Insights

Critical Security Bulletin Fortinet FortiClient EMS - Unauthenticated Remote Code Execution (CVE-2026-35616)Advisory: Fortinet PSIRT FG-IR-26-099Published: April 4, 2026Severity: Critical (CVSS 9.1-9.8)Status: Active exploitation observed Executive Summary A critical vulnerability in Fortinet FortiClient EMS (Endpoint Management Server) allows unauthenticated remote attackers to execute arbitrary code via crafted API requests. This issue, tracked as CVE-2026-35616, stems from improper access control in exposed API functionality and requires no authentication or user interaction. Active exploitation has already been observed in the wild, elevating this from a patching priority to an immediate incident response concern. Technical Overview Vulnerability Type: Improper Access Control (CWE-284) Attack Vector: Network (remote, unauthenticated) Component: FortiClient EMS API Attack Complexity: Low Privileges Required: None User Interaction: None The flaw allows attackers to bypass API authentication controls and submit crafted requests that execute arbitrary code on the EMS server. Root Cause Failure to properly enforce authentication and authorization checks within API endpoints…

Security Bulletin CVE-2026-32987 - OpenClaw Bootstrap Code Replay Leading to Administrative Access Overview CVE-2026-32987 is a critical vulnerability affecting OpenClaw that allows an unauthenticated attacker to achieve full administrative access through repeated replay of bootstrap pairing codes. The issue stems from improper enforcement of single-use validation during the device onboarding process. This allows an attacker to reuse a valid bootstrap code multiple times and progressively escalate privileges. This vulnerability is network exploitable, requires no authentication, and does not require user interaction. Affected Systems OpenClaw versions prior to 2026.3.13 Any environment leveraging OpenClaw for device onboarding or orchestration should be considered at risk if not fully patched. Severity Assessment CVSS Classification: Critical Attack Vector: Network Authentication Required: None User Interaction: None Impact: Full administrative compromise This vulnerability provides a direct path to operator.admin-level access, effectively granting complete control of the platform. Technical Details The vulnerability is categorized under: CWE-294: Authentication Bypass…

March 2026 Cyber activity in March reflects a continued shift toward more visible, coordinated, and operationally impactful threats. What stands out is not just the techniques being used, but how intentionally they are being applied - aligning with broader geopolitical tension, supply chain exposure, and business disruption. Attackers are no longer just trying to get in. They are thinking about how their activity will be seen, felt, and amplified once they do. What We're Seeing This Month Threat Activity Is Becoming More Visible Cyber operations are increasingly designed to be noticed. In many cases, attackers are not just executing intrusions, they are shaping narratives through data exposure, public disclosures, and targeted messaging. This creates a dual-layered impact. Organizations are dealing with both the technical incident and the external perception of it at the same time. For security teams, this means response plans can't stop at containment. There needs to be…

Executive Summary The termination of the VMware Cloud Service Provider (VCSP) program represents a significant shift in how organizations access and operate VMware-based infrastructure. This change is not limited to licensing or partner relationships. It introduces structural impacts to cost models, service delivery, and long-term infrastructure strategy. Organizations that relied on VCSP partners for hosted or managed VMware environments must now reassess their architecture, vendor dependencies, and operational approach. The decision forces organizations into a defined set of paths: remain within a constrained VMware ecosystem, transition to alternative service providers, or undertake a broader migration to new platforms or cloud models. Immediate action is required to assess exposure, define a transition strategy, and avoid operational or financial disruption. Background The VCSP program historically enabled service providers to deliver VMware-based infrastructure as a service. This model provided: Flexible consumption-based pricing Partner-managed infrastructure operations Access to enterprise virtualization without full ownership of…