Latest Internet & Cybersecurity News
CISA Adds Fortinet FortiClient EMS Zero-Day CVE-2026-35616 to KEV Catalog
CISA mandated federal agencies to remediate CVE-2026-35616, a critical improper access control vulnerability (CVSS 9.1) in FortiClient EMS versions 7.4.5 and 7.4.6, by April 9, 2026. Active exploitation began March 31, enabling unauthenticated RCE on over 2,000 exposed instances worldwide. Fortinet urges immediate hotfix installation following confirmation of in-the-wild attacks.
White House Proposes $707M Cut to CISA Funding for FY 2027
The Trump Administration plans to reduce CISA's budget from $2.7 billion by $707 million, citing inefficiencies, to refocus on core missions like protecting federal networks. This follows a 2025 proposal scaled back by Congress; experts worry about impacts on national cybersecurity.
Acting director Nick Andersen commits to efficiency amid workforce changes.
Pro-Ukrainian Bearlyfy Group Conducts 70+ Cyber Attacks on Russian Firms
The hacker group Bearlyfy, aligned with Ukraine, has launched over 70 cyber attacks targeting Russian companies since emerging recently. These operations highlight escalating cyber conflict in the region.
Attribution comes from ongoing threat analysis reports.
Shadowserver Warns of 2,000+ Exposed FortiClient EMS Instances Actively Exploited
Over 2,000 publicly accessible FortiClient EMS servers worldwide are vulnerable, with at least two confirmed exploited via critical RCE flaws. The EMS telemetry endpoint's internet exposure widens the attack surface.
Administrators urged to apply patches immediately.
SANS Institute 2026 Report: Cybersecurity Workforce Shift from Headcount to Capability
A new SANS and GIAC report states the cybersecurity skills gap is now about capability, not just numbers, in industrial sectors. This identifies evolving challenges in building effective teams.
Recommendations focus on targeted skill development.
Anthropic's Mythos AI Model Enhances Vulnerability Detection, Boosts Cybersecurity Demand
Anthropic's Mythos model excels at finding cyber vulnerabilities, posing no risk to security firms but increasing demand for defenses against AI-expanded attack surfaces. Analysts see it offsetting threats rather than replacing human-led security.
Cybersecurity stocks remain attractive amid this shift.
Microsoft Rolls Out Latest Security Intelligence as Storm-1175 Exploits Web Apps
Microsoft warns of Storm-1175 actively exploiting web-facing applications in its April 7 security update. This accompanies CISA's Fortinet alerts, emphasizing rapid patching needs.
Global admins advised to review exposures.
Zscaler 2026 VPN Risk Report: Remote Access Fastest Path to Breaches
Zscaler ThreatLabz reports VPNs as the quickest breach vector due to collapsed human response windows in remote work. AI integration worsens risks in hybrid environments.
Mitigation stresses zero-trust architectures.
Second Critical FortiClient EMS Vulnerability Exploited in Weeks
This Fortinet flaw marks the second critical EMS zero-day exploited recently, raising alarms over internet-facing deployments. Discovered by Defused Cyber researchers, it grants RCE primitives.
Fortinet's emergency advisory confirms ongoing threats.
Trump Re-Nominates Sean Plankey as CISA Director Amid Funding Debate
President Trump re-nominated Sean Plankey for CISA director as the agency faces proposed cuts and plans 300+ mission-critical hires. This shapes CISA's direction post-budget concerns.
Lawmakers and experts debate impacts on infrastructure protection.
Cybersecurity Influencers Leverage Wilbur Soot Incident for MFA Polls
The April 2026 Wilbur Soot social media rumors incident prompts Mastodon and LinkedIn polls on MFA adoption, with 68% support. It underscores authentication gaps in high-profile cases.
Influencers use it to advocate stronger security practices.
Cybersecurity Bear Market Deepens Amid Oil Price Surge and Geopolitical Tensions
Trading insights note cybersecurity stocks in a bear market as oil hits $112 and fear index rises to 22, linked to Iran conflicts. This reflects broader market pressures on sector investments.
Live analysis highlights real-time risks.