Fog advisory for Windsor-Essex, Chatham-Kent, Sarnia
Environment Canada has issued a yellow fog advisory for Windsor-Essex, Chatham-Kent and Sarnia.
#weather #advisory #WindsorEssex #ChathamKent #Sarnia
https://www.cbc.ca/news/canada/windsor/windsor-fog-advisory-9.7092141?cmp=rss

Google Issues Emergency Patch for Actively Exploited Chrome Zero-Day

Google patched a high-severity Chrome flaw (CVE-2026-2441) that is currently being exploited in the wild. The flaw allows remote code execution on Windows, macOS, and Linux systems through malicious web content.

**An urgent patch for Chrome - Google is patching an actively exploited flaw in Chrome, and the flaw is nasty enough that even the basic description of it is withheld. DONT WAIT! Update all your Chrome and Chromium browsers (Edge, Opera, Brave, Vivaldi...). Updating the browser is easy, all your tabs reopen after the patch.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/google-issues-emergency-patch-for-actively-exploited-chrome-zero-day-h-3-4-y-e/gD2P6Ple2L

Google Chrome 145 Update Patches 11 Vulnerabilities Including High-Severity RCE Flaws

Google Chrome 145 patches 11 vulnerabilities, including high-severity use-after-free and heap buffer overflow flaws that allow remote code execution and sandbox escapes.

**If you are using Google Chrome or other Chromium-based browsers (Edge, Brave, Vivaldi, Opera...) update ASAP. These flaws are still not exploited, but why give hackers the chance? Just update, your tabs reopen automatically.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/google-chrome-145-update-patches-11-vulnerabilities-including-high-severity-rce-flaws-n-m-1-c-v/gD2P6Ple2L

Critical Path Traversal Flaw in Unstructured.io AI Library Enables Remote Code Execution

Unstructured.io patched a critical path traversal vulnerability (CVE-2025-64712) that allows attackers to achieve remote code execution by processing malicious Outlook .msg files. The flaw enables arbitrary file writes, potentially compromising AI data pipelines across major cloud providers and Fortune 1000 enterprise environments.

**If you are processing mail attachments throuh AI, this is an important advisory. Check if you directly use Unstructured.io or update the systems that import and use this library. If you cannot update right away, disable attachment processing in your code and implement controls to sanitize filename attachments.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-path-traversal-flaw-in-unstructured-io-ai-library-enables-remote-code-execution-x-z-5-d-g/gD2P6Ple2L

HashiCorp Patches Critical RCE Vulnerability in next-mdx-remote Library

HashiCorp patched a critical remote code execution vulnerability (CVE-2026-0969) in the next-mdx-remote library that allowed attackers to execute arbitrary code during React server-side rendering.

**If your React application renders user-supplied MDX content, update next-mdx-remote to version 6.0.0 immediately to enable the new default security blocks. Avoid enabling JavaScript expressions for untrusted input, as even best-effort sanitization can be bypassed by determined attackers.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/hashicorp-patches-critical-rce-vulnerability-in-next-mdx-remote-library-t-u-a-5-2/gD2P6Ple2L

CISA Warns of Active Exploitation in Microsoft Configuration Manager SQL Injection Flaw

CISA reports active exploitation of a critical SQL injection vulnerability in Microsoft Configuration Manager (CVE-2024-43468). The flaw allows unauthenticated attackers to execute arbitrary commands with system-level privileges on management servers and site databases.

**If you are using Microsoft Configuration Manager and haven't patched since 2024, this is urgent. Your MCM is being attacked. If possible, always isolate from the internet. And patch, because any isolation will be compromised given enough time.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/cisa-warns-of-active-exploitation-in-microsoft-configuration-manager-sql-injection-flaw-t-a-l-p-8/gD2P6Ple2L

Ubuntu Security Notice USN-8038-1 https://packetstorm.news/files/215567 #advisory

Debian Security Advisory 6133-1 https://packetstorm.news/files/215561 #advisory

SUSE Security Advisory - SUSE-SU-2026:0476-1 https://packetstorm.news/files/215554 #advisory

openSUSE Security Advisory - openSUSE-SU-2026:10182-1 https://packetstorm.news/files/215553 #advisory

Apple Patches Actively Exploited Flaw, Over 90 Vulnerabilities in macOS, iOS, and iPadOS in February 2026 Security Updates

Apple released security updates on February 11, 2026, patching over 90 vulnerabilities across macOS, iOS, and iPadOS, including an actively exploited zero-day (CVE-2026-20700) — a memory corruption flaw in dyld enabling arbitrary code execution, likely used by nation-state actors or commercial spyware vendors against targeted individuals.

**Time to update your Apple devices. Prioritize iOS 26 devices, especially if you are a journalist or active in economy and policy - those are the first ones targeted by state actors to take control of mobile phones. Then all the rest of devices. Even if you are not a high profile target, update because hackers will learn to exploit the same flaws, so it will be open season on every vulnerable device.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/apple-patches-actively-exploited-flaw-over-90-vulnerabilities-in-macos-ios-and-ipados-in-february-2026-security-updates-j-a-7-e-o/gD2P6Ple2L

Siemens COMOS Affected by Multiple Flaws, at Least One Critical

Siemens COMOS plant management software is affected by six vulnerabilities, including a critical severity 10 XSS flaw and a sandbox escape, which could lead to remote code execution or data theft.

**First priority, make sure your industrial systems including COMOS are isolated from the internet and accessible only from trusted networks. Plan a quick update of COMOS instances to latest versions of 10.4 and 10.5 branck. For branch 10.6 contact Siemens for instructions.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/siemens-comos-affected-by-multiple-flaws-at-least-one-critical-a-q-3-w-s/gD2P6Ple2L

Critical RCE Vulnerability Reported in WPvivid Backup Plugin

WPvivid Backup & Migration plugin for WordPress patched a critical RCE vulnerability (CVE-2026-1357) that allows unauthenticated attackers to upload malicious PHP files via predictable cryptographic keys.

**If you are using WPvivid plugin, update to version 0.9.124 ASAP. If you cannot update right away, ensure the 'receive backup from another site' feature is disabled to close the primary attack vector.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-rce-vulnerability-reported-in-wpvivid-backup-plugin-3-d-o-v-9/gD2P6Ple2L

Debian Security Advisory 6130-1 https://packetstorm.news/files/215501 #advisory

Ubuntu Security Notice USN-8035-1 https://packetstorm.news/files/215500 #advisory

SUSE Security Advisory - SUSE-SU-2026:0438-1 https://packetstorm.news/files/215495 #advisory

openSUSE Security Advisory - openSUSE-SU-2026:10172-1 https://packetstorm.news/files/215494 #advisory

Critical UUID Flaw in Fiber v2 Framework Enables Session Hijacking

Fiber v2 patched a critical vulnerability (CVE-2025-66630) that generates predictable all-zero UUIDs when secure randomness fails, enabling session hijacking and CSRF bypass.

**If you are running applications running Fiber v2, prioritize updating to version 2.52.11 and update environments to Go 1.24, This is a weird flaw that may not happen regularly and is hard to reproduce, but it will hit you if you leave the old version long enough. It's better to patch than to hope.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-uuid-flaw-in-fiber-v2-framework-enables-session-hijacking-s-n-a-1-9/gD2P6Ple2L

Ivanti Patches High-Severity Authentication Bypass in Endpoint Manager

Ivanti patched a high-severity authentication bypass (CVE-2026-1603) and a SQL injection flaw (CVE-2026-1602) in its Endpoint Manager software that could allow attackers to steal credentials and sensitive database information.

**If you are using Ivanti EPM, one more patch cycle. Plan a quick update to Ivanti EPM instance to version 2024 SU5 or later. If possible, make sure your management servers are not exposed directly to the public internet.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/ivanti-patches-high-severity-authentication-bypass-in-endpoint-manager-d-7-x-9-j/gD2P6Ple2L

Critical Authentication Bypass Flaws Reported in ZLAN Industrial Gateways

ZLAN5143D industrial gateways contain two critical vulnerabilities (CVE-2026-25084 and CVE-2026-24789) that allow unauthenticated remote attackers to bypass security and reset device passwords. The vendor has not yet responded to these issues and there are no patches.

**If you use ZLAN5143D gateways, make sure they are isolated from the internet and accessible only from trusted networks. Since the vendor hasn't provided a patch, network isolation and VPN-only access are your only defense. Reach out to the vendor for patches, and if no patches are available, start planning a replacement.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-flaws-uncovered-in-zlan-industrial-gateways-k-4-k-9-i/gD2P6Ple2L