Searching in Data Privacy & Cybersecurity · Search everything
687 changes Data Privacy & Cybersecurity
Multiple IBM Vulnerabilities Data Integrity Confidentiality Risks
CERT-FR issued advisory CERTFR-2026-AVI-0395 warning of multiple critical vulnerabilities in IBM products affecting QRadar SIEM, Storage Protect Plus Server, WebSphere Automation, and WebSphere eXtreme Scale. Vulnerabilities include remote code execution, privilege escalation, denial of service, and data integrity and confidentiality breaches. French organizations using these products are advised to apply patches immediately.
Red Hat Linux Kernel Multiple Vulnerabilities Advisory
CERT-FR issued advisory CERTFR-2026-AVI-0396 alerting to multiple vulnerabilities in the Red Hat Linux kernel affecting Red Hat Enterprise Linux and CodeReady Linux Builder products across ARM64, IBM z Systems, Power, and x86_64 architectures. The vulnerabilities expose affected systems to data confidentiality breaches, security policy bypass, remote denial of service, and privilege escalation risks. Organizations running affected Red Hat products should apply the referenced security patches from Red Hat.
Multiple Vulnerabilities in VMware Tanzu MySQL Kubernetes
CERT-FR issued a security advisory reporting multiple vulnerabilities in VMware Tanzu MySQL for Kubernetes affecting versions prior to 2.0.2. Ten CVEs are referenced including CVE-2025-14831, CVE-2025-15281, CVE-2025-15366, CVE-2025-15367, CVE-2025-9820, CVE-2026-0861, CVE-2026-0865, CVE-2026-0915, CVE-2026-1299, and CVE-2026-4111. Organizations using affected versions should apply the vendor-provided patches.
Multiple Ubuntu Linux Kernel Vulnerabilities Allow Arbitrary Code Execution
CERT-FR issued an advisory reporting multiple kernel vulnerabilities affecting Ubuntu Linux versions 14.04 ESM through 25.10. The vulnerabilities allow attackers to achieve arbitrary code execution, privilege escalation, data confidentiality breaches, and denial of service. The advisory references 12 Ubuntu security bulletins (USN-8094-5 through USN-8149-1) and multiple CVEs including CVE-2021-47142, CVE-2021-47145, and CVE-2024-36903. Organizations running affected Ubuntu systems should immediately apply patches referenced in the Ubuntu security bulletins.
SUSE Linux Kernel Multiple Vulnerabilities Advisory
CERT-FR issued advisory CERTFR-2026-AVI-0398 alerting to 14 SUSE security bulletins covering multiple vulnerabilities in SUSE Linux kernel. Affected systems include SUSE Linux Enterprise Server, Live Patching, Real Time, and openSUSE Leap 15.6. Attackers could exploit these flaws to achieve data confidentiality breaches, data integrity compromise, security policy bypass, denial of service, and privilege escalation.
Synology Mail Station Vulnerability Advisory
CERT-FR issued a security advisory warning of a vulnerability in Synology Mail Station (versions prior to 30000001.3.19-20332 for DSM). The vulnerability, tracked as CVE-2026-5129, allows attackers to compromise data confidentiality and integrity. Users are advised to apply the vendor patch referenced in Synology security advisory Synology_SA_26_04.
EU Digital Wallet Certification Scheme Public Consultation
ENISA launched a public consultation on the draft candidate EU Digital Wallet (EUDIW) certification scheme on 3 April 2026. The scheme, developed under the Cybersecurity Act to support the European Digital Identity Framework, aims to verify that digital wallets meet high security requirements. Comments must be submitted by 30 April 2026, with a webinar scheduled for 8 April 2026. ENISA also signed a €1.6 million contribution agreement with the European Commission to support Member States in developing national certification schemes.
TrueConf Client Vulnerability - Arbitrary Code Execution via Updates
CISA added CVE-2026-3502 to the Known Exploited Vulnerabilities catalog. The vulnerability allows remote attackers to execute arbitrary code via unverified software updates in TrueConf Client versions 8.1.0 through 8.5.2. The flaw has a CVSS score of 7.8 (HIGH) and is classified as actively exploited with total technical impact.
Yokogawa CENTUM VP Hardcoded Password Vulnerability CVE-2025-7741
CISA ICS-CERT published advisory ICSA-26-092-02 disclosing CVE-2025-7741, a hardcoded password vulnerability in Yokogawa CENTUM VP distributed control systems affecting versions R5.01.00 through R7.01.00. The vulnerability (CVSS 3.1 score 4.0 Medium) allows attackers with access to HIS screen controls to login as the PROG user and potentially modify permissions. CISA recommends changing to Windows Authentication Mode or applying vendor patches as mitigations.
CVE-2026-3502 TrueConf Vulnerability Added to KEV Catalog
CISA added CVE-2026-3502, a TrueConf Client vulnerability involving code download without integrity verification, to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. The vulnerability poses significant risk as a frequent attack vector for malicious cyber actors. Although Binding Operational Directive 22-01 only mandates remediation for Federal Civilian Executive Branch agencies, CISA strongly urges all organizations to prioritize timely remediation.