CISA: Schneider Electric EcoStruxure Foxboro DCS Vulnerability Identified
CISA has issued an advisory regarding a deserialization of untrusted data vulnerability in Schneider Electric's EcoStruxure Foxboro DCS Control Software. The vulnerability, identified as CVE-2026-1286, could lead to loss of confidentiality, integrity, and potential remote code execution. Schneider Electric has released version CS 8.1 as a fix.
CISA Advisory: Pharos Controls Mosaic Show Controller Vulnerability
CISA has released an advisory regarding a critical vulnerability (CVE-2026-2417) in Pharos Controls Mosaic Show Controller firmware version 2.15.3. Successful exploitation could allow an unauthenticated attacker to execute arbitrary commands with root privileges. Pharos Controls recommends upgrading to version 2.16 or later.
CISA Advisory: Grassroots DICOM Memory Leak Vulnerability CVE-2026-3650
CISA has issued an advisory regarding a critical memory leak vulnerability (CVE-2026-3650) in Grassroots DICOM (GDCM) versions 3.2.2. Successful exploitation could allow an attacker to cause a denial-of-service condition by sending a specially crafted file. The vulnerability affects the Healthcare and Public Health critical infrastructure sectors worldwide.
CISA: Schneider Electric Plant iT/Brewmaxx Vulnerabilities Allow Remote Code Execution
CISA has issued an advisory regarding multiple vulnerabilities in Schneider Electric's Plant iT/Brewmaxx software, versions 9.60 and above. Successful exploitation could lead to privilege escalation and remote code execution. The advisory provides specific CVE details and mitigation steps recommended by the vendor.
EDPB Conference on GDPR, DMA, DSA Cooperation
The European Data Protection Board (EDPB) held a conference on March 17, 2026, discussing cross-regulatory cooperation between data protection authorities and those overseeing competition, the Digital Markets Act (DMA), and the Digital Services Act (DSA). Key takeaways included the need for aligned approaches between data protection and competition regulators, and the importance of coherent interpretation of the DMA and GDPR, as well as the DSA and GDPR.
LibreNMS Vulnerability Allows Remote Code Execution
CERT-FR has issued an advisory regarding a critical vulnerability in LibreNMS versions prior to 26.3.0. This vulnerability allows for remote code execution and data integrity compromise. Users are advised to consult the LibreNMS security bulletin for patch information.
strongSwan Remote Denial of Service Vulnerability
CERT-FR has issued a security advisory regarding a remote denial of service vulnerability (CVE-2026-25075) in strongSwan versions prior to 6.0.5. The advisory urges users to refer to the vendor's security bulletin for patch information.
Multiple Vulnerabilities in Google Chrome
CERT-FR has issued an advisory regarding multiple vulnerabilities discovered in Google Chrome. The advisory urges users to refer to Google's security bulletin for patch information, as these vulnerabilities could lead to unspecified security issues.
Spring Cloud Config Vulnerability Allows Server-Side Request Forgery
CERT-FR has issued an advisory regarding a critical vulnerability (CVE-2026-22739) in Spring Cloud Config versions prior to 3.1.13, 4.1.9, 4.2.6, 4.3.2, and 5.0.2. The vulnerability allows for Server-Side Request Forgery (SSRF), enabling attackers to potentially compromise server security.
Multiple Ruby on Rails Vulnerabilities Allow Remote Code Execution
CERT-FR has issued an advisory regarding multiple vulnerabilities discovered in Ruby on Rails versions. These vulnerabilities could allow attackers to achieve remote code execution, denial of service, or data integrity breaches. Affected systems include various versions of actionpack, actionview, activestorage, and activesupport.
Trend Micro Deep Discovery Inspector Vulnerability Allows Remote Code Execution
CERT-FR has issued an advisory regarding a critical vulnerability in Trend Micro Deep Discovery Inspector. The vulnerability, identified as CVE-2025-15467, allows for remote code execution and denial of service. Affected versions require immediate patching.
Xen Vulnerability Allows Security Policy Bypass
CERT-FR has issued an advisory regarding a vulnerability in Xen, identified as CVE-2026-31788. This vulnerability allows an attacker to bypass security policies. Affected systems are instances of Xen on Linux that have not applied specific security patches.
VMware Tanzu for Postgres Vulnerability Allows Remote Code Execution
CERT-FR has issued a security advisory regarding a vulnerability in VMware Tanzu for Postgres that allows for remote code execution. Affected versions include multiple release lines prior to specific patch levels. Users are advised to consult VMware's security bulletin for remediation.
binutils vulnerability allows remote Denial of Service attack
CERT-Bund has issued a security advisory regarding a vulnerability in GNU Binary Utilities (binutils) versions prior to 2.47. This vulnerability allows remote attackers to perform a Denial of Service attack. Mitigation is available.
Citrix NetScaler Multiple Vulnerabilities
CERT-Bund has issued a security advisory for Citrix NetScaler, detailing multiple critical vulnerabilities (CVSS score 10.0) that allow remote attackers to disclose information and take over user sessions. Affected versions include specific releases of NetScaler ADC and Gateway prior to 14.1-66.59 and 13.1-62.23/37.262.
Google Chrome Vulnerabilities Advisory
CERT-Bund has issued an advisory regarding multiple high-severity vulnerabilities in Google Chrome, with a CVSS base score of 8.8. The advisory, dated March 23, 2026, indicates that these vulnerabilities could allow remote attackers to execute code, cause denial-of-service, or expose information. Mitigation measures are available.
Froxlor Vulnerability Allows File Manipulation and Information Disclosure
CERT-Bund has issued a security advisory for Froxlor, a web-based server management software. A vulnerability allows attackers to manipulate files and disclose information, with a CVSS base score of 8.2. The advisory applies to versions prior to 2.3.5.
cPanel cPanel/WHM Multiple Vulnerabilities
CERT-Bund has issued a security advisory for multiple critical vulnerabilities in cPanel cPanel/WHM, with a CVSS base score of 9.8. These vulnerabilities affect Linux and UNIX systems running affected versions of the software. Mitigation is available.
CODESYS Vulnerabilities Allow Code Execution and DoS
CERT-Bund has issued a security advisory for CODESYS, detailing multiple vulnerabilities that could allow attackers to execute arbitrary code or cause a denial of service. The advisory affects CODESYS versions prior to 3.5.22.0 and 4.21.0.0.
Ruby on Rails Vulnerabilities: DoS, File Manipulation, XSS
CERT-Bund has issued a security advisory for Ruby on Rails, detailing multiple vulnerabilities including Denial of Service, file manipulation, and Cross-Site Scripting. The advisory highlights critical severity with a CVSS Base Score of 9.1 and provides mitigation information for affected versions.
Red Hat Undertow Vulnerability Allows Remote Denial of Service
CERT-Bund has issued a security advisory regarding a vulnerability in Red Hat Undertow, a web server. The vulnerability allows remote attackers to perform a Denial of Service attack. The advisory provides a CVSS score of 5.9 and notes that mitigation is not yet available.
Znuny Vulnerability Allows Remote Cross-Site Scripting Attack
CERT-Bund has issued a security advisory regarding a vulnerability in Znuny, an open-source ticketing software. The vulnerability allows remote attackers to perform a Cross-Site Scripting (XSS) attack. Affected versions include Znuny LTS <6.5.19 and Znuny <7.3.1.
VMware Tanzu Spring Cloud Vulnerability Allows Information Disclosure
CERT-Bund has issued a security advisory for VMware Tanzu Spring Cloud, detailing a vulnerability that allows remote attackers to disclose information. The advisory affects multiple versions of VMware Tanzu Spring Cloud Config and provides mitigation guidance.
MongoDB C Driver Vulnerability Allows Denial of Service
CERT-Bund has issued a security advisory regarding a vulnerability in the Open Source MongoDB C Driver versions prior to 2.2.3 and 1.30.8. The vulnerability allows remote, authenticated attackers to perform a Denial of Service attack. Mitigation is available.
systemd Vulnerabilities Allow Denial of Service or Code Execution
CERT-Bund has issued a security advisory regarding multiple vulnerabilities in systemd, a Linux system and service manager. Exploitation could lead to denial of service or code execution with administrator privileges. Affected versions include open source systemd prior to various specific release numbers.
strongSwan Vulnerability Allows Denial of Service Attack
CERT-Bund has issued a security advisory regarding a vulnerability in strongSwan, a VPN implementation. The vulnerability allows remote attackers to conduct Denial of Service attacks. Affected systems include various Linux distributions and other operating systems.
NIST Cybersecurity Framework 2.0 Informative References Quick-Start Guide
NIST has released an initial public draft of the SP 1347, 'NIST Cybersecurity Framework 2.0: Informative References Quick-Start Guide.' This document explains informative references and their role in achieving CSF 2.0 outcomes, introducing NIST tools for managing them and exploring AI's support for reference data.
UCA FOI Request Decision Notice
The Information Commissioner's Office (ICO) issued a decision notice regarding a Freedom of Information (FOI) request made to the University for the Creative Arts (UCA). The ICO found that UCA breached FOI laws by failing to respond within the statutory timeframe and by not issuing a proper refusal notice. No further steps were required by the ICO.
ICO Decision on Islington FOI and Data Protection Complaint
The UK Information Commissioner's Office (ICO) issued a decision regarding a complaint against the London Borough of Islington concerning FOI and EIR requests. While the council was found to have committed a procedural breach of EIR regulation 14, no further action is required.
ICO Upholds FOI Complaint Against NHS Trust
The UK's Information Commissioner's Office (ICO) has upheld a Freedom of Information (FOI) complaint against Guy's and St Thomas' NHS Foundation Trust. The Trust failed to respond to a request within the statutory 20 working days. The ICO has ordered the Trust to respond within 30 calendar days.
ICO Overturns Bristol Council's Freedom of Information Refusal
The UK's Information Commissioner's Office (ICO) has overturned Bristol City Council's refusal to provide information regarding road blocks for the East Bristol Liveable Neighbourhood project. The ICO found the council incorrectly categorised the request as manifestly unreasonable.
ICO Upholds FOI Complaint Against DHSC
The UK Information Commissioner's Office (ICO) has upheld a complaint against the Department of Health & Social Care (DHSC) for failing to complete public interest test considerations within a reasonable time. The DHSC is now required to provide a substantive response to the FOI request within 30 calendar days.
ICO Decision: Lewisham Council FOI 17 Upheld, 40(2) Not Upheld
The UK's Information Commissioner's Office (ICO) issued a decision regarding a Freedom of Information (FOI) request made to Lewisham Council. The ICO upheld the council's decision to withhold information under FOI section 40(2) but found the council breached section 17 by failing to issue a timely refusal notice.
ICO Decision Notice: NHS Trust Failed to Respond to FOI Request
The Information Commissioner's Office (ICO) has upheld a Freedom of Information (FOI) request against North East London NHS Foundation Trust. The Trust failed to respond to the request within the statutory 20 working days. The ICO has ordered the Trust to provide a response within 30 calendar days.
ICO Upholds HM Treasury FOI Refusal on Policy Grounds
The UK's Information Commissioner's Office (ICO) has upheld HM Treasury's refusal to disclose meeting notes and minutes to the Finance and Leasing Association, citing Section 35 of the Freedom of Information Act concerning government policy formulation. The ICO found that HM Treasury was entitled to withhold the information on these grounds.
DfE FOIA Breach Decision
The UK's Information Commissioner's Office (ICO) has upheld a complaint against the Department for Education (DfE) for breaching the Freedom of Information Act (FOIA). The DfE failed to provide a substantive response to a request made on 29 January 2026 within the statutory 20 working days.
Cleveland Police FOI Data Protection Complaints Decision
The ICO has issued a decision notice regarding Cleveland Police's handling of Freedom of Information (FOI) requests related to historic child sexual abuse investigations. The ICO found that while the police were correct to withhold some information under FOIA exemptions, they must now disclose the parts of the report that are not exempt.
ICO Decision on Kingston Upon Thames FOI Data Protection Complaints
The ICO issued a decision regarding data protection complaints against the Royal Borough of Kingston Upon Thames. While the council was found not to hold the requested information under EIR regulation 12(4)(a), its internal review process did not comply with regulation 11(4). No further steps are required by the Commissioner.
ICO Decision: Oxford City Council correctly withheld expense report data
The UK's Information Commissioner's Office (ICO) issued a decision finding that Oxford City Council correctly withheld expense report data under section 40(2) of the Freedom of Information Act (FOIA). The decision upholds the council's reliance on the third-party personal information exemption.
ICO Decision Notice: Halton Council Mersey Gateway Bridges Information Request
The UK's Information Commissioner's Office (ICO) has upheld a complaint against Halton Council regarding a request for information about the Mersey Gateway bridges. The ICO found the Council failed to conduct a reasonable search for the requested information, violating the Environmental Information Regulations (EIR). The Council must now conduct further searches and issue a new response.
ICO Decision Notice: Waste Management Information Request
The UK's Information Commissioner's Office (ICO) issued a decision notice regarding a waste management information request. The ICO upheld the London Borough of Richmond Upon Thames' decision to withhold certain commercial and personal information under the Environmental Information Regulations (EIR). No further action is required by the council.
ICO Decision: HMRC FOI Request - Statutory Prohibition Upheld
The UK's Information Commissioner's Office (ICO) has issued a decision regarding a Freedom of Information (FOI) request made to HM Revenue and Customs (HMRC). The ICO upheld HMRC's decision to withhold certain information based on section 44(1) of the FOIA, which concerns statutory prohibitions on disclosure.
Bridgend Council FOI Complaint Upheld by ICO
The UK's Information Commissioner's Office (ICO) has upheld a complaint against Bridgend County Borough Council for failing to respond to a Freedom of Information (FOI) request within the statutory 20 working days. The council has been directed to provide a substantive response to the request.
ICO Upholds FOI Complaint Against London Borough of Enfield for Delayed Response
The UK's Information Commissioner's Office (ICO) has upheld a Freedom of Information (FOI) complaint against the London Borough of Enfield. The ICO found that the council failed to respond to a complainant's information request within the statutory 20-working-day limit, breaching Section 10 of the Freedom of Information Act.
ICO Decision Notice: Home Office FOI migrant stats upheld
The UK's Information Commissioner's Office (ICO) has upheld a complainant's appeal against the Home Office regarding a Freedom of Information (FOI) request for migrant arrival statistics. The ICO ruled that the Home Office improperly withheld information under the personal data exemption.
DAERA Decision on Freedom of Information and Data Protection Complaints
The ICO has issued a decision regarding complaints against the Department of Agriculture, Environment and Rural Affairs (DAERA) concerning freedom of information and data protection. DAERA was found to have breached EIR regulation 11(4) by failing to provide an internal review outcome within 40 working days, but was entitled to withhold certain commercial information.
ICO Decision Notice: DHSC FOI request on NHS data platform exempt
The UK's Information Commissioner's Office (ICO) issued a decision notice regarding a Freedom of Information (FOI) request concerning the NHS Federated Data Platform contract with Palantir Technologies Ltd. The ICO determined that information related to the formulation or development of government policy is exempt from disclosure under FOIA.
MoJ FOI Decision Notice - Information Not Held
The UK Information Commissioner's Office (ICO) issued a decision notice regarding a Freedom of Information (FOI) request made to the Ministry of Justice (MoJ). The ICO determined that the MoJ was entitled to refuse the request on the grounds that the information was not held in recorded form and would require the creation of new information.
GDPR Resolution on Right of Access and Sanction
The Spanish Data Protection Agency (AEPD) has issued a resolution regarding a complaint about the right of access under GDPR. The agency found that the respondent failed to provide a legally established response to the data subject's request, leading to the admission of the claim and the initiation of a procedure for infringement.
GDPR Rights Resolution: Access and Suppression Claims
The Spanish Data Protection Agency (AEPD) issued a resolution regarding a complaint about access and suppression rights under GDPR. The resolution addresses a claimant's assertion that the Directorate General of Police failed to fully respond to a request for information on biometric data processing and access.
GDPR Resolution on Data Access Rights for VIMCORSA
The Spanish Data Protection Agency (AEPD) issued a resolution regarding a data access rights complaint against VIMCORSA. The complainant alleged VIMCORSA obstructed their right to access personal data and related repair documentation for a property. The AEPD found that VIMCORSA's response was inadequate and potentially obstructed the complainant's rights under GDPR.
AEPD Resolution: Closure of Employee Biometric Data Tracking Investigation
The Spanish Data Protection Agency (AEPD) has closed an investigation into the Ayuntamiento de Valladolid regarding its use of fingerprint-based employee time tracking. The agency closed the case after the municipality confirmed it had ceased using biometric data for employee time registration on September 2, 2024, following AEPD guidance.
EDPB Opinion on Dutch Authority's IBM Group BCR Draft Decision
The European Data Protection Board (EDPB) has issued an opinion on a draft decision by the Dutch Data Protection Authority concerning the Binding Corporate Rules (BCRs) of the IBM Group. This opinion addresses the international transfer of data and the adequacy of IBM's BCRs.
EDPB Opinion on Dutch Authority's BCD Travel BCR
The European Data Protection Board (EDPB) has issued Opinion 7/2026 regarding a draft decision by the Dutch Supervisory Authority concerning the Binding Corporate Rules (BCRs) of BCD Travel Group. This opinion addresses the international transfer of personal data under GDPR.