Oregon Bureau Lifts Wage Claim Income Threshold

The Oregon Bureau of Labor and Industries (BOLI) is lifting the income threshold for wage claims, restoring investigations for all Oregonians regardless of income level. This change, effective October 1, 2025, is enabled by a legislative investment that increases BOLI's capacity by 30%.

BOLI ADR Program Secures Over $3 Million in Settlements

The Oregon Bureau of Labor and Industries (BOLI) announced that its Alternative Dispute Resolution (ADR) program has secured over $3 million in settlements for Oregonians in its first year. The program offers free, confidential mediation services to resolve disputes between workers, employers, tenants, and landlords.

Oregon BOLI Funding Bill HB 4027 A Passed Legislature

The Oregon Legislature has passed House Bill 4027 A, securing a stable funding framework for the Bureau of Labor and Industries (BOLI). This legislation aims to ensure the long-term sustainability of Oregon's workplace and civil rights enforcement system.

SuiteCRM Vulnerabilities Allow Code Execution, Data Manipulation, SSRF, DoS

CERT-Bund has issued a security advisory for SuiteCRM, detailing multiple vulnerabilities that could allow attackers to execute arbitrary code, manipulate data, perform SSRF attacks, or cause denial-of-service conditions. The advisory affects versions prior to 7.15.1 and 8.9.3, with a CVSS base score of 8.8.

Python Path Traversal Vulnerability Disclosed

CERT-Bund has disclosed a path traversal vulnerability in Python versions prior to 3.15.0. The vulnerability, with a CVSS base score of 4.0, allows local attackers to exploit the flaw. Mitigation is available.

Roundcube Vulnerabilities: Critical Score, File Manipulation, XSS

CERT-Bund has issued a security advisory for Roundcube, a PHP-based open-source webmail system. Multiple vulnerabilities with a critical CVSS base score of 10.0 have been identified, allowing attackers to manipulate files, bypass security measures, and perform cross-site scripting attacks.

Microsoft Dynamics 365 SQL Injection Vulnerability

CERT-Bund has issued a security advisory for Microsoft Dynamics 365 Customer Engagement regarding a critical SQL injection vulnerability (CVSS 8.8). The vulnerability allows authenticated remote attackers to execute arbitrary SQL commands, potentially leading to privilege escalation or operating system command execution.

Keycloak Vulnerabilities: Info Disclosure and Privilege Escalation

CERT-Bund has issued a security advisory regarding critical vulnerabilities in Keycloak versions prior to 26.5.6. These vulnerabilities allow for remote information disclosure and privilege escalation. Mitigation is available.

libarchive Vulnerability Allows Denial-of-Service

CERT-Bund has issued a security advisory regarding a vulnerability in the libarchive library, which allows for denial-of-service attacks. The vulnerability affects various operating systems including Linux, UNIX, and Windows, and specific versions of Red Hat Enterprise Linux. Mitigation measures are available.

Ubiquiti UniFi Vulnerabilities Allow Privilege Escalation

CERT-Bund has issued a security advisory for Ubiquiti UniFi Network Application, detailing vulnerabilities that allow for privilege escalation. The advisory assigns a critical CVSS Base Score of 10.0 and a high CVSS Temporal Score of 8.7, indicating a significant security risk. Affected versions include UniFi Network Application <10.1.89, <10.2.97, <9.0.118, and UniFi Express <4.0.13.