Azzurro Technology inc.

Category: Security Notices

Security notices from the Cyber Centre with context.

  • Security notices from the 18th of December 2025

    Security notices from the 18th of December 2025

    These are the 1 security notices from 2025‑12‑18

    Mozilla security advisory (AV25‑849) – 2025‑12‑18

    Link to Cyber Centre alert: https://www.cyber.gc.ca/en/alerts-advisories
    Link to Mozilla advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2025-98/

    Severity: High

    Recommended actions:

    • Review the detailed advisory on both the Cyber Centre and Mozilla pages to understand the vulnerability.
    • Apply the patch released by Mozilla immediately.
    • Verify that all browsers across your organization are updated to the patched version.
    • Perform an inventory of systems that may be affected and prioritize remediation for critical assets.

    How Azzurro Technology Inc. can help

    Azzurro Technology Inc. can assist you in addressing this high‑severity advisory—or any other software issue your organization encounters. Our team will guide you through applying the necessary patches and securing your environment. All advice is provided free of charge.

    📧 Contact us: mailto:info@azzurro.tech

    Disclaimer

    This post is an AI‑generated summary of the security notice(s) posted on the Canadian Cyber Centre’s alerts page. It does not replace the official advisory. For complete details, please visit the Cyber Centre’s alerts page: https://www.cyber.gc.ca/en/alerts-advisories.

    Azzurro Technology Inc. can provide a free quote for a more detailed, organization‑specific report.

  • Security notices for the 17th of December 2025

    Security notices for the 17th of December 2025

    These are the 7 security notices from 2025‑12‑17

    1. Cisco security advisory (AV25‑848) – Update 1

    Severity: Critical – multiple remote‑code‑execution flaws in Cisco IOS and NX‑OS that could allow an unauthenticated attacker to take full control of affected devices. Successful exploitation may bypass existing security controls, disrupt network operations, and provide a foothold for lateral movement across the enterprise.


    Recommended actions: Deploy the Cisco‑provided firmware patches immediately, verify the patch level on all routers, switches, and firewalls, and enable intrusion‑prevention signatures that detect attempted exploit traffic. Conduct a post‑patch validation scan and review device configurations for any unnecessary services.


    Read the full advisory

    2. Drupal security advisory (AV25‑847)

    Severity: Medium – exploitable issues that may lead to privilege escalation.


    Recommended actions: Upgrade to the patched version of Drupal, audit installed modules, and enforce strong password policies for admin accounts.


    Read the full advisory

    3. Mozilla security advisory (AV25‑846)

    Severity: Medium – vulnerabilities affecting Firefox that could expose user data.


    Recommended actions: Update Firefox to the latest release, enable automatic updates, and consider deploying browser‑hardening extensions.


    Read the full advisory

    4. SonicWall security advisory (AV25‑845) – Update 1

    Severity: High – a set of flaws in SonicWall SMA and VPN appliances that are actively being exploited in the wild, according to multiple threat‑intel reports. Attackers have leveraged the vulnerability to obtain VPN credentials and pivot into corporate networks.


    Recommended actions: Apply the vendor’s emergency patch without delay, force a password reset for all VPN users, and enable multi‑factor authentication on all remote‑access portals. Monitor VPN logs for anomalous login patterns and block any suspicious IP addresses.


    Read the full advisory

    5. HPE security advisory (AV25‑844)

    Severity: Critical – severe flaws in HPE iLO and OneView management interfaces that permit unauthenticated attackers to execute arbitrary commands and gain full administrative control over servers. Exploitation can lead to complete compromise of the host, data exfiltration, and persistence within the data‑center environment.


    Recommended actions: Install the HPE‑issued firmware updates immediately on all affected hardware, restrict iLO/OneView access to trusted management subnets, and enforce strong, unique credentials with account lockout policies. Conduct a thorough audit of server logs for any signs of unauthorized access and consider network segmentation for management traffic.


    Read the full advisory

    6. Google Chrome security advisory (AV25‑843)

    Severity: Medium – vulnerabilities that could lead to sandbox escape.


    Recommended actions: Deploy the latest Chrome version across all endpoints, enforce safe‑browsing policies, and educate users about phishing risks.


    Read the full advisory

    7. Tenable security advisory (AV25‑842)

    Severity: Critical – critical informational disclosures in Tenable.sc and Nessus that reveal internal scanning configurations and asset inventories. Threat actors can use this data to craft precise attacks against known vulnerabilities, dramatically increasing the likelihood of successful exploitation.


    Recommended actions: Update all Tenable products to the latest versions, re‑configure scanning policies to limit exposure of internal details, and restrict API access to authorized service accounts only. Perform a comprehensive review of scan result storage and purge any unnecessary historical data. Enable logging and alerting for any unexpected API calls.


    Read the full advisory

    How Azzurro Technology Inc. Can Help

    Azzurro Technology Inc. can assist your organization in addressing any of these advisories or any other software issue you face. Our team offers free, no‑obligation advice and can provide a tailored remediation plan. Contact us at info@azzurro.tech for support.

    Disclaimer: This is an AI‑generated summary. For complete details, please visit the official Cyber Centre page: https://www.cyber.gc.ca/en/alerts-advisories. Azzurro Technology Inc. can provide a free quote for a more specific, human built, organization‑focused report.

  • Security notices for the 16th of December 2025

    Security notices for the 16th of December 2025

    These are the security notices from 2025‑12‑16

    AL25‑019 – Fortinet FortiCloud SSO Login Authentication Bypass (CVE‑2025‑59718 & CVE‑2025‑59719)
    Severity: Critical (CVSS 9.8) – the flaws allow unauthenticated attackers to bypass FortiCloud single‑sign‑on and gain administrative access.
    Recommended actions:

    • Apply the Fortinet patches released on December 9, 2025.
    • If you cannot patch immediately, temporarily disable the FortiCloud SSO login feature.
    • Review firewall configurations for signs of compromise and rotate any exposed credentials.

    AV25‑841 – Red Hat Enterprise Linux Kernel Vulnerabilities
    Severity: Important to Critical – multiple kernel bugs affect several Red Hat Enterprise Linux releases and could lead to privilege escalation or denial‑of‑service.
    Recommended actions:

    • Install the latest Red Hat security updates for the affected kernel packages as soon as they become available, malware.news.
    • Restart affected systems after updating to ensure the patched kernel is loaded.
    • Monitor system logs for unusual activity and verify that no unapproved modules are loaded.

    If your organization needs help applying these patches, assessing the impact, or addressing any other software security concerns, Azzurro Technology Inc. can assist – free of charge. Reach us at info@azzurro.tech.