DOH Urges Parents of Seventh-Grade Students to Schedule Checkup Visits

The Hawaii Department of Health issued a public reminder on April 7, 2026, urging parents to schedule well-child visits for students entering seventh grade before the 2026-2027 school year. Hawaii law requires students to submit documentation of a physical exam and required vaccinations (Tdap, MCV, HPV) or have an approved exemption. The notice highlights rising pertussis cases in Hawaii, which increased from 3 cases in 2023 to 252 cases in 2025.

Group A Strep outbreak West Hawaii, investigation underway

The Hawaii Department of Health and CDC are investigating elevated rates of invasive Group A Streptococcus (iGAS) infections in West Hawaii. The investigation began after a local physician reported higher-than-expected cases over several months. DOH routinely monitors these infections, and Hawaii has historically had higher rates than the national average. Investigators aim to confirm whether cases are increasing, identify risk factors, evaluate disease reporting, and understand how infections are occurring in the community.

Checkmk Critical Vulnerabilities - Privilege Escalation and XSS

CERT-Bund issued security advisory WID-SEC-2026-0983 identifying critical vulnerabilities in Checkmk IT monitoring software. Multiple security flaws including privilege escalation and Cross-Site Scripting (XSS) were discovered affecting versions below 2.6.0b1, 2.5.0b3, 2.4.0p25, and 2.3.0p46. The vulnerabilities carry a CVSS Base Score of 9.0 (critical) and enable remote attackers to elevate privileges and execute XSS attacks on affected systems running Linux and UNIX.

OpenSSH Multiple Vulnerabilities - Remote Code Execution and Privilege Escalation

CERT-Bund issued security advisory WID-SEC-2026-0979 warning of multiple vulnerabilities in OpenSSH versions prior to 10.3. The vulnerabilities carry a CVSS Base Score of 7.5 (high) and enable remote attackers to execute arbitrary code, escalate privileges, or bypass security mechanisms on affected systems running Linux, UNIX, and Windows. Mitigation measures are available but immediate patching is required.

Keycloak vulnerabilities CVSS 8.1, affects Linux

Keycloak vulnerabilities CVSS 8.1, affects Linux

Apache Traffic Server vulnerabilities allow DoS, request smuggling

CERT-Bund published security advisory WID-SEC-2026-0978 disclosing multiple vulnerabilities (CVSS Base Score 7.5, CVSS Temporal Score 6.5) in Apache Traffic Server. The vulnerabilities affect versions prior to 9.1.13 and 10.1.2 running on Linux and UNIX systems, including Debian Linux and Fedora Linux. Remote attackers can exploit these vulnerabilities to conduct Denial of Service or HTTP Request Smuggling attacks. Mitigations are available.

OpenClaw Multiple Vulnerabilities - CVSS 5.3 (Medium)

CERT-Bund issued a security advisory identifying multiple vulnerabilities in OpenClaw, a personal AI assistant for Linux. The vulnerabilities carry a CVSS Base Score of 5.3 (medium) and allow remote anonymous attackers to manipulate data, bypass security mechanisms, or cause denial of service. Affected versions include OpenClaw prior to version 2026.4.2.

sudo Vulnerability Enables Privilege Escalation - CVSS 7.4

CERT-Bund issued security advisory WID-SEC-2026-0971 regarding a vulnerability in sudo (CVSS Base Score 7.4) affecting Linux and UNIX systems. The vulnerability enables local attackers to escalate privileges. Affected products include Microsoft Azure Linux azl3 and Open Source sudo. Mitigation measures are available.

MariaDB DoS Vulnerability - CVSS 6.5 Medium Severity

CERT-Bund issued advisory WID-SEC-2026-0972 disclosing a medium-severity denial-of-service vulnerability in MariaDB database systems. Affected versions include MariaDB prior to 11.4.10, 11.8.6, and 12.2.2, with a CVSS base score of 6.5. Remote authenticated attackers can exploit this vulnerability to conduct DoS attacks against affected installations on Linux, UNIX, and Windows platforms.

OpenBSD Vulnerability Enables Unspecified Remote Attack

CERT-Bund issued a security advisory regarding a high-severity vulnerability (CVSS 7.3) in OpenBSD versions 7.7 and 7.8 that enables remote attacks by unauthenticated threat actors. The vulnerability allows remote code execution without user interaction. Organizations running affected OpenBSD systems should review and apply available mitigations immediately.