Cetera Financial Group Data Breach Notification
Cetera Financial Group has issued a data breach notification letter to affected individuals in Massachusetts following an email event. The company is offering complimentary 24-month credit monitoring services to mitigate potential identity theft risks. The notification is mandated by Massachusetts law.
Deschutes Public Library Data Security Incident Notice
The Massachusetts Attorney General's office has issued a data security incident notice for the Deschutes Public Library. The notice informs consumers about a breach involving personal information and outlines their rights under Massachusetts law, including steps for credit monitoring and placing security freezes.
Liberty Bankers Life Ins Co Data Breach Notification
The Massachusetts Attorney General's Office has issued a breach notification letter concerning Liberty Bankers Life Insurance Company. The notice details a data security incident that occurred on November 4, 2025, where unauthorized access to network files may have exposed consumer information, including personal identifiers. The company is offering identity monitoring services.
Coastal Carolina Health Care Data Security Incident Notification
Coastal Carolina Health Care, PA is notifying Massachusetts residents of a data security incident affecting personal and protected health information. The notice provides details on the incident and resources for affected individuals, including instructions for credit monitoring and identity theft protection services, as required by Massachusetts law.
Dubroff, Easley & Lovell LLP Security Incident Notification
Dubroff, Easley & Lovell, LLP is notifying affected individuals of a data security incident that occurred between September 2, 2025, and September 22, 2025. The law firm determined on March 3, 2026, that personal data may have been acquired by an unauthorized party. The firm is offering complimentary identity monitoring services.
LanguageLine Solutions Data Breach Notification
LanguageLine Solutions is notifying affected individuals in Massachusetts about a data breach impacting the Interpreter Intelligence platform. The incident, which occurred around December 29, 2025, may have exposed personal information. The company is offering complimentary credit monitoring and identity protection services.
CW Advisors Data Breach Notification
CW Advisors, LLC is notifying affected individuals in Massachusetts about a data security incident that compromised their names and Social Security numbers. The company is offering two years of complimentary credit monitoring and identity theft protection services to mitigate potential harm.
Kaaj Technologies Data Breach Notification
Kaaj Technologies Inc. is notifying Massachusetts residents of a data breach impacting personal information, including full name and [Extra1]. The company is offering complimentary 24-month identity protection services through Experian IdentityWorks and identity restoration support.
MXB Battery Operations LP Data Breach Notification
MXB Battery Operations LP is notifying affected individuals in Massachusetts of a data breach that occurred on March 26, 2026. The breach may have exposed personal information, including names. The company is offering complimentary credit monitoring services to mitigate potential harm.
City of Washington Court House Data Breach Notification
The Massachusetts Office of the Attorney General has issued a data breach notification for the City of Washington Court House. The notice provides guidance to affected residents on steps to protect themselves, including information on credit freezes, identity theft reporting, and resources from the FTC and state agencies.
Ailco Equipment Finance Group Data Privacy Incident Notification
Ailco Equipment Finance Group is notifying affected individuals in Massachusetts about a data privacy incident experienced by its service provider, Kaaj Technologies Inc. The incident may have impacted full names and other personal information. Affected individuals are offered complimentary identity protection services.
STRATeBEN Inc. Data Breach Notification
STRATeBEN Inc., an employee benefits consulting firm, has issued a data breach notification to individuals whose name, Social Security number, and date of birth were compromised. The company is offering 24 months of complimentary identity monitoring services through Kroll to affected individuals.
Summit Insurance Data Breach Notification
Summit Insurance Services, Inc. is notifying affected individuals in Massachusetts about a data security incident that occurred between September 18, 2024, and December 2, 2024. The company is offering complimentary credit monitoring and fraud assistance services to mitigate potential harm.
Data Breach Notification from Empowerment Schools, CHCP
Empowerment Schools - Healthcare Ltd and Texas Medical Careers, Limited (CHCP) are notifying individuals of a data breach discovered on August 21, 2025. An unauthorized third-party accessed certain files between August 16-20, 2025, potentially exposing personal information. CHCP is offering free credit monitoring and identity theft insurance.
Brock Built Homes Data Incident Notice
The Massachusetts Executive Office of Health and Human Services has issued a notice regarding a data incident affecting Brock Built Homes. The incident, which occurred between October 17-20, 2025, may have exposed personal information including Social Security numbers and financial details. Brock Built Homes is offering 12 months of free credit monitoring services.
Breach Notification Letter - Rockland Trust
The Massachusetts Division of Insurance has issued a breach notification letter concerning Rockland Trust, dated March 1, 2026. This document appears to be part of a series of notifications related to data breaches affecting entities within the state.
Breach Notification Letter - Rockland Trust
This document is a breach notification letter from Rockland Trust, dated March 1, 2026. It informs recipients about a data security incident involving a mysterious manuscript and a missing page, detailing the investigation and clues found. The letter is part of Massachusetts' breach notification requirements.
Breach Notification Letter - Rockland Trust
The Massachusetts Attorney General's Office has issued a breach notification letter concerning Rockland Trust, dated March 1, 2026. The document details a security incident involving a mysterious handwritten manuscript and a missing page, potentially related to a powerful artifact and a curse.
Shopify International Limited Processor Binding Corporate Rules Approved
The Irish Data Protection Commission (DPC) has approved the Binding Corporate Rules (BCRs) for Shopify International Limited as a data processor. This decision provides a framework for Shopify's international data transfers, ensuring compliance with GDPR standards.
Shopify Controller Binding Corporate Rules Approved
The Irish Data Protection Commission, in conjunction with the EDPB, has approved Shopify International Limited's Binding Corporate Rules (BCRs) for controllers. This decision provides a framework for Shopify to transfer personal data to third countries while ensuring an essentially equivalent level of protection as required by the GDPR.
Data Protection Commission Approves Binding Corporate Rules for Intec Billing Ireland
The Irish Data Protection Commission (DPC) has approved the Binding Corporate Rules (BCRs) for processor Intec Billing Ireland Limited, on behalf of the CSG group. This decision provides a framework for the group's international data transfers, ensuring compliance with GDPR requirements.
University Hospitals Birmingham NHS Trust Enforcement Action
The UK's Information Commissioner's Office (ICO) has issued an enforcement notice against University Hospitals Birmingham NHS Foundation Trust. The notice details breaches of data protection law, requiring the Trust to take specific actions to rectify the issues.
Queen Elizabeth Hospital NHS Trust Enforcement Action
The UK's Information Commissioner's Office (ICO) has taken enforcement action against Queen Elizabeth Hospital King's Lynn NHS Foundation Trust. This action involves an enforcement notice, indicating a significant regulatory finding related to data protection practices within the Trust.
NIST Sends Reference Materials to ISS for Health Study
NIST has sent seven reference materials, including house dust and human liver tissue, to the International Space Station (ISS) for a health study. These materials will help researchers understand the effects of the space environment on manufacturing and human health, supporting U.S. leadership in the commercial space sector.
NIST Launches AI Agent Standards Initiative
NIST announced the launch of its AI Agent Standards Initiative to foster industry-led standards and protocols for AI agents, focusing on security and interoperability. The initiative aims to build public trust and catalyze widespread adoption of autonomous AI systems.
NIST CAISI Seeks Input on Securing AI Agent Systems
NIST's Center for AI Standards and Innovation (CAISI) has issued a Request for Information (RFI) to gather insights on securing AI agent systems. The RFI seeks input on unique security threats, methods for improvement, and measurement approaches for these autonomous systems.
NIST Guidelines for Securing Smart Speakers in Home Health Care
NIST has released new guidelines to mitigate cybersecurity and privacy risks associated with integrating smart speakers into home health care systems. The guidelines aim to protect patient confidentiality and provider data in telehealth applications utilizing voice-activated digital assistants.
Draft NIST Cyber AI Profile for Cybersecurity Guidelines
NIST has released a draft Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile) to guide organizations in integrating AI while managing cybersecurity risks. The profile focuses on securing AI systems, using AI for cyber defense, and thwarting AI-enabled attacks.
EU Legal Professional Privilege Challenged by AI Confidentiality Risks
This article discusses how the adoption of Generative AI tools poses new challenges to legal professional privilege (LPP) under EU law. It highlights concerns that using AI may inadvertently undermine LPP protections, potentially exposing communications to public authorities. The guidance aims to identify key challenges and offer practical advice for safeguarding LPP.
European Cybersecurity M&A Climbs Amid Accelerating AI-Driven Attacks
European cybersecurity M&A is projected to increase due to a rise in AI-driven attacks and new EU regulations like NIS2 and the Cyber Resilience Act. The European cybersecurity market is expected to grow significantly, driven by increased investment and regulatory mandates for enhanced cyber defenses.
Identifying AI-Generated Evidence and Holding Counsel Accountable
This article from JD Supra discusses the increasing prevalence of AI-generated evidence in legal proceedings and provides guidance for attorneys on how to identify and authenticate such evidence. It emphasizes the importance of critical evaluation, metadata analysis, and expert consultation to ensure the integrity of evidence and hold counsel accountable for its use.
AI Pricing and Evidence Avoidance: Competition Law Risks
JD Supra highlights emerging competition law risks associated with AI-powered pricing and evidence avoidance tools. The guidance warns companies that traditional antitrust principles apply to algorithmic conduct, citing enforcement actions in the EU, UK, and US that have resulted in significant fines.
Trump Administration AI Regulation Framework and Proposed Bill
The Trump administration released a National Policy Framework for Artificial Intelligence, outlining a non-binding 'wish list' for federal AI regulation. This framework, alongside a draft bill from Senator Marsha Blackburn, signals significant movement towards comprehensive federal AI legislation, emphasizing federal preemption of state laws and a 'light-touch' approach using existing agencies.
Oklahoma Enacts Comprehensive Consumer Data Privacy Law
Oklahoma has enacted Senate Bill 546, establishing its comprehensive consumer data privacy law, making it the 21st state with such legislation. The law applies to businesses meeting specific data processing thresholds and grants consumers rights similar to those in other state privacy laws.
Oklahoma Enacts Comprehensive State Privacy Law
Oklahoma has enacted its 21st state-level comprehensive privacy law, Enrolled Senate Bill No. 546, which will take effect on January 1, 2027. The law grants consumers specific privacy rights and imposes obligations on businesses regarding data processing, security, and disclosures, enforced by the Attorney General.
New Laws Restrict AI for Minors, Add Privacy Rights
Washington state has enacted a new law, effective January 1, 2027, that imposes restrictions on the use of AI for minors and introduces new privacy rights. The law defines 'companion chatbots' broadly and may impact companies using conversational AI for customer engagement, requiring compliance with governance mechanisms, design elements, and potentially facing private rights of action.
Brazil-EU Data Transfer Adequacy Decision
Brazil's ANPD and the European Commission have recognized mutual adequacy for personal data transfers, simplifying mechanisms under their respective data protection laws. While this eases contractual friction, underlying processing compliance remains critical for entities transferring data between the EU and Brazil.
F5 BIG-IP RCE Vulnerability (CVE-2025-53521)
CISA has issued a notice regarding a critical RCE vulnerability (CVE-2025-53521) in F5 BIG-IP APM. The vulnerability has a CVSS score of 9.8 and is actively exploited. Affected versions require immediate attention.
CISA Adds CVE-2025-53521 to Known Exploited Vulnerabilities Catalog
CISA has added CVE-2025-53521, a remote code execution vulnerability in F5 BIG-IP, to its Known Exploited Vulnerabilities (KEV) Catalog. This addition is based on evidence of active exploitation and requires Federal Civilian Executive Branch agencies to remediate the vulnerability.
Internet Systems Consortium Kea Vulnerability Allows Denial of Service
CERT-Bund has issued a security advisory regarding a vulnerability in Internet Systems Consortium Kea, a DHCP server implementation. The vulnerability, with a CVSS base score of 7.5, allows remote attackers to cause a denial of service. Affected versions include Kea <2.6.5 and <3.0.3.
Siemens SICAM Vulnerabilities Allow Denial of Service Attacks
CERT-Bund has issued a security advisory regarding multiple vulnerabilities in Siemens SICAM SCADA systems. These vulnerabilities, with a CVSS base score of 7.5, can be exploited by attackers to perform Denial of Service attacks. Affected products include Siemens SICAM CPCI85, RTUM85, and SICORE with versions prior to specific updates.
Tigervnc Vulnerability: Info Disclosure, File Manipulation, DoS
CERT-Bund has issued a security advisory for Tigervnc, detailing vulnerabilities that could lead to information disclosure, file manipulation, and denial of service. The advisory affects Tigervnc versions prior to 1.16.2 on Linux, UNIX, and Windows systems.
WatchGuard Firebox Vulnerabilities
CERT-Bund has issued a security advisory regarding multiple vulnerabilities in WatchGuard Firebox products, with a base CVSS score of 6.7. The advisory details affected versions and potential impacts, including remote code execution and denial of service.
vllm vulnerability allows remote code execution
CERT-Bund has issued a security advisory regarding a critical vulnerability (CVSS 8.8) in the open-source vLLM library, which allows remote code execution. The advisory affects versions prior to 0.18.0 and impacts Linux and UNIX operating systems. Mitigation information is available.
Hitachi Virtual Storage Platform Vulnerabilities
CERT-Bund has issued a security advisory regarding critical vulnerabilities (CVSS 9.8) in Hitachi Virtual Storage Platform. The vulnerabilities allow for remote code execution and authentication bypass. Mitigation measures are available.
SmarterTools SmarterMail Multiple Vulnerabilities
CERT-Bund has issued a security advisory for SmarterTools SmarterMail, detailing multiple vulnerabilities that could allow an unspecified attack. The advisory highlights affected systems including Windows and UNIX, and notes that a mitigation is available. The CVSS base score is 6.5 (medium).
Dovecot Vulnerabilities Allow SQL Injection, Authentication Bypass, Info Exposure
CERT-Bund has issued a security advisory for Dovecot, an open-source email server, detailing multiple vulnerabilities. These flaws, with a CVSS base score of 7.7, can be exploited by attackers to perform SQL injection, bypass authentication, expose sensitive information, or cause denial-of-service conditions. Mitigation is available.
IBM App Connect Enterprise Critical Vulnerabilities
CERT-Bund has issued a security advisory regarding critical vulnerabilities in IBM App Connect Enterprise versions prior to 11.6.0, 12.21.0, and 12.0.22. The vulnerabilities, with a CVSS base score of 9.8, could allow attackers to manipulate files, cause denial of service, execute arbitrary code, or perform cross-site scripting attacks.
LangChain vulnerability allows information disclosure
CERT-Bund has issued a security advisory regarding a vulnerability in the LangChain open-source framework. The vulnerability allows remote attackers to disclose information, with a CVSS base score of 7.5. The advisory affects versions prior to 1.2.22.
Grafana Vulnerabilities Allow File Manipulation and DoS
CERT-Bund has issued a security advisory regarding multiple vulnerabilities in Grafana versions prior to 12.3.6, 12.2.8, 12.1.10, 11.6.14, and 12.4.2. These vulnerabilities allow authenticated remote attackers to manipulate files or cause a denial-of-service condition. Mitigation is available.
n8n SQL-injection vulnerability, CVSS 8.8
CERT-Bund has issued a security advisory for n8n, detailing a critical SQL-injection vulnerability (CVSS 8.8) affecting versions prior to 1.123.26, 2.14.1, and 2.13.3. The vulnerability allows remote authenticated attackers to execute SQL injection attacks. Mitigation is available.
OpenClaw AI assistant vulnerabilities
CERT-Bund has issued a security advisory for OpenClaw, a personal AI assistant, detailing multiple critical vulnerabilities. The advisory highlights risks including elevated privileges, arbitrary code execution, and denial-of-service attacks, with a CVSS base score of 8.8.
Insurance Broker Indicted for Fraud and Theft
The Colorado Attorney General's Office announced the indictment of George Gonzalez, an insurance broker, on 23 felony counts for allegedly diverting over $100,000 in insurance premium payments. The indictment includes charges of insurance fraud and theft, affecting multiple insurance companies and their customers.