Langflow Multiple Security Vulnerabilities - CVSS 8.8

CERT-Bund issued a security advisory warning of multiple high-severity vulnerabilities in Langflow, an open-source visual interface for building LLM-based applications. The vulnerabilities carry a CVSS Base Score of 8.8 and CVSS Temporal Score of 8.1, enabling remote attackers to conduct information disclosure, data manipulation, and Cross-Site-Scripting attacks. No mitigation is currently available.

Fleet Open-Source Platform Critical SQL Injection and DoS Vulnerabilities

CERT-Bund issued critical security advisory WID-SEC-2026-0902 alerting to severe vulnerabilities in Fleet open-source device management platform versions prior to 4.81.1. The vulnerabilities include SQL injection, denial of service, security bypass, information disclosure, and remote code execution with admin privileges, achieving CVSS Base Score 9.8 (critical). Organizations running Fleet on Linux or UNIX systems should immediately update to version 4.81.1 or later.

Vim Remote Code Execution Vulnerability - CVSS 8.2

CERT-Bund issued security advisory WID-SEC-2026-0904 warning of a high-severity vulnerability (CVSS 8.2) in Vim text editor versions prior to 9.2.0172. The vulnerability allows remote code execution by an unauthenticated attacker. Organizations running Vim on Linux, UNIX, Windows, or other platforms should update immediately to the patched version.

Edge Vulnerability Allows File Manipulation, Information Disclosure

CERT-Bund issued a security advisory about a vulnerability in Microsoft Edge (versions prior to 146.0.3856.84) with a CVSS Base Score of 4.2 (medium). The vulnerability allows remote anonymous attackers to manipulate files and disclose confidential information. Users are advised to update to the patched version.

Red Hat Undertow Multiple Security Vulnerabilities

CERT-Bund issued security advisory WID-SEC-2026-0907 warning of multiple vulnerabilities in Red Hat Undertow web server with CVSS Base Score 8.7 (high) and Temporal Score 8.0. Remote, anonymous attackers can exploit these flaws to bypass security measures, manipulate data, and disclose confidential information. Organizations running affected versions of Undertow should apply mitigations or patches.

Wazuh Multiple Vulnerabilities - Remote Code Execution and DoS

CERT-Bund issued security advisory WID-SEC-2026-0908 warning of multiple vulnerabilities in Wazuh security monitoring platform (CVSS 6.7 medium severity). The vulnerabilities allow remote attackers to execute arbitrary code, perform denial of service attacks, manipulate data, and disclose confidential information. Affected versions include Wazuh prior to 4.13.0, 4.3.11, 4.14.0, and Wazuh Manager/Agent prior to 4.8.0.

Tinyproxy vulnerability enables Denial of Service attack

Tinyproxy vulnerability enables Denial of Service attack

Linux Kernel Denial of Service Vulnerabilities

CERT-Bund issued a security advisory identifying multiple vulnerabilities in the Linux Kernel that allow remote attackers to conduct Denial of Service attacks. The vulnerabilities have a CVSS Base Score of 5.3 (medium) and a Temporal Score of 4.6 (medium). Organizations running Linux systems should apply available mitigations.

WebKitGTK Multiple Vulnerabilities Security Advisory

CERT-Bund issued security advisory WID-SEC-2026-0911 identifying multiple vulnerabilities in WebKitGTK (versions before 2.52.1). The vulnerabilities have a CVSS Base Score of 6.5 (medium) and enable denial of service attacks, security feature bypass, information disclosure, and cross-site scripting attacks. Remote exploitation is possible. Mitigation is available via version update.

FRRouting Vulnerability Allows Remote Data Manipulation

CERT-Bund issued a security advisory disclosing a medium-severity vulnerability (CVSS 4.2) in FRRouting Project FRRouting versions up to and including 10.5.1. A remote, authenticated attacker can exploit this flaw to manipulate data on affected systems. Mitigations are available; organizations using FRRouting on Linux or UNIX platforms are advised to apply them promptly.

BERNIER PHARMACEUTICALS Trademark Application - Cosmetics and Pharmaceutical Skin Care Products

USPTO published trademark application TM79441446 for BERNIER PHARMACEUTICALS covering cosmetics and pharmaceutical preparations including skincare products, acne treatments, and vitamin preparations. The application was filed November 24, 2025, and published March 29, 2026, initiating a standard 30-day opposition period during which third parties may challenge the registration.

BC Health Professions Regulatory Reform - New HPOA Framework

British Columbia is replacing the Health Professions Act (HPA) with the Health Professions and Occupations Act (HPOA), effective April 1, 2026. The new legislation establishes a Health Professions and Occupations Regulatory Oversight Office (Superintendent's Office) to oversee six health regulatory colleges, marking a significant shift from self-regulation to government-driven oversight. The HPOA introduces new bylaws requirements, prescribed licensee duties, and establishes a dedicated Discipline Tribunal.

Supreme Court Certiorari Orders - March 30, 2026

The Supreme Court issued its order list for March 30, 2026, granting certiorari in one case (Younge v. Fulton Judicial Circuit District Attorney) while denying review in approximately 60 petitions spanning criminal, civil, and tax matters. One motion for appointment of counsel was granted, and two petitioners received reconsideration of in forma pauperis status with their prior orders vacated.

Amended VAT Refund Rules for Diplomatic Missions

The Polish Minister of Finance and Economy issued an amendment to the regulation governing VAT refunds for diplomatic missions, consular offices, their staff, and other persons with special status under international law. The amendment updates procedural requirements and eligibility conditions for tax-exempt purchases. This affects foreign diplomatic representations and their personnel operating in Poland.

Targeted Teacher Shortage Areas Data Collection

The Department of Education is seeking public comment on a reinstatement without change of a previously approved information collection request (OMB Control No. 1840-0595) for the Targeted Teacher Shortage Areas Data Collection. State, local, and tribal education agencies report teacher shortage area data to support loan deferment programs under FFELP, TEACH Grant, and Federal Perkins Loan regulations. Comments are due May 29, 2026.

Financial Report for Institutional Service Endowment Activities

The Department of Education published a notice under the Paperwork Reduction Act proposing reinstatement without change of OMB Control Number 1840-0564 for the Financial Report for Institutional Service Endowment Activities. The form collects annual data from Title III Part A, Part B, and Title V program grantees on endowment investments, income earned, and corpus spending. The public comment period closes May 29, 2026.

Federal Direct Loan Program Forbearance and Loan Rehabilitation Regulations

The U.S. Department of Education is seeking public comment through May 29, 2026 on extending OMB Control Number 1845-0119, covering Federal Direct Loan Program Regulations for Forbearance and Loan Rehabilitation. The collection involves approximately 129,027 annual responses with 35,094 total annual burden hours. This is an extension without change to an existing information collection request under the Paperwork Reduction Act.

Foreman RCE vulnerability, CVSS 8.0, fixes available

Foreman RCE vulnerability, CVSS 8.0, fixes available

Red Hat FUSE libfuse vulnerabilities enable code execution

CERT-Bund issued a security advisory warning of multiple vulnerabilities in Red Hat FUSE (libfuse) versions prior to 3.18.2. The vulnerabilities have a CVSS Base Score of 7.8 (high) and could allow local attackers to execute arbitrary code or cause denial of service. Organizations using affected versions should update immediately.

Aqua Security Trivy Critical Vulnerability (CVSS 9.9)

CERT-Bund issued a critical security advisory (WID-SEC-2026-0898) for a vulnerability in Aqua Security Trivy, an open-source vulnerability scanner for container images, filesystems, and Git repositories. The vulnerability carries a CVSS Base Score of 9.9 (critical) and allows remote attackers to completely compromise affected systems. Multiple product versions are affected including Trivy 0.69.4, setup-trivy <0.2.6, trivy-action <0.35.0, and Container Images 0.69.5 and 0.69.6. Mitigation measures are available.

Secretary Rubio ABC Interview - Iran Military Operations

Secretary of State Marco Rubio appeared on ABC's Good Morning America to discuss ongoing U.S. military operations against Iran, including destruction of Iran's navy, air force, missile launchers, and defense industrial base. Rubio stated objectives are being achieved ahead of schedule and should be completed in weeks. The interview addressed concerns about potential Iranian control of the Straits of Hormuz and options to prevent such an outcome.

U.S. Embassy Caracas Resumes Operations in Venezuela

The U.S. Department of State announced the formal resumption of operations at the U.S. Embassy in Caracas, Venezuela, on March 30, 2026. Since 2019, U.S. diplomatic engagement with Venezuela was conducted through the Venezuela Affairs Unit in Bogotá, Colombia. Ambassador Laura F. Dogu arrived in January as Charge d'Affaires to lead operations and is restoring the chancery building for the eventual resumption of consular services.

Presidential Message on National Vietnam War Veterans Day

The White House issued a presidential message commemorating National Vietnam War Veterans Day on March 29, 2026, honoring the service and sacrifice of Vietnam War veterans. The message reaffirms the nation's commitment to supporting veterans and highlights VA initiatives including new health clinics, housing projects, and reduced benefits backlogs. This is a ceremonial statement with no new regulatory requirements.

Guidance for New Attorneys on Handling Grievances

The American Bar Association published guidance for new attorneys on handling grievances filed against them through state bar disciplinary systems. The article advises attorneys to carefully review complaints, identify deadlines (such as the 30-day response period in Texas), gather relevant documents, and review malpractice insurance coverage. The guidance emphasizes that receiving a grievance does not end an attorney's career and should be taken seriously but not panicked over.

AI Impact on Legal Privilege, Discovery, and Risk

The American Bar Association published a Law Practice Today podcast episode featuring Alexander Paykin discussing how law firms should evaluate AI vendors for ethics compliance, security requirements, and integration with existing systems. The podcast covers practical testing methods for legal technology tools, including verifying AI outputs and evaluating prompt quality.

Good Friday Holiday Garbage & Recycling Collection Advisory

The Bermuda Ministry of Public Works and Environment issued a notice advising residents that household waste collection scheduled for Friday, April 3, 2026 (Good Friday) will be moved to Saturday, April 4, 2026. East end TAG Recycling (tin, aluminum, and glass) will also be collected on Saturday instead of the normal Friday schedule. All other waste collection services remain unchanged.

EU Trade Mark System 30-Year Anniversary Milestone

EUIPO announced that the EU trade mark system has reached its 30-year anniversary milestone with over 3.2 million applications filed since its establishment in 1996. The announcement commemorates the system's growth under Regulation 40/94 (now Regulation 2017/1001) and highlights the EU's unified intellectual property protection framework.

EUIPO and European Commission join forces to fight counterfeiting and piracy online

EUIPO and the European Commission announced a new collaboration to strengthen enforcement against counterfeiting and online piracy. The partnership focuses on coordinated monitoring efforts and enhanced information sharing to protect intellectual property rights across the EU. No specific compliance deadlines or penalties were mentioned in the announcement.

MiCA Regulation Overview and CySEC Homepage Announcements

CySEC published its homepage with multiple announcements including a link to the MiCA Regulation overview, which establishes unified EU rules for crypto-asset transparency, issuance, offering, trading, and market abuse prevention. Additional announcements include a UN Security Council sanctions update adding one individual to the ISIL/Al-Qaeda list, suspension of UCITS and AIFM redemptions on April 3 and 6, 2026, and resignation of Kasselos Limited from administrative services licensing.

LDR New Orleans regional office relocates to OMV building

The Louisiana Department of Revenue announced relocation of its New Orleans regional office from Benson Tower to the Office of Motor Vehicles building at 100 Veterans Boulevard, effective April 13, 2026. Walk-in taxpayer services continue unchanged at the new location with hours of 8 a.m. to 4 p.m., Monday through Friday.

Seán O'Casey Commemorative Coin Launch

The Central Bank of Ireland launched a commemorative silver proof coin honouring playwright Seán O'Casey on what would have been his 146th birthday. The coin commemorates the 100th anniversary of The Plough and the Stars premiere at the Abbey Theatre, with 3,000 coins available at €90 each.

NRC Categorical Exclusions for Environmental Review

The U.S. Nuclear Regulatory Commission (NRC) issued a final rule amending its categorical exclusion regulations for environmental review. The rule modifies, adds, and removes categorical exclusions to streamline the environmental review process for licensing, regulatory, and administrative actions. The rule is effective April 29, 2026, under Docket No. NRC-2018-0300.

Extension of Information Collection on Reporting Foreign Manufactured Purchases

The General Services Administration, on behalf of the FAR Council, has submitted to OMB a request to extend OMB Control No. 9000-0161 for the information collection on reporting purchases from sources outside the United States. The collection supports FAR provision 52.225-18 (Place of Manufacture) and requires offerors to indicate whether manufactured end products are made predominantly in the US or outside. The public comment period closes April 29, 2026.

Rhode Island SPA 25-0013, Cell Gene Therapy reimbursement, hospitals, Acquisition Cost

Rhode Island SPA 25-0013, Cell Gene Therapy reimbursement, hospitals, Acquisition Cost

NY Medicaid SPA 25-0053 - Inpatient Drug Reimbursement Carve-Out

CMS approved New York Medicaid State Plan Amendment 25-0053, which carves out select drugs administered in inpatient hospital settings from bundled inpatient payment rates for separate reimbursement. The amendment takes effect October 1, 2025. Affected drugs will be reimbursed per Attachment 4.19-B Prescribed Drugs sections. Providers are prohibited from using 340B inventory for carved-out drugs.

Hospital Drug Reimbursement Carve-Out Under Medicaid

CMS approved New York SPA 25-0064, effective October 1, 2025, which carves out select drugs provided in a hospital setting from inpatient payments and reimburses them separately under the state's Prescribed Drug methodology. The amendment affects Attachment 4.19-B pages 4(d)(1) and 4(d)(2) of New York's Medicaid State Plan.

Ohio Medicaid Alternative Benefit Plan Agency Name Change

The Centers for Medicare & Medicaid Services approved Ohio State Plan Amendment 25-0031, which updates the Alternative Benefit Plan to reflect an agency name change. The Ohio Department of Mental Health and Addiction Services has been renamed to the Ohio Department of Behavioral Health. The amendment was approved on March 26, 2026, with an effective date of November 1, 2025.

Ohio SPA 25-0030 Approves Agency Name Change

CMS has approved Ohio State Plan Amendment (SPA) 25-0030, which amends Attachments 3.1-A and 4.19-B to reflect the administrative name change of the Ohio Department of Mental Health and Addiction Services (MHAS) to the Ohio Department of Behavioral Health (DBH). The amendment was approved on March 26, 2026, with an effective date of November 1, 2025.

Massachusetts Adult Foster Care Reimbursement Rates

CMS approved Massachusetts State Plan Amendment MA-25-0034 updating Adult Foster Care (AFC) reimbursement rates effective November 1, 2025. The amendment supersedes the previous version (24-0029) and establishes new fee-for-service rates published under Massachusetts regulations 101 CMR 351.00. All AFC providers delivering services under Massachusetts Medicaid must use the updated rates for services rendered on or after the effective date.

DOL urged to issue clearer retirement plan data privacy guidance

GAO issued report GAO-26-107271 recommending that the Department of Labor issue additional guidance clarifying acceptable uses of participant data by retirement plan service providers. GAO reviewed 31 service provider privacy disclosures and found inconsistent adoption of leading privacy practices, with most lacking consent requirements for data sharing beyond original purposes. DOL has not taken enforcement actions against retirement plans for data sharing under ERISA.

HUD-VASH Program Staffing and Referral Documentation Issues

GAO released audit findings on the HUD-VA Supportive Housing (HUD-VASH) program, revealing that VA did not refer approximately 174,000 eligible veterans to the program during 2020-2024, with reasons undocumented in 87% of cases. The audit identified chronic case manager staffing shortages with 20-26% annual turnover and over 20% vacancy rates at many VA medical centers. GAO made recommendations to improve documentation practices, hiring strategies, and program evaluation.

Metal fabrication company sentenced after apprentice guillotine injury

HSE prosecuted MTL Advanced Ltd for breaching Regulation 11(1) of the Provision and Use of Work Equipment Regulations 1998 after a 17-year-old apprentice suffered a crush injury when their thumb contacted a guillotine machine's clamps during apprenticeship training. The company was fined £140,000 and ordered to pay £5,013 in costs plus £2,000 Victim Surcharge at Sheffield Magistrates' Court. HSE found the company failed to identify a dangerous gap in the guillotine bed even after the incident occurred.

EBA streamlines supervisory approvals for IRB model changes

The EBA published amendments to Regulatory Technical Standards on material model changes, significantly reducing the number of changes classified as material by shifting to quantitative thresholds and limiting qualitative triggers to model redevelopments and definition of default changes. This streamlines the approval process for IRB model changes while maintaining supervisory oversight. The revised RTS align with CRR3 and are expected to accelerate IRB model approvals for EU banks.

EBA Chair Appointment - François-Louis Michaud

The European Banking Authority announced that François-Louis Michaud will take up his role as EBA Chair on 16 April 2026, following formal appointment by the Council of the European Union on 26 February 2026 and confirmation by the European Parliament on 10 March 2026. His term of office runs for five years and may be extended once. Michaud previously served as Executive Director of the EBA since September 2020.

Houstone v. Transdev Alternative Services - Civil Rights Employment

United States District Court for the Northern District of California docketed Houstone v. Transdev Alternative Services, Inc. (Case No. 3:26-cv-02274-TSH), a civil rights employment discrimination case filed on March 16, 2026. Judge Thomas S. Hixson is assigned to the case located in San Francisco. The most recent filing on March 30, 2026 was a consent/declination to proceed before a US Magistrate Judge filed by defendant Transdev Alternative Services, Inc.

Donald Siao - Bond Released to Surety

On March 30, 2026, a stipulation was filed in the Northern District of California to release $25,000 in appearance bond plus interest earned to the surety in the Donald Siao criminal case (Case No. 5:21-cr-00267-BLF-1). The filing, submitted by Daniel Olmos, represents a routine procedural step in concluding the criminal proceedings.

M.B. v. Uber Technologies, Inc. et al - Personal Injury Product Liability

The U.S. District Court for the Northern District of California docketed a new civil lawsuit, M.B. v. Uber Technologies, Inc. et al (Case No. 3:26-cv-02742), filed on March 30, 2026. The complaint, filed by plaintiff M.B., names Uber Technologies, Inc., Rasier, LLC, and Rasier-CA, LLC as defendants and includes a demand for jury trial. The filing fee was $405.

American Association of University Professors et al v. Trump et al - Administrative Procedure Act Challenge

The American Association of University Professors and several labor unions filed suit against President Trump and federal agencies in N.D. California (Case No. 3:25-cv-07864-RFL) on September 16, 2025, alleging unlawful cancellation of hundreds of millions in research grants to the University of California. Plaintiffs claim First Amendment violations, statutory procedure violations, Tenth Amendment anti-commandeering, separation of powers violations, Fifth Amendment Due Process violations, and arbitrary and capricious conduct under the Administrative Procedure Act. They seek an injunction and declaration that defendants' conduct is unlawful.

Clinical Investigations: Investigators' Responsibilities for Medical Devices

MHRA published guidance clarifying clinical investigators' responsibilities when conducting medical device investigations in the UK. The guidance covers submission requirements, MHRA's approval process, device labeling standards, and documentation requirements. This is informational guidance without new legal obligations.

Biological Safety Assessments for Clinical Investigations of Medical Devices

MHRA published new guidance on biological safety assessments for clinical investigations of medical devices. The guidance specifies the information MHRA expects in clinical investigation submissions to verify compliance with relevant regulations. This applies to manufacturers and sponsors conducting clinical investigations of medical devices in the UK.