The cracks are starting to show.
|
From actively exploited enterprise tools to silent tracking and malware at scale, today’s stories reveal how quickly risk is evolving — especially as AI races ahead of controls.
Read past newsletters here.
|
|
|
Here’s what you need to know:
|
|
|
Fortinet EMS Vulnerability Under Active Exploitation
|
A FortiClient EMS vulnerability is already being actively exploited, with attackers observed probing systems days before disclosure.
The flaw (CVE-2026-35616) allows unauthenticated API access, enabling attackers to execute commands, escalate privileges, and potentially control endpoint security at scale.
|
Fortinet released a hotfix for the issue over the holiday weekend.
Apply the EMS hotfix immediately, restrict access to internal or VPN-only networks, and continuously monitor logs and permissions for signs of unauthorized API activity or persistence.
|
LinkedIn Accused of Extensive Browser Tracking
|
LinkedIn is drawing scrutiny after a report alleges it can detect thousands of browser extensions and collect detailed device-level data from users without clear visibility.
The technique scans thousands of extensions and device signals, raising concerns that routine browsing on identity-linked platforms could unintentionally expose enterprise tools, workflows, and operational patterns.
In a message to BleepingComputer, LinkedIn denied the report claims and said the report was built by someone whose account was banned for violating their terms of service.
Standardize and restrict browser extensions, isolate sensitive workflows in hardened environments, and monitor for abnormal fingerprinting or extension enumeration activity.
|
Millions Exposed by Google Play Malware
|
Dozens of Android apps on Google Play were found distributing NoVoice malware, quietly infecting over 2.3 million devices before removal.
The campaign bypassed Play Store defenses with dormant code that activates post-install, targeting outdated devices for root access, persistence, and data exfiltration.
Google has since removed the apps from the Play store.
Enforce OS update compliance across all Android devices and restrict app installations to trusted publishers while monitoring for unusual device behavior like reboots or battery drain.
|
|
|
How locked down are your mobile devices?
|
|
|
Yesterday's Pulse Check Results
|
Insider Threat Reality Check: How exposed is your organization?
|
|
|
Security Tools You Can Use
|
|
|
|
AI Governance Falls Behind Rapid Adoption
|
A new report reveals that organizations are overestimating their ability to manage AI risk despite widespread adoption.
While most enterprises claim strong AI visibility, many still report shadow AI and inventory gaps, revealing a disconnect between perception and control.
|
As AI embeds into development and autonomous systems, weak governance raises risks of data exposure, vulnerable code, and expanding attack surfaces — especially as adoption outpaces security.
Continuously monitor all AI usage, enforce least-privilege controls, and leverage DevSecOps tools for early code scanning and runtime monitoring to detect data exposure and anomalous behavior.
|
Agentic AI Reshapes Enterprise Security
|
Security researchers are warning that traditional security models are failing as agentic AI reshapes how risk operates across enterprise environments.
AI shifts risk to the data layer, where untrusted inputs can alter behavior and lead to privilege escalation, data leakage, or system compromise.
This creates challenges for organizations lacking AI expertise, as static controls fail to address dynamic trust, increasing the risk of exposing critical systems as adoption accelerates.
Apply zero trust principles to AI by segmenting agent capabilities, enforcing data provenance checks, and restricting high-privilege actions based on input trust levels.
|
|
|
Migration doesn’t eliminate risk, it redistributes it.
On April 9, 2026 at 11:00 AM ET, Rewind will explore how to secure DevOps cloud transformations with validated backup, retention governance, and recovery planning.
Don’t wait for an audit or outage to expose gaps.
|
|
|
Could Your APIs Be an Entry Point?
|
APIs have become a primary attack surface as rapid adoption of integrations, microservices, and AI — combined with weak authentication, excessive permissions, and limited visibility — makes them a common entry point for threat actors.
|
- Enforce strong authentication, least privilege, and use privileged access management solutions to prevent unauthorized use and limit impact if compromised.
- Implement rate limiting and continuous monitoring to detect and block abuse, anomalies, and suspicious API activity.
- Validate all inputs and outputs while using API gateways or security tools to centralize control and prevent data exposure.
|
APIs are essential to modern environments, and strengthening controls, visibility, and secure design can help reduce risk while maintaining their flexibility.
|
|
|
|
|
Ken Underhill is an award-winning cybersecurity professional, bestselling author, and seasoned IT professional. He holds a graduate degree in cybersecurity and information assurance from Western Governors University, bringing years of hands-on experience to the field.
|
|
|
Cybersecurity Insider is a TechnologyAdvice business
|
© 2026 TechnologyAdvice, LLC. All rights reserved.
|
TechnologyAdvice, 3343 Perimeter Hill Dr., Suite 215, Nashville, TN 37211, USA.
|
|
|
|
