myHSA is a software used to facilitate Health Spending Accounts. Designed for advisors, by advisors. Visit getmyhsa.com to learn more about the wide range of Health & Wellness Spending Accounts available! myCharity, Insurance, Telemedicine, and EAP Add-Ons are also available with HSA or as a standalone product.
As the future of work continues to evolve, Paychex leads the way by making complex HR, payroll, and benefits brilliantly simple. Our unique combination of digital HR technology and advisory solutions meets the changing needs of employers and their employees. You can see the results in our growth as an HR leader and the positive returns we deliver to our shareholders. Paychex, Inc. (Nasdaq: PAYX) is a leading provider of integrated human capital management solutions for payroll, benefits, human resources, and insurance services. -Industry expertise since 1971 ~740,000 business clients in the U.S. and Europe -Pays 1 in 12 U.S. private sector employees -A top HR outsourcer — serving 2.2M worksite employees through our HR outsourcing solutions Information regarding money transmitter licensing can be found on the NMLS Consumer Access website, www.nmlsconsumeraccess.org, and Paychex at www.paychex.com/corporate/legal. The Commissioner of Financial Regulation for the State of Maryland will accept all questions or complaints from Maryland residents regarding Paychex, Inc. (1029977) at: 100 S. Charles Street, Tower I, Suite 5300 Baltimore, Maryland 21201 888-784-0136
Security & Compliance Standards Overview
No incidents recorded for myHSA in 2026.
No incidents recorded for Paychex in 2026.
myHSA cyber incidents detection timeline including parent company and subsidiaries
Paychex cyber incidents detection timeline including parent company and subsidiaries
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, two peer-facing consensus request handlers assume that the history index is always available and call blockchain.history_store.history_index().unwrap() directly. That assumption is false by construction. HistoryStoreProxy::history_index() explicitly returns None for the valid HistoryStoreProxy::WithoutIndex state. when a full node is syncing or otherwise running without the history index, a remote peer can send RequestTransactionsProof or RequestTransactionReceiptsByAddress and trigger an Option::unwrap() panic on the request path. This issue has been patched in version 1.3.0.
PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.download_file() in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream() with follow_redirects=True. An attacker who controls the URL can reach any host accessible from the server including cloud metadata services and internal network services. This issue has been patched in version 1.5.95.
PraisonAI is a multi-agent teams system. Prior to version 4.5.97, OAuthManager.validate_token() returns True for any token not found in its internal store, which is empty by default. Any HTTP request to the MCP server with an arbitrary Bearer token is treated as authenticated, granting full access to all registered tools and agent capabilities. This issue has been patched in version 4.5.97.
PraisonAI is a multi-agent teams system. Prior to version 4.5.97, the PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any network client can connect, enumerate registered agents, and send arbitrary messages to agents and their tool sets. This issue has been patched in version 4.5.97.
PraisonAI is a multi-agent teams system. Prior to version 4.5.90, MCPToolIndex.search_tools() compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization, or timeout. A crafted regex causes catastrophic backtracking in the re engine, blocking the Python thread for hundreds of seconds and causing a complete service outage. This issue has been patched in version 4.5.90.
