Canadian Cyber Centre Advisories Highlight Linux Kernel and Other Vendor Patch Updates
The Canadian Centre for Cyber Security issued multiple advisories urging organizations to apply vendor patches released between February 16–22, 2026, including updates addressing Linux kernel vulnerabilities impacting Ubuntu (16.04 LTS through 25.10) and Red Hat platforms (including RHEL and related offerings). The advisories emphasize routine but potentially high-impact exposure from unpatched kernel flaws across widely deployed enterprise and server environments, and direct administrators to review upstream vendor notices and deploy the corresponding updates.
Separate Cyber Centre advisories also flagged patch requirements outside the Linux kernel: Microsoft released an update for Microsoft Edge Stable to remediate vulnerabilities in versions prior to 145.0.3800.70, IBM published security advisories covering multiple products (including Aspera Enterprise WebApps, Cloud Pak System, Storage Defender, and others), and CISA issued ICS advisories for vulnerabilities across several industrial and IoT/OT products (including Delta Electronics, GE Vernova, Honeywell CCTV, Siemens Simcenter, and others) with recommended mitigations and updates where available. A Linux 7.0 release-candidate feature article is not a security advisory and does not materially relate to the patch/vulnerability notices in the other items.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
Canadian Centre for Cyber Security issues consolidated advisories
On February 23, 2026, the Canadian Centre for Cyber Security published notices AV26-151 through AV26-155 highlighting the recent CISA, IBM, Red Hat, Ubuntu, and Microsoft security updates and urging users to review vendor guidance and apply patches. These notices summarized the prior disclosures for Canadian defenders and administrators.
Microsoft releases Edge Stable Channel security update
On February 20, 2026, Microsoft published a security update for Edge Stable Channel, bringing affected versions prior to 145.0.3800.70 up to a remediated release. The update addressed vulnerabilities in the browser.
Ubuntu releases Linux kernel security notices
Between February 16 and 22, 2026, Ubuntu published security notices addressing Linux kernel vulnerabilities affecting multiple supported releases, including several LTS versions and Ubuntu 25.10. Administrators were advised to apply the relevant updates.
Red Hat issues multiple security advisories
Between February 16 and 22, 2026, Red Hat published advisories for vulnerabilities affecting multiple products, including the Linux kernel, Red Hat Enterprise Linux, and CodeReady Linux Builder. The updates spanned several versions and platforms.
IBM publishes multiple product security advisories
Between February 16 and 22, 2026, IBM published multiple security advisories addressing vulnerabilities across several products, including IBM Aspera Enterprise WebApps, IBM Cloud Pak System, IBM Storage Defender Resiliency Service, IBM SPSS Analytic Server, IBM Tivoli Monitoring, and other IBM offerings. Users were urged to review IBM's advisories and apply the required updates.
CISA publishes multiple ICS security advisories
Between February 16 and 22, 2026, CISA released multiple ICS advisories covering vulnerabilities in products from Delta Electronics, EnOcean, GE Vernova, Honeywell, Jinan USR IOT Technology Limited (PUSR), Siemens, Valmet, and Welker. The advisories included recommended mitigations and available updates for affected industrial and IoT-related products.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
5 references tracked. Mallory keeps watching after this page renders.
Microsoft Edge security advisory (AV26-155) - Canadian Centre for Cyber Security
cyber.gc.ca
Open sourceUbuntu security advisory (AV26-154) - Canadian Centre for Cyber Security
cyber.gc.ca
Open sourceRed Hat security advisory (AV26-153) - Canadian Centre for Cyber Security
cyber.gc.ca
Open sourceIBM security advisory (AV26-152) - Canadian Centre for Cyber Security
cyber.gc.ca
Open source[Control systems] CISA ICS security advisories (AV26-151) - Canadian Centre for Cyber Security
cyber.gc.ca
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Canadian Cyber Centre Flags Broad Vendor Patch Wave Across Enterprise and ICS Products
The Canadian Centre for Cyber Security issued a series of advisories highlighting a broad patch wave from major technology vendors, spanning enterprise infrastructure, operating systems, and industrial environments. IBM released updates for products including **AIX**, **MQ**, **QRadar Suite Software**, **Cloud Pak for Security**, multiple **IBM Verify** offerings, and other middleware and cloud components, while Dell published fixes affecting **Avamar Data Store Gen5A**, **Connectrix B-Series FOS and SANnav**, **PowerSwitch E3200-ON Series**, **PowerSwitch Z9664F-ON**, and **Secure Connect Gateway**. Red Hat and Ubuntu also pushed Linux kernel-related updates, with Red Hat covering several **RHEL** and **CodeReady Linux Builder** variants and Ubuntu addressing kernel issues in **Ubuntu 22.04 LTS** and **24.04 LTS**, including NVIDIA-related vulnerabilities referenced in `USN-8060-7` and `USN-8059-8`. Industrial and telecom systems were also affected. CISA advisories cited vulnerabilities across products from **Apeman, Ceragon, Honeywell, Inductive Automation, Lantronix, Siemens,** and **Trane**, impacting industrial control systems, building management platforms, EV chargers, networking devices, and industrial software. Separately, HPE disclosed a **remote buffer overflow** in **HPE Telco Service Orchestrator** affecting versions prior to `v4.2.12` under bulletin `HPESBNW05029` revision 1. The Cyber Centre urged organizations to review vendor guidance, implement recommended mitigations, and apply updates promptly to reduce exposure across both IT and OT environments.
Jun 22, 2026
Coordinated Vendor Patch Advisories for Enterprise Software and Linux Kernel
The Canadian Centre for Cyber Security issued multiple **alerts and advisories** urging organizations to apply vendor patches for newly disclosed vulnerabilities across widely deployed enterprise platforms, including **Splunk** (Enterprise, Cloud Platform, Universal Forwarder, and *DB Connect* prior to `4.2.0`), **GitHub Enterprise Server** (patched releases `3.19.2`, `3.18.5`, `3.17.11`, `3.16.14`, `3.15.18`, `3.14.23`), **Jenkins** (Weekly `2.550` and prior; LTS `2.541.1` and prior), and **Atlassian** products (**Bamboo**, **Confluence**, and **Crowd** Data Center/Server across multiple versions). The advisories are framed as patch-and-mitigate guidance rather than incident reporting, emphasizing rapid update adoption to reduce exposure. Additional vendor guidance highlighted kernel-level risk and security tooling exposure. **Tenable** released a critical update for **Tenable Security Center** (`6.7.2` and prior) via stand-alone patches, and **Red Hat** published multiple advisories (Feb 9–15) including **Linux kernel** fixes across several RHEL-related offerings (e.g., *Red Hat Enterprise Linux* and *CodeReady Linux Builder*). Separately, F5 tracked a **Linux kernel vulnerability** identified as **CVE-2025-22026** in its product advisory, reinforcing the need to prioritize kernel patching where affected components are present.
Mar 21, 2026
Multiple Security Advisories for Enterprise and Industrial Products (Late October–Early November 2025)
Vendors including Hitachi Energy, Schneider Electric, ABB, Ubiquiti, Dell, IBM, Red Hat, Ubuntu, and Microsoft released security advisories between October 27 and November 3, 2025, addressing vulnerabilities across a wide range of enterprise, industrial, and cloud products. Notable advisories include CISA's ICS alerts for control systems, a critical flaw in ABB's PCM600 software (CVE-2018-1002208), a critical vulnerability in Ubiquiti's UniFi Access Application (CVE-2025-52665), and updates for Microsoft Edge, Red Hat Enterprise Linux, Ubuntu LTS versions, and multiple Dell and IBM products. Organizations are urged to review the advisories, apply recommended mitigations, and update affected systems to reduce exposure to exploitation. The advisories highlight vulnerabilities that could allow remote code execution, privilege escalation, or unauthorized access if left unpatched. The Canadian Centre for Cyber Security and CISA emphasize the importance of timely patching and mitigation, especially for products deployed in critical infrastructure and enterprise environments. Administrators should consult the official vendor advisories for detailed remediation steps and monitor for further updates as new vulnerabilities are disclosed and addressed.
Mar 21, 2026