Statement on Final Rule Removing Reputational Risk from Supervisory Program

FDIC Chairman Travis Hill issued a statement announcing a final rule that eliminates "reputational risk" from the FDIC's bank supervisory program. The rule codifies the removal of supervisory focus on reputation risk as a standalone risk category, effective April 7, 2026. The change addresses concerns that unfocused attention to reputation risk could lead to pressure on banks to debank law-abiding customers.

Justice Department Intervenes Lawsuit Against MSHSAA for Board Discrimination

The DOJ Civil Rights Division intervened in a lawsuit against the Missouri State High School Activities Association (MSHSAA), alleging race and sex discrimination in board member selection. MSHSAA's constitution requires at-large board seats to be filled by candidates representing an under-represented gender or ethnicity. Dr. Merlyn Johnson, a white male, was disqualified from board candidacy solely based on these characteristics. DOJ argues MSHSAA, as a state actor, lacks a compelling interest in such quotas and violated the Equal Protection Clause of the Fourteenth Amendment.

STIX XML Indicators of Compromise for Threat Intelligence

CISA ICS-CERT published STIX XML indicators of compromise (IOCs) for threat intelligence purposes. The advisory includes structured XML data containing malicious indicators that organizations can use to detect and identify potential cyber threats targeting industrial control systems and critical infrastructure. These IOCs are designed for integration with security monitoring tools, SIEM systems, and threat intelligence platforms.

CISA ICS-CERT STIX Threat Data - ICS and Enterprise Attack Patterns

CISA published a STIX bundle (AA26-097A) containing structured threat intelligence data with attack patterns for Industrial Control Systems (ICS) and enterprise environments. The bundle includes MITRE ATT&CK mapped techniques covering initial access, command and control, data manipulation, and impact vectors relevant to both ICS and enterprise networks.

Iranian APT Actors Exploit Rockwell PLCs Across US Critical Infrastructure

CISA, FBI, NSA, EPA, DOE, and US Cyber Command issued a joint advisory warning that Iran-affiliated APT actors are conducting active exploitation of internet-facing Rockwell Automation/Allen-Bradley programmable logic controllers across U.S. critical infrastructure. The advisory documents malicious interactions with PLC project files and manipulation of HMI and SCADA displays causing operational disruptions and financial losses in Water, Energy, and Government Services sectors. Agencies recommend immediate review of provided IOCs and implementation of specific mitigations including network isolation of OT devices.

Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure

CISA, FBI, NSA, EPA, DOE, and US Cyber Command issued a joint cybersecurity advisory on April 7, 2026 warning that Iranian-affiliated APT actors are conducting active exploitation targeting internet-facing OT devices including Rockwell Automation/Allen-Bradley programmable logic controllers (PLCs) across U.S. critical infrastructure. The advisory covers Water and Wastewater Systems and Energy sectors, providing TTPs, IOCs, and specific mitigations including removing PLCs from direct internet exposure and monitoring OT-specific ports.

Critical CVSS 8.8 Vulnerabilities Expose SQL Credentials in Mitsubishi Electric GENESIS64 and ICONICS Suite

CISA ICS-CERT issued advisory ICSA-26-097-01 disclosing two critical vulnerabilities (CVE-2025-14815, CVE-2025-14816) with CVSS 8.8 score in Mitsubishi Electric GENESIS64 and ICONICS Suite products affecting versions 10.97.3 and below. The vulnerabilities stem from cleartext storage of SQL Server credentials in local SQLite cache files, potentially allowing local attackers to obtain plaintext credentials and access, tamper with, or destroy data.

Tow Truck Driver Brett David Shearer Disqualified for 3 Years

NSW Fair Trading has disciplined tow truck driver Brett David Shearer by reprimanding him and disqualifying him from holding a tow truck licence or driver's certificate for 3 years. The action follows Shearer's guilty plea to two offences: intimidation with intent to cause fear, and larceny involving theft of 5 sets of car keys in connection with his tow truck business. NSW Fair Trading determined Shearer is no longer a fit and proper person to hold a Tow Truck Drivers Certificate.

CfI: Advanced Connectivity Technologies (ACT): Call 1 - £15M Funding

UKRI and Innovate UK have opened a £15 million funding opportunity for UK registered organisations to develop near-term, testable connectivity solutions advancing the UK's Secure and Resilient and Sustainable Network Grand Challenges. This is the first call under the CfI: Advanced Connectivity Technologies programme. Individual awards can reach up to £2 million, with a closing date of 3 June 2026.

Particle Physics Experiment Consolidated Grants 2026 - Pre-announcement

UKRI/STFC has issued a pre-announcement for the Particle Physics Experiment Consolidated Grants 2026. The funding opportunity opens 27 April 2026 and closes 2 July 2026. The grant period runs 1 October 2027 to 30 September 2029 (24 months). STFC will fund 80% of Full Economic Cost. This grant round extends the 2024 consolidated grants and covers the remaining two years of the award cycle.