Michael Roger Day CPA Reinstatement Order

The Minnesota Board of Accountancy issued a reinstatement order for Michael Roger Day's CPA certificate, which had been revoked in 2018 for failure to renew. The certificate will be reinstated to inactive status upon payment of a $25 renewal fee within 90 days.

Medicaid Fraud Control Units Annual Report: FY 2025

The HHS OIG has released its annual report for Medicaid Fraud Control Units (MFCUs) for Fiscal Year 2025. The report details nearly $2 billion in combined criminal and civil recoveries, 1,185 convictions, and 900 exclusions from federal health care programs. It highlights trends in fraud and patient abuse investigations and prosecutions.

Netwrix Password Secure Vulnerabilities Allow Code Execution and DoS

CERT-Bund has issued a security advisory for Netwrix Password Secure, detailing multiple vulnerabilities that could allow for code execution and denial-of-service attacks. The advisory affects versions prior to 26.3.100 and is rated as high severity.

Critical Azure Vulnerabilities: Remote Attack, Privilege Escalation

CERT-Bund has issued a security advisory regarding critical vulnerabilities in Microsoft Azure DevOps, Data Factory, and Cloud Shell. These vulnerabilities allow remote attackers to escalate privileges, manipulate data, and disclose sensitive information, with a CVSS base score of 10.0.

Microsoft 365 Copilot Vulnerabilities Advisory

CERT-Bund has issued an advisory regarding multiple vulnerabilities in Microsoft 365 Copilot, with a CVSS base score of 8.9. These vulnerabilities could allow remote attackers to disclose information, manipulate data, and gain elevated privileges. Mitigation measures are available.

VMware Tanzu Spring Security Vulnerability

CERT-Bund has issued a security advisory for VMware Tanzu Spring Security, detailing a critical vulnerability (CVSS 9.1) that allows remote attackers to bypass security controls and potentially access confidential information. The advisory affects multiple versions of the Spring Security framework.

VMware Tanzu Spring Boot Actuator Vulnerabilities

CERT-Bund has issued a security advisory for VMware Tanzu Spring Boot Actuator, detailing vulnerabilities that allow remote attackers to bypass security measures. The advisory affects multiple versions of VMware Tanzu Spring Boot prior to specific patch levels and includes a high CVSS base score.

Kubernetes ingress-nginx Vulnerability Allows Code Execution and Info Disclosure

CERT-Bund has issued a security advisory for Kubernetes ingress-nginx, detailing a vulnerability that allows authenticated remote attackers to execute arbitrary code and disclose sensitive information. The advisory affects versions prior to 1.13.9, 1.14.5, and 1.15.1, with a high CVSS base score of 8.8.

Langflow Vulnerability Allows Remote Code Execution

CERT-Bund has issued a security advisory for Langflow, detailing a critical vulnerability that allows remote code execution. The advisory affects versions prior to 1.9.0 and impacts Linux, UNIX, and Windows operating systems. Mitigation measures are available.

Oracle Fusion Middleware Vulnerability Allows Code Execution

CERT-Bund has issued a security advisory for Oracle Fusion Middleware Identity Manager and Web Services Manager versions prior to 12.2.1.4.0 and 14.1.2.1.0. A critical vulnerability (CVSS 9.8) allows remote attackers to execute arbitrary code, potentially leading to full system compromise.