JPCERT/CC confirmed active exploitation of CVE-2025-20333 and CVE-2025-20362 in Cisco ASA and Firewall Threat Defense software. Attackers are chaining these flaws to achieve unauthorized access and arbitrary code execution on affected devices with VPN web services enabled.
Read storyNTSB completed its investigation of a March 2024 West Virginia school bus rollover caused by a driver with 0.161 BAC, more than twice the legal limit. Three students sustained serious injuries and 16 had minor injuries after being ejected from seats. NTSB is recommending NHTSA require alcohol detection systems and seat belts on new school buses.
Read storyThe EU adopted its 20th Russia sanctions package effective April 22, including 36 Russian energy sector listings, 46 additional shadow fleet vessels, and port access bans for Murmansk, Tuapse, and Karimun Oil Terminal. The package also excludes 20 Russian banks from EU market access.
Read storyThe NCSC issued an advisory for CVE-2026-20131, a critical Cisco Secure Firewall Management Center vulnerability being actively exploited. The flaw allows unauthenticated attackers to execute arbitrary Java code as root through insecure deserialization in the web management interface.
Read storyThe DEA proposed rescheduling marijuana, withdrew that proposal within 24 hours, yet simultaneously rescheduled FDA-approved marijuana products to Schedule III. The contradiction creates confusion about federal marijuana policy and suggests internal conflict between scientific recommendations and enforcement priorities.
Read storyThe Bureau of Industry and Security charged four companies in seven days for exporting controlled technology to Chinese end-users. The cluster suggests an enforcement push targeting semiconductor-adjacent supply chains rather than isolated violations.
Read storyThe SEC charged Harsh V. Patel with conducting a manipulative trading scheme from San Juan, Puerto Rico, generating more than $5 million in ill-gotten gains over three years. The complaint alleges over 1,000 instances of market manipulation spanning hundreds of stocks from May 2021 through January 2024.
Read storyThe Czech data protection authority fined Avast 351 million CZK for transferring pseudonymized browsing histories tied to unique identifiers from approximately 100 million users to its Jumpshot subsidiary despite claims of anonymization. The decision, final and binding, marks one of the larger GDPR penalties issued against a major technology company.
Read storyThe State Department imposed visa restrictions on 75 individuals linked to the Sinaloa Cartel, a designated Foreign Terrorist Organization, under executive order authority targeting global illicit drug trade. The action signals continued enforcement against major trafficking organizations and their financial networks.
Read storyThe top regulatory stories, delivered daily. No noise.
Free. Unsubscribe anytime.