Oracle Vulnerability, Coinbase Fine & Bribery Act – 11/24/2025

This compliance digest highlights critical vulnerabilities impacting healthcare and financial sectors, alongside significant regulatory updates. Oracle Identity Manager and Emerson Appleton UPSMON-PRO both face active exploitation of critical flaws, demanding immediate attention. Coinbase is hit with a substantial fine from the Central Bank of Ireland for AML compliance failures. Also, a landmark conviction under the Bribery Act in the UK serves as a stark reminder of anti-corruption obligations.

Top 5 Critical Compliance Alerts

• Critical Flaw in Oracle Identity Manager Under Active Exploitation: CISA reports active exploitation of a critical vulnerability in Oracle Identity Manager. Read more
• Critical Vulnerability Identified in Emerson Appleton UPSMON-PRO: A critical vulnerability exists in Emerson Appleton UPSMON-PRO, impacting uninterruptible power supply management. Read more
• Delta Dental of Virginia Data Breach Affects 146,000 Individuals: Delta Dental notifies 146,000 members of a security incident exposing protected health information. Read more
• Central Bank of Ireland Fines Coinbase More Than €21 Million: Coinbase is fined for AML and counter-terrorist financing transaction monitoring failures. Read more
• A landmark first conviction under the Bribery Act and a warning UK businesses cannot ignore: Former Reform UK Wales leader and MEP Nathan Gill sentenced to ten and a half years in prison marks one of the most significant anti-corruption moments in modern British history. Read more

Compliance Frameworks

• Request for Comments: PCI Key Management Operations (KMO) v1.0 Standard: PCI SSC seeks feedback on the draft PCI Key Management Operations (KMO) v1.0 Standard. Read more

Regulatory Updates

• Central Bank of Ireland Fines Coinbase More Than €21 Million: Coinbase is fined for AML and counter-terrorist financing transaction monitoring failures. Read more
• Understanding the FSI No-Action Letter: What It Does, and Does Not, Mean for RIAs: Analysis of the SEC Staff’s no-action letter to the Financial Services Institute (FSI). Read more
• So You Want to Apply to Become a CFTC-Registered Designated Contract Market (DCM)? Here’s What You Should Know: Insights into the increased demand for CFTC designation as a derivatives exchange. Read more
• A landmark first conviction under the Bribery Act and a warning UK businesses cannot ignore: Former Reform UK Wales leader and MEP Nathan Gill sentenced to ten and a half years in prison marks one of the most significant anti-corruption moments in modern British history. Read more

Healthcare Cybersecurity

• HSCC Updates Model Contract Language Framework for HDOs & MDMs: The Health Sector Coordinating Council (HSCC) has published updated Model Contract Language for MedTech Cybersecurity. Read more
• Critical Flaw in Oracle Identity Manager Under Active Exploitation: CISA reports active exploitation of a critical vulnerability in Oracle Identity Manager. Read more
• Critical Vulnerability Identified in Emerson Appleton UPSMON-PRO: A critical vulnerability exists in Emerson Appleton UPSMON-PRO, impacting uninterruptible power supply management. Read more
• Delta Dental of Virginia Data Breach Affects 146,000 Individuals: Delta Dental notifies 146,000 members of a security incident exposing protected health information. Read more
• Goshen Health & Hancock Health Settle Pixel Data Breach Lawsuits: Goshen Health System and Hancock Health in Indiana settle lawsuits related to pixel data breaches. Read more