EPA Adds PFHxS-Na to Toxics Release Inventory

The EPA has finalized a rule adding sodium perfluorohexanesulfonate (PFHxS-Na) to the Toxics Release Inventory (TRI), bringing the total number of tracked PFAS to 206. Businesses in covered industries must now track and report releases of PFHxS-Na, with a reporting threshold of 100 lbs.

EPA Proposes Changes to PFAS Reporting Requirements

The EPA has proposed changes to its PFAS reporting requirements under the Toxic Substances Control Act (TSCA) to reduce regulatory burdens on businesses. The proposal aims to make reporting more practical and implementable, while still collecting essential use and safety information. The agency is seeking public comment on these proposed modifications.

OSHA Cites Florida Contractor $28,135 for Serious Violations After Fatality

The Occupational Safety and Health Administration (OSHA) has cited Hyvac Inc., a Florida contractor, for two serious violations after a worker fatality. The agency proposed $28,135 in penalties for exposing workers to struck-by hazards.

OSHA cites contractor after worker exposure to toxic chemicals

The U.S. Department of Labor's OSHA has cited PCE Petroleum Contractors Enterprises Inc. for 12 serious violations after a worker was fatally exposed to benzene and toluene. The agency proposed $60,242 in penalties.

OSHA Fines Grain Company $276,407 for Safety Violations After Worker Injury

The Occupational Safety and Health Administration has issued citations and proposed $276,407 in penalties to Alliance Grain Co. in Gibson City, Illinois. The citations stem from an inspection following a serious injury to a seasonal laborer, revealing violations related to machine guarding, lockout/tagout procedures, and grain bin entry safety.

Labor Department: Union Pacific Railroad wrongly terminated employee

The U.S. Department of Labor's OSHA found Union Pacific Railroad violated the Federal Railroad Safety Act by terminating an employee after they reported a work-related injury. OSHA ordered the company to reinstate the employee and pay over $315,000 in damages.

OSHA cites Adonel Concrete $58,604 for 9 serious violations after fatal injury

The U.S. Department of Labor's OSHA has cited Adonel Concrete Corp. for nine serious violations following a fatal injury to an employee. The company faces $58,604 in penalties for inadequate machine guarding and other safety failures.

OSHA Interim Enforcement Guidance on Handrail and Stair Rail Systems

OSHA has issued interim enforcement guidance regarding handrail and stair rail system requirements under 29 CFR 1910.28(b) and 1910.29(f). This guidance provides a temporary compliance path for employers until a final rule is issued, addressing a formatting error in Table D-2 of the 2016 Walking-Working Surfaces final rule.

OSHA Guidance on Recordability of Lithium-Ion Battery Injuries

OSHA issued guidance clarifying that workplace injuries resulting from employees improperly carrying personal rechargeable lithium-ion batteries (e.g., in e-cigarettes) are considered work-related and must be recorded under OSHA's recordkeeping regulation (29 CFR Part 1904). The guidance addresses a specific scenario involving unprotected batteries sparking in a pocket.

OSHA Clarifies Lead Contamination on Surfaces

OSHA has issued a clarification regarding the interpretation of "as free as practicable" for lead contamination on surfaces in its lead standard for construction. This guidance addresses employer responsibilities for maintaining clean work areas and lunchroom facilities to minimize lead exposure.

OSHA Interpretation on Respirator Medical Evaluations

OSHA has issued an interpretation clarifying its Respiratory Protection standard (29 CFR § 1910.134) regarding medical evaluations for respirator use. This interpretation addresses the extent of information employers must provide to healthcare professionals and the scope of the PLHCP's evaluation concerning an employee's ability to perform job tasks safely while using a respirator.

Accessible Deletion Mechanism for Data Brokers

The California Privacy Protection Agency has finalized regulations establishing an Accessible Deletion Mechanism (DROP) for data brokers, effective January 1, 2026. This system allows consumers to request the deletion of their personal information from registered data brokers through a single request to the agency.

California Adopts CCPA Regulations on Risk Assessments and Cybersecurity

The California Privacy Protection Agency has adopted final regulations updating the CCPA. These regulations implement requirements for risk assessments, annual cybersecurity audits, and consumers' rights regarding automated decision-making technology, effective January 1, 2026.

Data Broker Registration Fee Regulations

The California Privacy Protection Agency (CPPA) is now responsible for the state's data broker registry, effective January 1, 2024. Data brokers must pay an annual registration fee, which the CPPA may adjust. Final regulations for the fee structure have been published for 2024, 2025, and 2026 registrations.

CPPA Seeks Comments on Opt-out Preference Signals Rulemaking

The California Privacy Protection Agency (CPPA) is seeking preliminary public comments on potential rulemaking regarding Opt-out Preference Signals (OOPS). The agency is gathering information to explore whether regulatory changes are necessary to reduce friction in exercising privacy rights. Comments are due by April 6, 2026.

CPPA Seeks Comments on Reducing Privacy Rights Friction

The California Privacy Protection Agency (CPPA) is seeking preliminary comments on potential regulatory changes to reduce friction in how consumers exercise their privacy rights. The comment period is open from March 6, 2026, until April 6, 2026.

ENISA Seeks Feedback on Software Supply Chain Security Guidance

ENISA has launched public consultations on draft guidance for software supply chain security. Feedback is sought on an SBOM Landscape Analysis and a Technical Advisory for Secure Use of Package Managers, with a deadline of January 23, 2026.

ENISA Cybersecurity Exercise Methodology Guidance

ENISA has released a new cybersecurity exercise methodology to guide organizations in planning and executing effective cybersecurity exercises. The methodology provides a framework for simulating cyber crises, training response capabilities, and building resilience against cyber threats.

ENISA Report: EU Public Administrations Targeted by DDoS Attacks

ENISA has released a report detailing that EU public administrations are increasingly targeted by cyberattacks, primarily DDoS attacks, with central governments being the most affected. The report analyzes 586 incidents from 2024 and highlights the sector's developing cybersecurity resilience under the NIS2 Directive.

ENISA Report: Cybersecurity Investments and NIS2 Challenges

ENISA's 6th NIS Investments report reveals a shift in cybersecurity spending from personnel to technology and services across 1080 EU organizations. The report highlights persistent talent shortages and challenges in implementing the NIS2 Directive, despite compliance being a key investment driver.

ENISA Updates International Cybersecurity Strategy

ENISA has updated its International Strategy to enhance engagement with international partners and align with the EU's cybersecurity policies. The revised strategy focuses on cooperation with countries sharing EU values and includes specific working arrangements with Ukraine and the US, support for EU candidate countries, and operationalizing the EU Cybersecurity Reserve for third countries.

AI, 5G, Cybersecurity, and Data Interoperability in Connectivity

The IEEE Standards Association (IEEE SA) published a blog post discussing the future of connectivity, focusing on the integration of AI, 5G, cybersecurity, and data interoperability into intelligent infrastructure. The post highlights the evolving trends and the importance of consensus-based standards in shaping these advancements.

IEEE Medical Device Registry Enhances Healthcare Cybersecurity

The IEEE Standards Association has launched the IEEE Medical Device Registry, a public database of medical devices that have successfully completed cybersecurity certification under the IEEE 2621 framework. This initiative aims to enhance transparency and trust in healthcare by providing verifiable information on device cybersecurity performance.

2026 Healthcare Trends: AI, Medical Device Cybersecurity, Digital Therapeutics

The IEEE Standards Association has identified key healthcare and life sciences trends for 2026, focusing on AI-driven health delivery, medical device cybersecurity, and digital therapeutics. The notice highlights opportunities and challenges associated with these evolving technologies.

Joint Advisory on SD-WAN Appliance Exploitation

The NSA, CISA, and international cybersecurity agencies have issued a joint advisory regarding the exploitation of Cisco SD-WAN appliances. Threat actors are exploiting a specific vulnerability (CVE-2026-20127) to gain root access and establish persistence. The advisory includes a threat hunt guide and mitigation recommendations.

NIST CSF 2.0 Cybersecurity Risk Management Guidance

The National Institute of Standards and Technology (NIST) has released version 2.0 of its Cybersecurity Framework (CSF). This updated guidance provides a comprehensive taxonomy for organizations of all sizes and sectors to manage cybersecurity risks, offering a flexible approach to assessing and communicating cybersecurity efforts.

NIST Cybersecurity Framework 2.0 Implementation Resources

The National Institute of Standards and Technology (NIST) has released quick start guides and implementation resources for the Cybersecurity Framework (CSF) 2.0. These resources aim to help organizations of all sizes, including small businesses, understand and implement the updated framework.

NIST Cybersecurity Framework 2.0 Profiles and Resources

The National Institute of Standards and Technology (NIST) has released updated resources for its Cybersecurity Framework (CSF) 2.0, including organizational profile templates and community profiles. These resources aim to help organizations assess and improve their cybersecurity posture.

NIST Cybersecurity Framework (CSF) 2.0 Anniversary and Updates

NIST is celebrating the two-year anniversary of the Cybersecurity Framework (CSF) 2.0. The blog post highlights updates and resources released over the past two years, including expanded guidance on governance and informative references to other standards, emphasizing the framework's widespread adoption and ongoing development.

Apple Use-After-Free Vulnerability Fixed in iOS/iPadOS 17

CISA has added a use-after-free vulnerability (CVE-2023-41974) affecting Apple iOS and iPadOS to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, which could allow an app to execute arbitrary code with kernel privileges, has been fixed by Apple in iOS 17, iPadOS 17, iOS 15.8.7, and iPadOS 15.8.7.

SolarWinds Web Help Desk RCE Vulnerability CVE-2025-26399

CISA has added CVE-2025-26399, a critical remote code execution vulnerability in SolarWinds Web Help Desk, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability affects versions 12.8.7 and below and allows unauthenticated attackers to run commands on the host machine.

VMware Workspace ONE UEM SSRF Vulnerability CVE-2021-22054

CISA has added VMware Workspace ONE UEM console versions to the Known Exploited Vulnerabilities (KEV) catalog due to an SSRF vulnerability (CVE-2021-22054). This vulnerability may allow a malicious actor to gain access to sensitive information.

Ivanti EPM Authentication Bypass Vulnerability

CISA has added a vulnerability (CVE-2026-1603) in Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, an authentication bypass allowing credential data leakage, affects versions before 2024 SU5.

n8n RCE Vulnerability CVE-2025-68613

CISA has added CVE-2025-68613, a critical Remote Code Execution vulnerability in n8n's workflow evaluation system, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability affects versions prior to 1.120.4, 1.121.1, and 1.122.0 and allows authenticated attackers to execute arbitrary code.

WHO Expert Committee on Specifications for Pharmaceutical Preparations 57th Report

The WHO Expert Committee on Specifications for Pharmaceutical Preparations has released its 57th report, recommending new and revised guidance texts for pharmaceutical quality assurance. These include updated GMP for excipients, new GMP for radiopharmaceutical cold kits, revised lab quality control practices, and updated biowaiver guidelines.

WHO Expert Committee Adopts New Pharmaceutical Guidance

The WHO Expert Committee on Specifications for Pharmaceutical Preparations has adopted nine new guidance texts aimed at ensuring the quality assurance of medicines. These texts cover areas such as nitrosamine prevention, good manufacturing practices for excipients, and bioequivalence assessments, and are recommended for implementation.

WHO Expert Committee on Biological Standardization Eightieth Report

The World Health Organization has published the eightieth report of its Expert Committee on Biological Standardization. This report details the proceedings and recommendations from the committee's meeting held in October 2024, focusing on the norms and standards for biological products.

WHO Expert Committee on Pharmaceutical Preparations Meeting

The World Health Organization (WHO) announced the Sixtieth meeting of the Expert Committee on Specifications for Pharmaceutical Preparations, scheduled for October 12-16, 2026. This committee advises the Director-General on medicine quality assurance and the maintenance of The International Pharmacopoeia.

DEA Announces 10,744 Arrests in DC Safety Initiative

The Drug Enforcement Administration (DEA) announced 10,744 arrests as part of an initiative to enhance safety in Washington D.C. The operation involved collaboration between local and federal law enforcement agencies, with the goal of removing illicit substances from communities.

EMA PRAC Warns of Aseptic Meningitis Risk with Ixchiq Vaccine

The EMA's Pharmacovigilance Risk Assessment Committee (PRAC) has recommended updating the product information for the chikungunya vaccine Ixchiq to reflect recent evidence of aseptic meningitis risk, particularly in healthy young adults. This follows a safety signal investigation and is part of a regular safety assessment.

FDA Report on Drug Shortage Prevention Efforts

The FDA has released its annual report to Congress detailing efforts in calendar year 2024 to prevent and mitigate drug shortages. The report highlights successful interventions that prevented 283 potential shortages, with only 15 new shortages identified.

FDA Extends Drug Use Dates Due to Shortages

The FDA has extended the use dates for specific lots of certain drugs to help alleviate drug shortages. This guidance allows providers and patients to use these lots beyond their labeled expiration dates, based on manufacturer stability data. The agency is not requiring relabeling but expects replacement and disposal when new product becomes available.

FDA Drug Shortage Update

The FDA has updated its list of current and resolved drug shortages. The notice indicates 56 drugs are currently in shortage, 45 have been resolved, and 11 have been discontinued. This update provides a snapshot of the ongoing drug supply situation.

DEA Reports 10,712 Arrests and Reduced Drug Availability

The DEA announced 10,712 arrests and a reduction in drug availability on the streets of Washington, D.C. This enforcement action, in coordination with other law enforcement agencies, aims to improve public safety and reduce crime.

DEA Seizes $600,000 from Semi-Truck Driver

The DEA Houston Division announced the seizure of over $600,000 from a semi-truck driver suspected of transporting funds for Mexican cartels. The seizure was a joint effort with the Department of Homeland Security (DHS).

FDA Novel Drug Approvals in 2022

The FDA's Center for Drug Evaluation and Research (CDER) approved 37 novel drugs in 2022, including new molecular entities (NMEs) and new therapeutic biological products (BLAs). This notice summarizes these approvals and provides a link to the full report.

FDA Novel Drug Approvals in 2023

The FDA's Center for Drug Evaluation and Research (CDER) approved 55 novel drugs in 2023, representing new therapies not previously marketed in the U.S. The agency released a report detailing these approvals and their uses.

FDA Novel Drug Approvals 2024

The FDA's Center for Drug Evaluation and Research (CDER) approved 50 novel drugs in 2024, representing new molecular entities never before marketed in the U.S. This notice provides a list of these approvals and links to detailed reports and drug information.

FDA Novel Drug Approvals 2025

The FDA's Center for Drug Evaluation and Research (CDER) approved 46 novel drugs in 2025, meaning they were new and never before marketed in the U.S. The agency has released a report detailing these approvals, including drug names, active ingredients, and their approved uses.

FDA Approves 5 New Novel Drugs in 2026

The FDA has announced the approval of five new novel drugs in 2026 for various medical conditions. These approvals include treatments for achondroplasia, hyperarginemia, schizophrenia, bipolar disorder, atopic dermatitis, and Menkes disease. The agency updated its list of novel drug therapy approvals.