Stryker Corporation 8-K/A - Cybersecurity Incident Material Impact Disclosure
Stryker Corporation filed Form 8-K/A with the SEC amending its March 11, 2026 cybersecurity incident disclosure to formally determine the incident had a material impact on operations and financial results for Q1 2026. The company continues its investigation with third-party experts and law enforcement.
Three Voluntary Undertakings on Ransomware, Database Misconfiguration, Email Breach
Singapore's Personal Data Protection Commission published three voluntary undertakings accepted from organizations following data breaches involving ransomware, database misconfiguration, and erroneous email disclosure of personal data. Common failures included inadequate access controls, improperly configured database permissions, and absence of operational safeguards. The organizations must implement specific remediation measures including MFA, security certifications, and data protection governance improvements.
GPL Odorizers GPL750 Missing Authentication Vulnerability CVE-2026-4436
CISA ICS-CERT published advisory ICSA-26-099-02 describing a high-severity vulnerability (CVSS 8.6) in GPL Odorizers GPL750 industrial odorization equipment. The vulnerability (CVE-2026-4436) allows low-privileged remote attackers to send Modbus packets to manipulate register values controlling odorant injection into gas lines, potentially causing too much or too little odorant to be injected. Affected versions include GPL750 (XL4) >=v1.0, (XL4 Prime) >=v4.0, (XL7) >=v13.0, and (XL7 Prime) >=v18.4.
Critical PLC Vulnerability Enables Arbitrary RPCs in Contemporary Controls BASC 20T
CISA published ICS Advisory ICSA-26-099-01 disclosing a critical vulnerability (CVE-2025-13926, CVSS 9.8) in Contemporary Controls BASControl20 version 3.1 PLCs. The flaw allows remote attackers to forge network packets and execute arbitrary Remote Procedure Calls, potentially enabling full device compromise. Affected sectors include Energy, Critical Manufacturing, and Commercial Facilities.
Multiple Elastic Vulnerabilities Allow Remote Code Execution
CERT-FR issued advisory CERTFR-2026-AVI-0413 alerting organizations to multiple critical vulnerabilities in Elastic products (Kibana and Logstash, versions 8.x and 9.x). The vulnerabilities allow remote code execution, data integrity compromise, confidentiality breaches, and denial of service. Organizations using these products must update to patched versions immediately.
Palo Alto Networks Multiple Vulnerabilities Including Remote Code Execution
CERT-FR published advisory CERTFR-2026-AVI-0412 disclosing multiple vulnerabilities in Palo Alto Networks products affecting Cortex XDR Agent, Cortex XSOAR/XSIAM, Prisma Browser, and Autonomous Digital Experience Manager. Several vulnerabilities allow remote code execution, data confidentiality breaches, and data integrity compromise. Organizations using affected Palo Alto products must apply vendor patches per referenced security bulletins.
Multiple Vulnerabilities in Mitel MiCollab SQLi Privilege Escalation
CERT-FR published security advisory CERTFR-2026-AVI-0411 disclosing multiple SQL injection and privilege escalation vulnerabilities in Mitel MiCollab collaboration software. Affected versions include MiCollab 10.2.x before 10.2 SP1, 10.x without latest security patch, and 9.8.x to 9.8.SP3 FP1 without latest patch. Organizations using Mitel MiCollab should apply vendor patches immediately to prevent unauthorized database access and privilege escalation attacks.
GitLab Multiple Vulnerabilities Allow Remote Code Execution, DoS, Data Breach
CERT-FR issued an alert on 11 critical vulnerabilities in GitLab Community and Enterprise Edition affecting versions before 18.10.3, 18.9.5, and 18.8.9. The flaws allow remote code execution, denial of service attacks, and data confidentiality breaches. Users must patch to version 18.10.3 or later to remediate.
Multiple Vulnerabilities in SonicWall SMA1000 Products
CERT-FR issued advisory CERTFR-2026-AVI-0409 warning of four critical vulnerabilities (CVE-2026-4112 through CVE-2026-4116) in SonicWall SMA1000 secure mobile access products. Affected versions include 12.4.3-x prior to 12.4.3-03387 and 12.5.0-x prior to 12.5.0-02624. Successful exploitation could result in data confidentiality breaches, security policy bypass, and privilege escalation.
Juniper Networks Multiple Vulnerabilities Allow Remote Code Execution
CERT-FR issued advisory CERTFR-2026-AVI-0408 covering 26 Juniper Networks security bulletins (JSA106016 through JSA107875), addressing multiple critical vulnerabilities in Junos OS and Junos OS Evolved across SRX, MX, and PTX Series platforms. Affected versions span from 21.4-EVO through 25.2R1, with risks including remote code execution, data confidentiality and integrity compromise, denial of service, and privilege escalation. Organizations running affected Juniper devices must apply available patches immediately.
Multiple Vulnerabilities in Google Chrome Fixed in Version 147
CERT-FR issued an advisory alerting that 32 CVE vulnerabilities (CVE-2026-5858 through CVE-2026-5889) affect Google Chrome versions prior to 147.0.7727.55/56 on Windows, Mac, and Linux. Users and administrators are advised to update to version 147 or later to remediate security risks. The vulnerabilities may allow attackers to exploit unspecified security issues.
Microsoft Multiples vulnérabilités - 6 CVEs identifiées
CERT-FR issued an advisory on 6 Microsoft CVEs affecting azl3 nodejs24 (versions prior to 24.14.1-1), azl3 opensc (prior to 0.27.1-1), and azl3/cbl2 polkit packages. The vulnerabilities allow attackers to cause unspecified security issues. Affected organizations should apply vendor patches immediately.
OpenClaw Multiple Vulnerabilities CVSS 6.3 Affecting Linux/UNIX
CERT-Bund issued a security advisory disclosing multiple vulnerabilities in OpenClaw (open source) versions prior to 2026.4.8 affecting Linux and UNIX operating systems. The vulnerabilities have a CVSS Base Score of 6.3 (medium) and enable remote attackers to disclose information, bypass security measures, or conduct unspecified attacks. Mitigation measures are available.
Proxmox VE Vulnerability Allows Information Disclosure
Proxmox VE Vulnerability Allows Information Disclosure
Linux Kernel Denial of Service Vulnerability - CVSS 4.0 Medium
CERT-Bund issued advisory WID-SEC-2026-1037 identifying a medium-severity (CVSS 4.0) denial-of-service vulnerability in multiple Linux Kernel versions. The flaw affects kernel versions prior to 5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.14, 6.19.4, and 7.0-rc1. A local attacker could exploit this vulnerability to cause system unavailability.
OpenCTI Remote Code Execution Vulnerability - CVSS 9.1 Critical
CERT-Bund issued a critical security advisory for OpenCTI (an open-source cyber threat intelligence platform), disclosing a remote code execution vulnerability with CVSS Base Score 9.1. The flaw affects all versions prior to 6.9.5 on Linux and UNIX systems, allowing authenticated remote attackers to execute arbitrary code. Mitigation measures are available.
Iranian Actors Target US Critical Infrastructure PLCs
NSA, FBI, CISA, EPA, DOE, and US Cyber Command issued a joint cybersecurity advisory warning that Iranian-affiliated APT actors are actively exploiting internet-facing Rockwell Automation/Allen-Bradley programmable logic controllers (PLCs) across U.S. critical infrastructure sectors. The advisory provides TTPs and IOCs and recommends urgent network audits, removal of PLCs from direct internet exposure, and logging review for ports 44818, 2222, 102, and 502.
Ivanti EPMM Code Injection Vulnerability CVE-2026-1340
CISA added CVE-2026-1340, a critical code injection vulnerability in Ivanti Endpoint Manager Mobile, to the Known Exploited Vulnerabilities catalog. The flaw carries a CVSS 9.8 score and allows unauthenticated remote code execution. Organizations running affected versions of Ivanti EPMM must apply patches immediately.
Mercer Advisors Inc. Data Breach Notice to Consumers
Vermont Attorney General's Office published a data breach notice on behalf of Mercer Advisors Inc., a registered investment adviser. The notice informs Vermont consumers that unauthorized access to personal information may have occurred. Affected consumers are advised to review the notice and monitor for potential fraud or identity theft.
Docketwise Data Breach Notice to Vermont Consumers
The Vermont Attorney General's Office posted a security breach notice on April 3, 2026, informing Vermont consumers of a data breach affecting Docketwise, a legal technology company providing case management software. The notice includes details about the nature of the breach and recommended protective steps for affected individuals. Companies experiencing data breaches in Vermont must notify the AG's office and affected consumers under state notification requirements.
Washington International School Data Breach Notice to Consumers
The Vermont Attorney General's Office published a data breach notice from Washington International School dated April 2, 2026. The school disclosed that personal information of consumers was compromised in a security incident. Affected individuals should monitor for identity theft and fraud, as compromised data may include names, contact information, and potentially financial or health-related information.
Southern IL Dermatology Data Breach Notice to Consumers
Southern IL Dermatology filed a data breach notice with the Vermont Attorney General's Office on April 2, 2026, notifying consumers of a security incident involving unauthorized access to personal information. The notice was posted to the AG's Security Breach Notices archive for affected Vermont residents. Healthcare providers and dermatology practices should review their breach notification obligations under state law.
Timec Oil and Gas Data Breach Notice to Consumers
The Vermont Attorney General posted Timec Oil and Gas's data breach notice to consumers on April 2, 2026. The notice advises Vermonters that their personal information may have been compromised in a security incident. This posting fulfills state requirements for notifying consumers of data breaches affecting their personal information.
Imblum Law Offices PC Data Breach Notice
Imblum Law Offices, PC filed a security breach notice with the Vermont Attorney General on April 2, 2026, notifying consumers of a data breach involving personal information. The notice is filed pursuant to Vermont's security breach notification requirements.
Insightin Health Inc. Data Breach Notice to Consumers
The Vermont Attorney General published Insightin Health Inc.'s data breach notice on April 1, 2026. The notice informs Vermont consumers of a security breach involving their personal information. Healthcare technology companies and entities handling sensitive consumer data must comply with Vermont's security breach notification requirements under state law.
NH Historical Society Data Breach Notice to Consumers
The Vermont Attorney General's Office posted a data breach notice from the New Hampshire Historical Society dated April 1, 2026. The notice informs consumers of a security breach involving personal data and provides guidance on protective actions. Data breach notifications are filed with the Vermont AG's office as required under Vermont law.
IPPC Inc. Data Breach Notice to Consumers
The Vermont Attorney General's Office posted a data breach notice from IPPC Inc. on April 1, 2026. The notice informs Vermont consumers that their personal information may have been compromised in a security incident. Affected consumers should review the notice to determine what data was exposed and take appropriate protective measures.
Elephants Food Group data breach notice, 31st Mar
Elephants Food Group data breach notice, 31st Mar
Graebel Companies data breach, Vermont, 3rd Apr
Graebel Companies data breach, Vermont, 3rd Apr
Chemical & Industrial Engineering, Inc. - Data Breach Notice to Consumers
The Vermont Attorney General posted a data breach notice from Chemical & Industrial Engineering, Inc. informing consumers of a security incident involving personal data. Vermont law requires businesses to notify the AG's office when breaches affect state residents. The notice directs affected consumers to review the full PDF for details on the breach scope and recommended protective actions.
REIC Rentals, LLC - Data Breach Notice to Consumers
The Vermont Attorney General published a data breach notice from REIC Rentals, LLC on April 7, 2026, informing consumers of a security incident involving personal information. The notice was filed with the state as required under Vermont law governing security breach notifications. Consumers whose data may have been compromised are advised to review the full notice for details and protective steps.
Wynn Resorts Data Breach Notice to Consumers
Wynn Resorts, Limited filed a data breach notice with the Vermont Attorney General's Office on April 3, 2026, reporting a security incident involving consumer personal information. The notice, made available through the AG's consumer protection portal, details the nature of the breach and recommended steps for affected individuals. Vermont law requires businesses that experience data breaches affecting state residents to notify the Attorney General's office.
Baltimore Medical System Data Breach Notice to Consumers
Baltimore Medical System, Inc. filed a security breach notice with the Vermont Attorney General's Office on April 2, 2026, notifying consumers of a data breach involving personal information. The notice was posted to the AG's public Security Breach Notices registry as required under Vermont law. Affected Vermont residents are advised to take protective steps.
Him & Hers Inc. Data Breach Notice to Consumers
Him & Hers Inc. filed a data breach notice with the Vermont Attorney General's office on April 2, 2026, notifying consumers of a security incident involving unauthorized access to personal information. The telehealth company's breach notification affects consumers who provided personal data through the company's platform. Vermont residents who may have been impacted by this breach should review the full notification for specific details on exposed data types and recommended protective actions.
Five States Energy Company data breach notice, April 2nd
Five States Energy Company data breach notice, April 2nd
J.M. Forbes & Co. Data Breach Notice to Consumers
J.M. Forbes & Co. filed a data breach notification with the Vermont Attorney General's Office on April 7, 2026, informing consumers of a security incident involving unauthorized access to personal information. The notice, posted to the AG's Security Breach Notices webpage, provides affected Vermont residents with details about the breach and recommended protective actions. Companies experiencing data breaches that affect Vermont residents are required to notify the Attorney General's office.
University of York FOIA Complaint - Not Upheld
The Information Commissioner's Office issued a Decision Notice finding that the University of York correctly handled a Freedom of Information request for professional emails between four named staff members. The university disclosed responsive information while withholding some third-party personal data under section 40(2) FOIA. The Commissioner determined the university does not hold further information within scope and that the exemption was properly applied. No remedial steps are required.
Crown Estate FOIA Section 40(2) Personal Data Exemption Upheld
The ICO issued a Decision Notice finding that The Crown Estate properly relied on FOIA section 40(2) (personal information) to withhold the name of a staff member occupying premises at East Lodge, Sunninghill Park. The Crown Estate had provided a copy of the lease but refused to identify the staff member, citing sections 40(2), 38(1), 41, and 43(2) of FOIA. The ICO upheld only the section 40(2) exemption, finding it sufficient grounds for withholding the personal data without needing to consider the other exemptions.
London Borough of Redbridge selective landlord notices, FOI partly upheld
ICO issued Decision Notice IC-464099-P6J1 on 31 March 2026, partially upholding a Freedom of Information complaint against London Borough of Redbridge. The Council had withheld selective landlord licence notice names and contents under FOIA Section 40(2) (personal data), but the ICO determined only some information qualifies for exemption. The Council must now reconsider disclosure of certain withheld details.
South Wonston Parish Council, FOI 14, Not upheld
The ICO has upheld South Wonston Parish Council's reliance on section 14(1) of FOIA, finding the complainant's financial information request was vexatious. The decision, dated 1 April 2026, concludes the council was entitled to refuse the request and is not required to take any steps. The complainant may appeal this decision to the First-tier Tribunal within 28 days.
IBM App Connect Enterprise Critical Vulnerabilities, CVSS 9.1
CERT-Bund published a critical security advisory (WID-SEC-2026-1007) warning of multiple severe vulnerabilities in IBM App Connect Enterprise with a CVSS Base Score of 9.1. The vulnerabilities allow remote attackers to bypass security controls, execute arbitrary code, perform SQL injection and XSS attacks, conduct denial of service, and disclose sensitive information. Organizations running affected versions on Linux, UNIX, Windows, or other platforms must apply mitigations immediately.
Critical Golang Go Vulnerabilities, CVSS 9.8, Remote Code Execution
CERT-Bund issued a critical security advisory (WID-SEC-2026-1006) regarding multiple vulnerabilities in Golang Go versions prior to 1.26.2 and 1.25.9. The vulnerabilities carry a CVSS Base Score of 9.8 (critical) and enable attackers to execute arbitrary code remotely, cause memory corruption, bypass security controls, or trigger denial-of-service conditions. Organizations using affected Go versions must apply available mitigations or update immediately.
OpenClaw Critical Vulnerabilities - Remote Code Execution Risk
CERT-Bund issued advisory WID-SEC-2026-1005 warning of critical vulnerabilities in OpenClaw personal AI assistant software. Multiple security flaws with CVSS Base Score 9.8 (critical) enable remote attackers to execute arbitrary code, escalate privileges, bypass security controls, and access or manipulate data. Affected products include Open Source OpenClaw versions prior to 2026.4.8 running on Linux and UNIX systems.
Vim vulnerability allows arbitrary code execution, CVSS 5.0
Vim vulnerability allows arbitrary code execution, CVSS 5.0
GStreamer vulnerabilities allow DoS or arbitrary code execution
GStreamer vulnerabilities allow DoS or arbitrary code execution
Austrian Data Protection Authority publishes 2025 Activity Report
The Austrian Data Protection Authority (DSB Austria) published its 2025 Activity Report (Tätigkeitsbericht 2025), renamed from the prior 'Datenschutzbericht' title. The report covers the authority's enforcement activity, complaints handled, investigations concluded, and regulatory decisions issued during 2025. Austrian businesses, public bodies, and data protection officers should review the report to understand DSB Austria's enforcement priorities and emerging compliance expectations.