When Fully Patched Isn’t Enough: The Fortinet SSO Bypass That’s Keeping Us All Awake

I’ll be honest – when I saw the headlines about Fortinet confirming active exploitation on fully patched FortiGate firewalls, my stomach dropped a little. We’ve all been there: you patch everything, check your compliance dashboards, and feel that brief moment of security satisfaction. Then reality comes knocking with news like this.

The Patch That Wasn’t Enough

Here’s what we know so far. Fortinet has confirmed they’re dealing with a FortiCloud SSO authentication bypass vulnerability that’s being actively exploited, even on devices running the latest firmware. The really unsettling part? They’ve identified multiple cases where attacks succeeded on fully upgraded devices, suggesting we’re looking at either a new variant or something that slipped through their initial fix.

When Trust Becomes the Attack Vector: Why Security Culture Matters More Than Ever

I’ve been tracking some concerning trends in this week’s security news, and there’s a pattern emerging that I think we all need to pay attention to. Attackers are getting smarter about exploiting the one thing that’s hardest to patch: human trust.

The New Face of Social Engineering

The most unsettling story I came across involves what researchers are calling “Contagious Interview” attacks. Here’s how it works: attackers pose as potential employers, invite developers to participate in coding challenges, and ask them to clone a seemingly legitimate repository in VS Code. Once the victim grants trust to the repository’s author, malicious code executes with no further user interaction required.

VMware’s Critical Flaw Gets CISA’s Attention While Vulnerability Management Faces Growing Pains

It’s been one of those weeks where the vulnerability management world feels like it’s simultaneously moving too fast and too slow. CISA just added another critical VMware flaw to their Known Exploited Vulnerabilities catalog, while across the pond, Europe’s new vulnerability database is stirring up concerns about making an already complex landscape even messier.

The VMware Problem That Won’t Go Away

Let’s start with the immediate concern: CISA has flagged CVE-2024-37079, a heap overflow vulnerability in VMware vCenter Server with a CVSS score of 9.8. Now, here’s the kicker – this flaw was patched back in June 2024, but CISA is adding it to the KEV catalog now because they’re seeing active exploitation in the wild.

The AI Security Reckoning: When “Move Fast and Break Things” Meets Critical Infrastructure

Remember when our biggest worry was whether someone would click on a phishing email? Those days feel quaint now. This week’s security news reads like a perfect storm of AI adoption outpacing security controls, and frankly, it’s keeping me up at night.

The “Who Approved This Agent?” Problem

Let’s start with what might be the most pervasive issue flying under the radar: AI agent governance. I’ve been in enough incident response calls to know that sinking feeling when you discover a system you didn’t know existed just caused a major problem.

When Nation-States Target Power Grids and AI Starts Hacking Back: What December’s Attacks Tell Us

Last week brought some sobering reminders about where cybersecurity is heading, and honestly, I’m not sure we’re keeping pace. Between Russia’s latest attempt to knock out Poland’s power grid and new research showing AI can now chain together complex network attacks, it feels like we’re watching the threat landscape shift in real time.

Let me walk you through what happened and why I think these incidents are more connected than they first appear.

Why 2026’s First Month Shows We’re Fighting the Wrong Battles

I’ve been watching the security news roll in this past week, and honestly, it feels like we’re stuck in a loop. New attack vectors, same old problems, and a growing disconnect between what we’re securing and what actually needs protection.

Let me walk you through what caught my attention and why I think we need to have a serious conversation about priorities.

AI Enters the Security Threat Playbook: From Malicious Code Generation to Deepfake Investigations

I’ve been tracking some concerning developments this week that show how AI is becoming a double-edged sword in our field. We’re seeing threat actors weaponize AI tools while platforms struggle with the same technology creating new regulatory headaches.

North Korean Groups Go Full AI for Malware Development

The most striking story comes from researchers tracking the Konni group, a North Korean threat actor that’s now using AI to generate PowerShell backdoors. They’re targeting blockchain developers across Japan, Australia, and India - a significant expansion from their usual focus on South Korea and Eastern Europe.

When Cloudflare Hiccups and Hackers Get Creative: This Week’s Security Reality Check

We’ve had quite a week in security, and honestly, some of these stories hit close to home. From infrastructure giants having configuration mishaps to attackers getting increasingly sophisticated with their social engineering, there’s a lot to unpack here.

The 25-Minute Reminder That BGP Is Still Fragile

Let’s start with the elephant in the room: Cloudflare’s BGP route leak that lasted 25 minutes but caused enough chaos to drop 12 Gbps of traffic. If you’re thinking “that’s not that long,” well, tell that to anyone trying to access IPv6 services during that window.

Microsoft’s Emergency Office Patch Shows Why Zero-Days Keep Getting Worse

Another week, another emergency patch from Microsoft. This time it’s a high-severity Office zero-day that was already being exploited in the wild before they could get a fix out the door. If you’re feeling like we’re seeing more of these lately, you’re not wrong – and there’s a bigger pattern here worth talking about.

The Office Zero-Day Reality Check

Microsoft pushed out emergency security updates last weekend to patch what they’re calling a high-severity Office vulnerability that attackers were actively exploiting. Microsoft patches actively exploited Office zero-day vulnerability. The details are still pretty thin, but the “actively exploited” part should grab everyone’s attention.

When Convenience Becomes a Security Nightmare: This Week’s Reality Check

You know that feeling when you’re explaining to your non-tech relatives why they shouldn’t click on every popup they see? Well, this week’s security news makes me think we need to have that same conversation with ourselves as professionals. The attacks are getting more sophisticated, and they’re targeting the very tools and conveniences we rely on daily.

The ClickFix Evolution: When Fake CAPTCHAs Meet Microsoft’s Own Tools

Let’s start with something that made me do a double-take. Attackers are now combining the ClickFix method with fake CAPTCHA prompts and—here’s the kicker—legitimate, signed Microsoft Application Virtualization (App-V) scripts to deliver the Amatera infostealer. BleepingComputer broke this story, and it’s a perfect example of how threat actors are weaponizing trust.