CAA-2026-0007 Browser Ads Driving Engagement with Low-Reputation Software
Since July 2025, CyberAlberta Threat Intelligence identified at least four campaigns using browser ads to deliver Potentially Unwanted Programs (PUPs). Some of these PUPs come bundled with information stealer malware or a backdoor.
Published 2026-03-05
CAA-2026-0009 Iran-Linked Cyber Activity and Relevance to Alberta Organizations
On 28 February 2026, the United States (U.S.) and the State of Israel (Israel) launched military strikes against the Islamic Republic of Iran (Iran). Canadian organizations, especially those with operations in the Middle East, should review their cybersecurity posture and remain vigilant to threats posed by Iranian-aligned cyber threat actors.
Published 2026-03-03
CAA-2026-0004 WinRAR High-Severity Vulnerability Continues to be Actively Exploited
On 27 January 2026, Google Threat Intelligence Group (GTIG) identified the active exploitation of CVE-2025-8088 by multiple government-backed threat actors linked to Russia and China, and financially motivated threat actors. CVE-2025-8088 is a path traversal vulnerability affecting Windows versions of WinRAR prior to 7.13.
Published 2026-02-10
CAA-2026-0001 Fortinet Devices Remain Vulnerable to SSO Authentication Bypass
On 22 January 2026, Fortinet acknowledged there is an active security issue with FortiCloud SSO that was not addressed in the December 2025 security patches for vulnerabilities CVE-2025-59718 and CVE-2025-59719. Fortinet urges customers to implement mitigations against this attack as a security patch is not available at the time of publication.
Published 2026-01-23
CAA-2025-0064 React and Next.js Vulnerable to Critical Remote Code Execution Vulnerability
On 3 December 2025, React disclosed the critical remote code execution (RCE) vulnerability CVE-2025-55182 affecting multiple React Server Components (RCS) packages and the broader ecosystem of frameworks that rely on the React Flight protocol. Consequently, Next.js disclosed a downstream critical vulnerability labelled as CVE-2025-66478, which has since been rejected as a duplicate of CVE-2025-55182 as it is affected by the same flaw.
Published 2025-12-05
CAA-2025-0063 Smishing campaign impersonating GoA
On 26 November 2025, the Government of Alberta (GoA) and CyberAlberta Threat Intelligence identified a SMS phishing (smishing) campaign targeting Albertans. Further analysis revealed similar campaigns impersonating government and private services across Canada.
Published on 2025-11-27
CAA-2025-0056 Zooming Out - WebinarTV’s Rampant Scraping of Online Meetings
CyberAlberta recently discovered that a webinar hosting platform known as WebinarTV is actively scraping and redistributing both public and private Zoom webinars without knowledge or consent of organizers. Initial access is typically gained through third-party browser extensions such as AI-powered transcription or auto-join tools. These extensions are inadvertently provided calendar permissions by their users and, in some cases, users are willfully submitting meeting details to the WebinarTV platform without the knowledge or consent of the organizers.
Published 2025-10-07
CAA-2025-0058 The Scattering - How the Shai-Hulud Worm Malware Propagated Through the npm Ecosystem
Since September 14th, 2025, a new worm malware known as Shai-Hulud has been propagating throughout the npm package ecosystem, resulting in a widespread supply chain compromise. Shai-Hulud establishes a foothold into development environments, automatically infects related packages, and exposes high-value credentials along its path, introducing high risks of secondary attacks
Published 2025-10-03
Multiple Cisco Products Vulnerable to Three Zero-Day Vulnerabilities with Active Exploitation
On 25 September 2025, Cisco released security advisories disclosing three zero-day vulnerabilities affecting multiple Cisco products including: ASA, FTD, IOS, IOS XE, and IOS XR.
Published 2025-09-26
CAA-2025-0048 The Evolving Threat of Vendor Email Compromise and a Recent Incident Targeting an Alberta Organization
On May 27th, 2025, an Alberta-based organization was targeted by a threat actor impersonating a trusted third-party vendor attempting to fraudulently redirect funds.
Published 2025-07-31
CAA-2025-0044 Recent Scattered Spider Infrastructure Hints at Possible Targeting of Oil and Gas Industry
Active since late 2022, Scattered Spider is a sophisticated threat actor group consisting of mostly U.S. and U.K. residents best known for adept social engineering leveraging native fluency in English, as well as phishing to gain
initial access to enterprise environments.
Published 2025-07-07
CAA-2025-0039 Fraudulent Ads on Social Media Increasingly Targeting National and Local Online Users
CyberAlberta Threat Intelligence is aware of a recent surge in fraudulent ads appearing on various social media platforms targeting Canadians at a national and local level. These campaigns -- operated by financially motivated threat actors -- leverage impersonation tactics, social engineering, and generative AI to deceive victims into divulging sensitive financial and personal information.
Published 2025-06-20
CAA-2025-0037 Active Threat Impersonating the Government of Alberta to Scam the Public
CyberAlberta Threat Intelligence has received multiple reports of a malicious domain
impersonating the Government of Alberta, claiming to offer Canada Carbon Rebate (CCR)
payments to illicit personally identifiable information (PII) from members of the public.
Published 2025-06-16
CVE-2024-38063 Severe Risk Windows Vulnerability
Security experts are urgently advising Windows system administrators to address a critical pre-auth remote code execution vulnerability in the Windows TCP/IP stack, identified as CVE-2024-38063. Microsoft has rated this flaw with a CVSS score of 9.8/10, highlighting its potential for zero-click exploitation—an exploit that requires no user interaction—through crafted IPv6 packets.
Published 2024-08-22
Jasper Wildfire Phishing Potentials
As we navigate the challenges posed by the ongoing Jasper wildfire emergency and similar emergency events it is crucial to remain vigilant against potential phishing scams. Cybercriminals often exploit such crises to target individuals with fraudulent emails, messages, and phone calls.
Published 2024-07-26
Millions of Microsoft Windows Device Outages Result From CrowdStrike Update
A widespread technology outage attributed to a software update issued by CrowdStrike
resulted in crashes of machines running the Microsoft Windows operating system. The outage
has affected airlines, banks, broadcasters, IT service providers, and other businesses
worldwide—including members of the CyberAlberta Community of Interest—causing significant
disruptions.
Published 2024-07-19
GoA Impersonated Text Message Scam & Spoofed Website
On 25 June 2024, an Albertan reported a text message received that purported to contain information relating to an assessment for financial compensation for Albertans. Contained in the
message is a link to a website (myalbertagov[dot]org) which alleges to have an assessment that the recipient can review and where they can enter their banking information to receive the compensation mentioned in the email.
Published 2024-06-26
Check Point Network Gateway Vulnerability
On 27th May 2024, Check Point disclosed a zero-day arbitrary file read vulnerability tracked as CVE-2024 24919 which affects multiple Check Point network gateway devices. Security patches were also released at the same time to remediate the flaw which, according to Check Point, only affected devices that have remote access virtual private network (VPN), or mobile access enabled.
Published 2024-06-05
XZ Utils Library Vulnerability
On March 29th, 2024, a secret backdoor was discovered in the open source xz-utils package; commonly found in several Linux distributions.
Published 2024-04-05
GoA SMS Phishing Scam & Spoofed Website
It has come to light that there is another spoofed webpage running an identical phishing campaign. The new impersonating domain is infractions-ab[.]com. The GoA is taking action to also have this site removed.
Published 2024-03-22