HR 8880 Introduced - Small Business Cybersecurity Assistance Report

Last month, Rep Simon (D,CA) introduced HR 8880, the Small Business Cybersecurity Assistance Evaluation Act of 2026. The bill would require the GAO to conduct a study of current Federal cybersecurity initiatives, programs, resources, tools, and services intended to assist owners of small business concerns. No new funding is authorized by this legislation. 

I can find no legislation in the 118th Congress that would appear to be similar to HR 8880. 

Moving Forward  

On May 20th, 2026, the House Small Business Committee held a business meeting where nine bills were considered, including HR 8880. By a vote of 23 to 0, the Committee adopted the bill as introduced. On June 3rd, 2026, the Committee Report on the bill was published. HR 8880 is currently scheduled to be considered by the House today under the suspension of the rules process. Strong, bipartisan support for the bill is expected. 

For more information on the provisions of this bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-8880-introduced-small-business - subscription required. 

Review - Public ICS Disclosures – Week of 6-13-26 – Part 3

For Part 3 we have 10 vendor updates from CODESYS (4), D-Link (2), FortiGuard, HP, Moxa (2). There are two researcher reports for vulnerabilities in products from Phoenix Contact and Sprecher Automation. Finally, we have two exploits for products from D-Link and Genetec. 

Updates  

CODESYS Update #1 - CODESYS published an update for their Auditlog advisory that was originally published on March 24th, 2026. 

CODESYS Update #2 - CODESYS published an update for their Control advisory that was originally published on May 21st, 2026, and most recently updated on May 26th, 2026. 

CODESYS Update #3 - CODESYS published an update for their Control advisory that was originally published on May 21st, 2026, and most recently updated on May 26th, 2026. 

CODESYS Updte #4 - CODESYS published an update for their Control V3 advisory that was originally puublished on March 24th, 2026. 

D-Link Advisory #1 - D-Link published an update for their DWR-921 advisory that was originally published on April 22nd, 2021.  

D-Link Advisory #2 - D-Link published an update for their DCS-935L advisory that was originally published on September 12th, 2025. 

FortiGuard Update - FortiGuard published an update for their FortiOS advisory that was originally published on June 10th, 2025. 

HP Update - HP published an update for their Intel Chipset advisory that was originally published on October 17th, 2025, and most recently updated on March 19th, 2026. 

Moxa Update #1 - Moxa published an update for their Linux Kernel advisory that was originally published on May 26th, 2026. 

Moxa Update #2 - Moxa published an update for their NPort 5000 Series advisory that was originally published on October 3rd, 2023, and most recently updated on October 23rd, 2023. 

Researcher Reports  

Phoenix Contact Report - Nozomi Networks published a report that describes six vulnerabilities in the Phoenix Contact PLCnext product. 

Sprecher Report - SEC Consult published a report that describes seven vulnerabilities in the Sprecher SPRECON-E-C/-E-P/-E-T3 systems. 

Exploits  

D-Link Exploit - Indoushka published an exploit for a privlege escalation vulnerability in the D-Link DSL2600U routers. 

Genetec Exploit - Indoushka published an exploit for for an incorrect permission assignement for criitical resource vulnerability in the Genetec RabbitMQ. 

For more information on these disclosures, see my article at CFSN Detailed Analysis - - subscription required. 

Short Takes – 6-22-26 - Federal Register Edition

EPCRA Hazardous Chemical Inventory Reporting Requirements: Conformity With the 2024 OSHA Hazard Communication Standard. Federal Register EPA final rule. Summary: “The Environmental Protection Agency is conforming the Emergency Planning and Community Right-to-Know Act hazardous chemical inventory reporting regulations to the Occupational Safety and Health Administration's Hazard Communication Standard amendments of 2012 and 2024. The Emergency Planning and Community Right-to-Know Act (EPCRA) and its regulations rely on the Occupational Safety and Health Administration's (OSHA's) Hazard Communication Standard for the definition of a hazardous chemical and for the categories of health and physical hazards that must be reported under the hazardous chemical inventory regulations. This action conforms the terminology used and information that must be reported on the hazardous chemical inventory forms to the Hazard Communication Standard amendments. As a result, this action improves first responder and community safety, reduces discrepancies and confusion, prevents interpretation burdens on facilities when using (Material) Safety Data Sheets to complete annual hazardous chemical inventory reports, and enhances clarity.” 

1,2-Dichloropropane (1,2-DCP); 1,1,2-Trichloroethane (1,1,2-TCA); Trans-1,2-Dichloroethylene (tDCE); 4,4′-(1-Methylethylidene)bis[2, 6-Dibromophenol] (TBBPA); and Ethylene Dibromide (EDB); Draft Hazard and Exposure Assessments; Science Advisory Committee on Chemicals (SACC) Peer Review; Notice of SACC Meeting; Availability of Draft Documents and Request for Comment. Federal Register EPA notice. Summary: “The Environmental Protection Agency (EPA or Agency) is announcing two virtual public meetings of the Science Advisory Committee on Chemicals (SACC). The first is a preparatory meeting scheduled for July 23, 2026. During the meeting, the SACC will consider the scope and clarity of the draft charge questions for the peer review of the draft technical support documents for 1,2-dichloropropane (1,2-DCP), 1,1,2-trichloroethane (1,1,2-TCA), trans-1,2-dichloroethylene (tDCE), 4,4′-(1-Methylethylidene)bis[2, 6-dibromophenol] (TBBPA), and ethylene dibromide (EDB). The second is the virtual SACC peer review meeting which will be held August 3 through 7, 2026, for the SACC to consider the draft technical support documents for 1,2-DCP, 1,1,2-TCA, tDCE, TBBPA, and EDB, and public comments on those materials. EPA is also announcing the availability of and soliciting public comment on the draft documents and charge questions that will be provided to the SACC for this peer review. The draft technical support documents were prepared under the Toxic Substances Control Act (TSCA) and will be submitted to the SACC for peer review.” 

Pipeline Safety: Declaratory Order Procedures; Response To Petition for Reconsideration. Federal Register PHMSA petition response. Summary: “On April 24, 2026, PHMSA issued the final rule Pipeline Safety: Declaratory Order Procedures,91 FR 21968. The Pipeline Safety Trust filed a petition for reconsideration of this final rule on May 26, 2026, which challenged various issues. PHMSA denied the petition on June 11, 2026. Each of these documents is available in the rulemaking docket that is accessible on http://www.regulations.gov by searching for docket number PHMSA-2026-1537.”