR and AFF Series
• Inductive Automation Ignition – Ignition
• Johnson Controls – PowerG, IQPanel and IQHub
• Mitsubishi Electric – GT Designer3
• Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electrics – GENESIS64
• Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electrics – ICONICS Suite
• Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electrics – MobileHMI
• Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electrics – MC Works64
• National Instruments – LabVIEW
• Rockwell Automation – Micro820
• Rockwell Automation – Micro850
• Rockwell Automation – Micro870
• Schneider Electric – EcoStruxure Foxboro DCS Advisor
• Siemens Interniche IP-Stack:SIDOOR – multiple models and versions
• Siemens Interniche IP-Stack:SIMATIC – multiple models and versions
• Siemens Interniche IP-Stack:SIMOCODE – multiple models and versions
• Siemens Interniche IP-Stack:SINUMERIK – multiple models and versions
• Siemens Interniche IP-Stack:SIPLUS – multiple models and versions
• Siemens Interniche IP-Stack:SIWARX – multiple models and versions

---

How Azzurro Technology Inc. Can Help

Azzurro Technology Inc. can assist you in addressing any of the advisories above—or any other software issue your organization faces. Our experts provide free, no‑obligation advice and can help you apply patches, configure mitigations, and verify that your environment is secure. Contact us at mailto:mailto:info@azzurro.tech.

---

Disclaimer

This post is an AI‑generated summary of the advisories posted on the Canadian Centre for Cyber Security website. For complete details, severity ratings, product listings, and official mitigation steps, please consult the original advisories via the links above or visit the full list at https://www.cyber.gc.ca/en/alerts-advisories. Azzurro Technology Inc. can also give a free quote for a more specific, organization‑focused report.

These are the 1 security notices from 2025‑12‑18

---

Mozilla security advisory (AV25‑849) – 2025‑12‑18

Link to Cyber Centre alert: https://www.cyber.gc.ca/en/alerts-advisories
Link to Mozilla advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2025-98/

Severity: High

Recommended actions:

• Review the detailed advisory on both the Cyber Centre and Mozilla pages to understand the vulnerability.
• Apply the patch released by Mozilla immediately.
• Verify that all browsers across your organization are updated to the patched version.
• Perform an inventory of systems that may be affected and prioritize remediation for critical assets.

---

How Azzurro Technology Inc. can help

Azzurro Technology Inc. can assist you in addressing this high‑severity advisory—or any other software issue your organization encounters. Our team will guide you through applying the necessary patches and securing your environment. All advice is provided free of charge.

📧 Contact us: mailto:info@azzurro.tech

---

Disclaimer

This post is an AI‑generated summary of the security notice(s) posted on the Canadian Cyber Centre’s alerts page. It does not replace the official advisory. For complete details, please visit the Cyber Centre’s alerts page: https://www.cyber.gc.ca/en/alerts-advisories.

Azzurro Technology Inc. can provide a free quote for a more detailed, organization‑specific report.

These are the 7 security notices from 2025‑12‑17

---

1. Cisco security advisory (AV25‑848) – Update 1

Severity: Critical – multiple remote‑code‑execution flaws in Cisco IOS and NX‑OS that could allow an unauthenticated attacker to take full control of affected devices. Successful exploitation may bypass existing security controls, disrupt network operations, and provide a foothold for lateral movement across the enterprise.

Recommended actions: Deploy the Cisco‑provided firmware patches immediately, verify the patch level on all routers, switches, and firewalls, and enable intrusion‑prevention signatures that detect attempted exploit traffic. Conduct a post‑patch validation scan and review device configurations for any unnecessary services.

Read the full advisory

---

2. Drupal security advisory (AV25‑847)

Severity: Medium – exploitable issues that may lead to privilege escalation.

Recommended actions: Upgrade to the patched version of Drupal, audit installed modules, and enforce strong password policies for admin accounts.

Read the full advisory

---

3. Mozilla security advisory (AV25‑846)

Severity: Medium – vulnerabilities affecting Firefox that could expose user data.

Recommended actions: Update Firefox to the latest release, enable automatic updates, and consider deploying browser‑hardening extensions.

Read the full advisory

---

4. SonicWall security advisory (AV25‑845) – Update 1

Severity: High – a set of flaws in SonicWall SMA and VPN appliances that are actively being exploited in the wild, according to multiple threat‑intel reports. Attackers have leveraged the vulnerability to obtain VPN credentials and pivot into corporate networks.

Recommended actions: Apply the vendor’s emergency patch without delay, force a password reset for all VPN users, and enable multi‑factor authentication on all remote‑access portals. Monitor VPN logs for anomalous login patterns and block any suspicious IP addresses.

Read the full advisory

---

5. HPE security advisory (AV25‑844)

Severity: Critical – severe flaws in HPE iLO and OneView management interfaces that permit unauthenticated attackers to execute arbitrary commands and gain full administrative control over servers. Exploitation can lead to complete compromise of the host, data exfiltration, and persistence within the data‑center environment.

Recommended actions: Install the HPE‑issued firmware updates immediately on all affected hardware, restrict iLO/OneView access to trusted management subnets, and enforce strong, unique credentials with account lockout policies. Conduct a thorough audit of server logs for any signs of unauthorized access and consider network segmentation for management traffic.

Read the full advisory

---

6. Google Chrome security advisory (AV25‑843)

Severity: Medium – vulnerabilities that could lead to sandbox escape.

Recommended actions: Deploy the latest Chrome version across all endpoints, enforce safe‑browsing policies, and educate users about phishing risks.

Read the full advisory

---

7. Tenable security advisory (AV25‑842)

Severity: Critical – critical informational disclosures in Tenable.sc and Nessus that reveal internal scanning configurations and asset inventories. Threat actors can use this data to craft precise attacks against known vulnerabilities, dramatically increasing the likelihood of successful exploitation.

Recommended actions: Update all Tenable products to the latest versions, re‑configure scanning policies to limit exposure of internal details, and restrict API access to authorized service accounts only. Perform a comprehensive review of scan result storage and purge any unnecessary historical data. Enable logging and alerting for any unexpected API calls.

Read the full advisory

---

How Azzurro Technology Inc. Can Help

Azzurro Technology Inc. can assist your organization in addressing any of these advisories or any other software issue you face. Our team offers free, no‑obligation advice and can provide a tailored remediation plan. Contact us at info@azzurro.tech for support.

---

Disclaimer: This is an AI‑generated summary. For complete details, please visit the official Cyber Centre page: https://www.cyber.gc.ca/en/alerts-advisories. Azzurro Technology Inc. can provide a free quote for a more specific, human built, organization‑focused report.

These are the security notices from 2025‑12‑16

AL25‑019 – Fortinet FortiCloud SSO Login Authentication Bypass (CVE‑2025‑59718 & CVE‑2025‑59719)
Severity: Critical (CVSS 9.8) – the flaws allow unauthenticated attackers to bypass FortiCloud single‑sign‑on and gain administrative access.
Recommended actions:

• Apply the Fortinet patches released on December 9, 2025.
• If you cannot patch immediately, temporarily disable the FortiCloud SSO login feature.
• Review firewall configurations for signs of compromise and rotate any exposed credentials.

AV25‑841 – Red Hat Enterprise Linux Kernel Vulnerabilities
Severity: Important to Critical – multiple kernel bugs affect several Red Hat Enterprise Linux releases and could lead to privilege escalation or denial‑of‑service.
Recommended actions:

• Install the latest Red Hat security updates for the affected kernel packages as soon as they become available, malware.news.
• Restart affected systems after updating to ensure the patched kernel is loaded.
• Monitor system logs for unusual activity and verify that no unapproved modules are loaded.

If your organization needs help applying these patches, assessing the impact, or addressing any other software security concerns, Azzurro Technology Inc. can assist – free of charge. Reach us at info@azzurro.tech.