Holiday let owner faces bankruptcy under 182-day rule

BBC News reports on the impact of Welsh holiday let regulations on small operators, including Paul Martin who runs four holiday cottages near Newtown and faces potential bankruptcy due to council tax premium charges under the 182-day rule. The legislation, introduced three years ago, subjects holiday lets not rented for at least 182 days annually to council tax at premium rates of up to 75%, in some cases creating five-figure annual liabilities for affected property owners.

Tribunal Judge Alex Hobbs Sanctioned for Misconduct - 16-Week Decision Delay

The Judicial Conduct Investigations Office found that Tribunal Judge Alex Hobbs committed misconduct by issuing a decision notice 16 weeks after a child maintenance service tribunal hearing. The Lady Chief Justice and Lord Chancellor issued Hobbs with formal advice for misconduct, the least severe sanction available for judicial office-holders. The investigation noted Hobbs had not informed parties of the delay, failed to respond to multiple chase emails, and only issued the decision after a complaint was made.

Revised Enforcement Decree of Microfinance Support Act

The Financial Services Commission of Korea approved revisions to the Enforcement Decree of the Microfinance Support Act on April 6, 2026. The revision raises the common microfinance contribution rate for banks from 0.06% to 0.10% and for nonbanks from 0.03% to 0.045% of household loan sizes, generating an additional KRW 197.3 billion annually (KRW 134.5 billion from banks, KRW 62.8 billion from nonbanks). The Korea Inclusive Finance Agency will also be authorized to provide credit guarantees for microloans under the Credit Counseling and Recovery Service program.

IBM Maximo Asset Management DoS Vulnerability - CVSS 5.3

CERT-Bund published security advisory WID-SEC-2026-0965 disclosing a Denial of Service vulnerability in IBM Maximo Asset Management versions prior to 7.6.1.3 IF037. The vulnerability carries a CVSS Base Score of 5.3 (medium) and a Temporal Score of 4.6. Remote anonymous attackers can exploit this flaw to conduct DoS attacks against affected installations running on Linux, UNIX, or Windows systems.

Keycloak Information Disclosure Vulnerability (CVSS 3.7)

CERT-Bund issued a security advisory (WID-SEC-2026-0970) reporting an information disclosure vulnerability in Keycloak, an open-source identity and access management platform. The vulnerability carries a CVSS Base Score of 3.7 (low severity) and allows remote anonymous attackers to potentially expose sensitive information. Affected systems include Keycloak deployments running on Linux and UNIX operating systems.

Avahi DoS Vulnerability Advisory - CVSS 5.5 Medium Severity

CERT-Bund issued advisory WID-SEC-2026-0975 regarding a denial of service vulnerability in Avahi, an open-source network service discovery implementation for Linux/UNIX systems. The vulnerability (CVSS Base Score 5.5, Temporal Score 5.0) allows a local attacker to crash the Avahi service, impacting system availability. Affected products include Open Source avahi versions prior to 0.9-rc4. Organizations running vulnerable Avahi installations should apply patches immediately.

Red Hat Enterprise Linux crun Privilege Escalation Vulnerability, CVSS 7.8

CERT-Bund issued a security advisory regarding a high-severity vulnerability (CVSS 7.8) in Red Hat Enterprise Linux's crun container runtime. The flaw allows local attackers to escalate privileges on affected systems. Versions prior to RHEL 9 and RHEL 10 are affected. System administrators should apply available mitigations or updates immediately.

Google Android Multiple Vulnerabilities CVSS 7.3

CERT-Bund issued a security advisory warning of multiple vulnerabilities in Google Android with a CVSS Base Score of 7.3 (high severity) and Temporal Score of 6.4 (medium). The vulnerabilities affect Android devices with security patch levels prior to April 1, 2026 and April 5, 2026. Remote attackers can exploit these flaws to conduct unspecified attacks and denial of service attacks against affected devices.

CUPS Vulnerability Allows Code Execution with Administrator Rights

CERT-Bund issued a security advisory regarding a vulnerability in CUPS (Common Unix Printing System) that allows local attackers to execute arbitrary code with administrator privileges. The vulnerability has a CVSS Base Score of 5.2 (medium) and affects multiple operating systems including Linux, UNIX, and Windows. Organizations using CUPS should assess their exposure and apply available patches or workarounds.

Samsung Android Multiple Critical Vulnerabilities CVSS 9.8

CERT-Bund issued a critical security advisory regarding multiple vulnerabilities in Samsung Android OS versions prior to SMR-APR-2026. The vulnerabilities carry a CVSS Base Score of 9.8 (critical) and enable remote attackers to escalate privileges, bypass security measures, disclose information, and manipulate files. Organizations and consumers using affected Samsung Android devices face immediate risk of exploitation.