Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On April 4, 2026, Fortinet released a hotfix for a critical vulnerability in FortiClient EMS (CVE-2026-35616) that allows unauthenticated remote threat actors to execute unauthorized code or commands via crafted requests. The flaw stems from improper access control in the API authentication. Fortinet has confirmed observing exploitation of CVE-2026-35616 in the wild. The vulnerability was responsibly disclosed by Defused, which had observed exploitation prior to Fortinet’s official disclosure.

Walking the halls of Moscone Center last week, the energy was high, but the conversation had a notably different edge than last year. In 2025, everyone was asking, "What can AI do?" This year, "How can we trust it?" As the theme "The Power of Community" echoed across the keynotes, one thing became clear: a community is only as strong as its foundation. For network and cybersecurity professionals to truly operate as one, we must move beyond fragmented data to a single, trusted source of truth.

Attackers inside OT environments don’t run, they walk slowly, blend in, and map everything before they act. Here’s why cyber deception technology is built for exactly that threat.

For decades, enterprise IT has been shaped by point solutions and stitched-together architectures. Many so-called platforms are product portfolios in disguise, made up of separately built or acquired solutions that run on disparate architectures and are loosely connected at best. Today, there’s a fundamental shift happening in enterprise IT. It’s not about another feature or another product category. It’s about economics.

Anthropic’s upcoming Mythos model points to something far more consequential than another leap in artificial intelligence. It signals a shift that could redefine the balance between attackers and defenders in cyberspace.

For SOC teams, the battle against cyber threats can feel like trying to solve a 3D jigsaw puzzle in a bouncy house with missing pieces and a timer blasting every few seconds. Despite the increase in security spending, most teams still struggle with inefficient investigations, alert fatigue, and the non-stop guessing game of prioritizing threats. That’s why we’re excited about our latest integration with Microsoft Security that we hope will help address these persistently common challenges.

Security vendors have linked recent incidents involving trusted software components to a supply chain attack campaign by TeamPCP, a cloud-focused threat actor group. The reported activity involved three widely used types of development components, which include.