Cross-border investment fund distribution guidelines

The European Securities and Markets Authority (ESMA) has published guidelines on the cross-border distribution of investment funds. These guidelines aim to harmonize practices and facilitate the distribution of funds across the European Union.

Northern Ireland Budget Act 2026 Authorises £32.67bn Spending

The Northern Ireland Budget Act 2026 authorises the use of £32.67 billion for public services for the years ending March 31, 2026, and March 31, 2027. This Act supersedes previous budget authorisations for the year ending March 31, 2026.

Renewables Obligation (Scotland) Amendment Order 2026

The Scottish Ministers have issued the Renewables Obligation (Scotland) Amendment Order 2026, amending the 2009 Order. This amendment introduces a mechanism to adjust buy-out prices and mutualisation caps based on the consumer prices index for obligation periods after April 2025.

Scotland Act: Community Wealth Building Plans

The Scotland Act 2026 requires Scottish Ministers to publish a community wealth building statement and mandates that local authorities and relevant public bodies prepare and implement community wealth building action plans. Public bodies must also consider community wealth building guidance.

Scotland Tribunal Rules Amended for Visitor Levy Cases

The Scottish Ministers have issued new regulations amending the composition and rules of procedure for the First-tier Tribunal for Scotland Local Taxation Chamber and the Upper Tribunal for Scotland. These amendments specifically address the handling of visitor levy cases, defining them and altering tribunal composition for such matters.

Gambling Act 2005 Amendment Order 2026

The UK Secretary of State has issued the Gambling Act 2005 (Commencement No. 6 and Transitional Provisions) (Amendment) Order 2026. This order amends previous legislation to clarify casino gaming machine entitlements, specifying that only one entitlement can be exercised at any time.

Lobbying Scotland Act 2016 Modifications

The UK Parliament has modified the Lobbying (Scotland) Act 2016 through a Resolution made on March 24, 2026. These modifications, which come into effect after the next dissolution of Parliament, update contact information requirements for registrants, including adding business email addresses and telephone numbers.

Colaberry Inc. Data Breach Notification

Colaberry Inc. has issued a data breach notification to Massachusetts residents whose 2025 Form W-2 information may have been compromised. The company is offering 24 months of complimentary credit monitoring and identity theft protection services through Cyberscout.

Massachusetts Breach Notification: Obtaining Free Credit Reports

This document provides guidance to Massachusetts residents on how to obtain free credit reports from major credit reporting companies. It outlines the process for requesting reports and what steps to take if discrepancies or suspicious activity are found, including contacting law enforcement and the FTC.

Mark Leyden & Associates Data Breach Notification

Mark Leyden & Associates, LLC is notifying individuals of a data breach that may have exposed personal information. The company is offering complimentary credit monitoring and identity theft protection services through IDX. Affected individuals are advised to enroll by June 20, 2026.

Massachusetts DOR Data Breach Notification

The Massachusetts Department of Revenue issued a sample data breach notification letter to inform individuals about an unauthorized disclosure of personal information due to employee error. The notice outlines the rights of affected individuals, including placing a security freeze, and offers 24 months of free credit monitoring services.

Tower FCU Data Breach Notification

Tower Federal Credit Union has issued a data breach notification following an inadvertent employee error that sent a member's personal information, including Social Security number and date of birth, to another member. The credit union has updated its internal processes and provided credit monitoring services to affected individuals.

MedPeds Data Breach Notification

MEDPEDS, a healthcare provider, is notifying patients of a data breach that occurred on September 2, 2025, due to a virus that encrypted data and allowed unauthorized access. Patient information including name, date of birth, address, phone number, and medical records may have been viewed. MEDPEDS has improved security measures and contacted the FBI.

Massachusetts Data Breach Notification Requirements for Consumers

The Massachusetts Attorney General's office has issued a notice detailing data breach notification requirements for consumers. This notice outlines the information consumers must provide to verify their identity and address potential identity theft, including specific documentation and procedures for placing and managing security freezes on credit reports.

Hightower Holding LLC Data Breach Notification

Hightower Holding LLC is notifying individuals of a data breach that occurred between January 8-9, 2026, and January 19-20, 2026, due to compromised user accounts. The breach resulted in unauthorized access and download of files containing personal information. The company is offering complimentary credit monitoring services.

Connell Family Office Data Breach Notification

Connell Family Office & Management, Inc. is notifying individuals of a data breach that may have impacted personal information, including names. While no misuse is indicated, the company is offering complimentary credit monitoring and identity restoration services through Experian. Affected individuals must enroll by June 30, 2026.

Quatrro Data Breach Notification and Credit Monitoring Offer

Quatrro Business Support Services, Inc. is issuing a data breach notification to affected individuals, offering a complimentary 24-month membership to credit monitoring services provided by Kroll. The notice details the incident, the services offered, and steps individuals can take to protect themselves.

Law Offices of James Scott Farrin Data Security Event Notification

The Law Offices of James Scott Farrin is notifying individuals of a data security event that occurred on September 8, 2025, involving the unauthorized acquisition of personal information, including names and Social Security numbers. Affected individuals are offered free credit monitoring and fraud assistance services.

Glasshouse Media Data Breach Notification

Glasshouse Media is issuing a data breach notification dated March 23, 2026, to affected individuals. The incident involved the inadvertent receipt of an internal file containing employee names and Social Security numbers. The company is offering 24 months of complimentary identity protection services through Experian IdentityWorks.

Regulation Amending Rules for Public Investment in Central Transport Hub

The Polish Council of Ministers has issued a regulation amending the rules for public investment in the Central Transport Hub. This amendment, published in the Dziennik Ustaw, modifies specific provisions related to the implementation of public investment objectives for this major infrastructure project.

Consolidated Regulation Text for State Fire Protection System Decision Support

The Polish Ministry of Interior and Administration has announced the consolidated text of a regulation concerning the State Fire Protection System's Decision Support System. This announcement consolidates existing regulations without introducing new requirements.

Minister of Health Regulation on Cardiology Network Data

The Polish Minister of Health has issued a regulation detailing the specific data to be entered into the National Cardiology Network system by cardiology centers and the deadlines for submission. This regulation aims to standardize data collection and reporting within the national cardiology network.

Consolidated Real Estate Management Act Text Announcement

The Polish Marshal of the Sejm announced the consolidated text of the Real Estate Management Act. This announcement consolidates existing legislation into a single document for clarity and ease of reference.

Justice Minister Regulation Amending Court and Prosecutor Staff Pay

The Polish Minister of Justice has issued a regulation amending the pay structure for court and prosecutor staff. This amendment details the specific positions and salary scales for civil servants and other employees within the court and prosecution system, as well as the procedures for their traineeships.

Regulation on Civil Servant Pay

The Council of Ministers of Poland has issued a regulation amending the rules for compensating civil servants not part of the civil service corps, employed in government administration offices. This amendment specifically addresses the pay structure for these employees.

Kenneth Michael Margolis Publicly Censured

The Tennessee Board of Professional Responsibility has publicly censured attorney Kenneth Michael Margolis for violations of professional conduct rules. The censure stems from issues related to fee agreements, communication, and the improper use of client authorizations in a new legal matter.

Kansas Air Quality Health Advisory for Prescribed Burns

The Kansas Department of Health and Environment (KDHE) issued an air quality health advisory for central and eastern Kansas due to smoke from prescribed burns in the Flint Hills. Elevated pollutant levels are expected through early Thursday, potentially reaching Unhealthy for sensitive groups or Unhealthy in localized areas.

North Dakota UAS and Satellite Industries Job Opportunities

The State of North Dakota's Job Service has announced growing career and internship opportunities within the state's Uncrewed and Autonomous Systems (UAS) and Satellite Systems (SS) industries. The announcement directs interested individuals to the Job Service North Dakota website and social media pages for current openings and company listings.

State PUC Request for Proposals (9761)

The State Public Service Commission (PUC) has issued a Request for Proposals (RFP) identified as 9761. This notice announces the availability of the RFP, which is intended to solicit proposals for services or projects within the state's energy sector.

Emergency Regulations for Small Generator Facility Interconnection Standards

The Maryland State Public Service Commission has issued emergency regulations for small generator facility interconnection standards, codified under COMAR 20.50.09. These regulations establish new requirements for connecting small power generation facilities to the grid.

RRB-OIG Actuarial Audit Services Contract Opportunity

The General Services Administration (GSA) has issued an amendment to a contract opportunity for Actuarial Audit Services for the Railroad Retirement Board (RRB) Office of Inspector General. This amendment addresses potential offeror questions, with the due date for offers remaining April 3, 2026.

NGINX Plus and NGINX Vulnerabilities

CERT-Bund has issued a security advisory regarding multiple vulnerabilities in NGINX and NGINX Plus, with a CVSS base score of 8.2. The vulnerabilities affect Linux, UNIX, and Windows operating systems and can be exploited remotely to cause denial of service, data manipulation, bypass security measures, and potentially execute arbitrary code.

Apple Xcode Vulnerabilities Allow Information Disclosure, Denial of Service

CERT-Bund has issued a security advisory for Apple Xcode, detailing multiple vulnerabilities that could allow remote attackers to disclose information or cause a denial of service. The advisory notes a CVSS Base Score of 5.5 (medium) and affects versions prior to 26.4 on MacOS X.

NATS Server Vulnerabilities Allow Remote Attackers to Disclose/Manipulate Info, Cause DoS

CERT-Bund has issued a security advisory regarding multiple vulnerabilities in NATS Server versions prior to 2.12.6 and 2.11.15. These vulnerabilities, with a CVSS base score of 8.6, allow remote attackers to disclose or manipulate information, cause denial-of-service, and bypass security mechanisms.

Zabbix Vulnerabilities Allow Remote Attacks

CERT-Bund has issued a security advisory for Zabbix, detailing multiple vulnerabilities with a CVSS base score of 8.8. These vulnerabilities affect various Zabbix versions and allow remote attackers to disclose information, inject shell commands, perform SQL injection, and cause denial of service.

OpenClaw Vulnerabilities

CERT-Bund has issued a security advisory for OpenClaw, detailing multiple critical vulnerabilities with a CVSS score of 9.9. These vulnerabilities allow for remote code execution, privilege escalation, data manipulation, and denial-of-service attacks. A mitigation is available.

Xen Vulnerability Allows Security Bypass

CERT-Bund has issued a security advisory regarding a vulnerability in Xen, a virtual machine monitor, that allows local attackers from a guest VM to bypass security measures. The advisory, dated March 24, 2026, notes a CVSS base score of 6.7 and indicates that mitigation is available.

IBM InfoSphere Server Vulnerabilities Allow Remote Attacks

CERT-Bund has issued a security advisory for IBM InfoSphere Information Server, detailing multiple vulnerabilities with a critical CVSS Base Score of 9.1. These vulnerabilities can be exploited by remote attackers to bypass security measures, cause denial of service, and manipulate data.

GitLab Vulnerabilities Allow File Manipulation, Bypass, DoS, Info Disclosure, XSS

CERT-Bund has issued a security advisory for GitLab, detailing multiple vulnerabilities that could allow attackers to manipulate files, bypass security measures, conduct denial-of-service attacks, disclose information, and perform cross-site scripting attacks. The advisory affects open-source GitLab versions prior to 18.10.1, 18.9.3, and 18.8.7.

IBM WebSphere Liberty Vulnerabilities Allow Privilege Escalation

CERT-Bund has issued a security advisory for IBM WebSphere Application Server Liberty, detailing vulnerabilities that allow privilege escalation, security bypass, and information disclosure. The advisory affects versions prior to 26.0.0.4 and provides mitigation information.

Node.js Vulnerabilities Allow DoS, Bypass, Info Disclosure

CERT-Bund has issued a security advisory for Node.js, detailing multiple vulnerabilities that could allow attackers to cause denial of service, bypass security measures, and disclose information. The advisory affects various versions of Open Source Node.js and provides mitigation information.

TIBCO ActiveMatrix Vulnerability Allows Data Disclosure and Manipulation

CERT-Bund has issued a security advisory for TIBCO ActiveMatrix and TIBCO Administrator, detailing a critical vulnerability (CVSS 9.9) that allows remote authenticated attackers to disclose and manipulate data. The advisory affects specific versions of TIBCO ActiveMatrix BusinessWorks and TIBCO Administrator Enterprise.

Harbor Vulnerability Allows Information Disclosure

CERT-Bund has issued a security advisory for Harbor, a Docker distribution registry, detailing a vulnerability that allows information disclosure. The advisory affects specific versions of Open Source Harbor and provides mitigation information.

Langflow Vulnerability Allows Code Execution

CERT-Bund has issued a security advisory for Langflow, a tool for creating LLM-based applications. A vulnerability (CVSS 8.8) allows remote attackers to execute arbitrary code on affected systems running versions prior to 1.9.0. Mitigation measures are available.

Ubiquiti UniFi Network Server Vulnerability

CERT-Bund has issued a security advisory for Ubiquiti UniFi Network Server versions prior to 10.1.89. A vulnerability allows remote attackers to bypass security measures, with a CVSS base score of 8.8. Mitigation is available.

Hitachi Ops Center Vulnerabilities Allow Remote Attacks, XSS

CERT-Bund has issued a security advisory for Hitachi Ops Center, detailing vulnerabilities that allow remote attacks and cross-site scripting. The advisory affects versions prior to Hitachi Ops Center Administrator <11.0.8 and Analyzer <11.0.5-00. Mitigation measures are available.

Netty Vulnerabilities Allow Bypass and Denial of Service

CERT-Bund has issued a security advisory regarding multiple vulnerabilities in the Netty network application framework. These vulnerabilities, with a CVSS Base Score of 7.5, allow remote attackers to bypass security measures and cause denial of service. Affected versions include Open Source Netty prior to 4.2.11 and 4.1.132.

Apple Safari Vulnerabilities Allow Bypass, DoS, Disclosure, XSS

CERT-Bund has issued a security advisory regarding multiple vulnerabilities in Apple Safari, identified by WID-SEC-2026-0848. These vulnerabilities have a high CVSS Base Score of 8.3 and could allow attackers to bypass security measures, perform denial-of-service attacks, disclose information, or execute cross-site scripting attacks.

ImageMagick Vulnerabilities Allow Denial of Service Attacks

CERT-Bund has issued a security advisory regarding multiple vulnerabilities in ImageMagick versions prior to 7.1.2-18 and 6.9.13-43. These vulnerabilities can be exploited by local or remote attackers to conduct denial-of-service attacks. Mitigation is available.

Mozilla Firefox and Thunderbird Multiple Vulnerabilities

CERT-Bund has issued a security advisory regarding multiple vulnerabilities in Mozilla Firefox and Mozilla Thunderbird. These vulnerabilities, with a CVSS base score of 8.8, could allow remote attackers to execute arbitrary code, cause denial of service, or disclose information. Affected versions include Firefox <149, Firefox ESR <115.34 and <140.9, and Thunderbird <149 and ESR <140.9.