Google’s threat researchers caught the first zero-day exploit they believe was built with AI assistance. The technique attackers used to get the AI to help is the part worth understanding.
Two critical unauthenticated vulnerabilities in Fortinet’s FortiClient EMS were actively exploited within weeks of each other in March and April 2026. Attackers timed the latest zero-day for Easter weekend. FortiClient EMS manages security policies, VPN configurations, and compliance controls across entire endpoint fleets, making it one of the highest-value targets in an enterprise environment.
Device code phishing has gone from a niche state-sponsored technique to a commoditized attack with at least 11 phishing kits and a 37x surge in 2026. The attack abuses the legitimate OAuth 2.0 Device Authorization Grant flow, routes victims through real Microsoft login pages, and bypasses MFA entirely. What practitioners need to understand.
On March 23, 2026, the FCC updated its Covered List to include every consumer-grade router produced outside the United States. New models can’t get FCC equipment authorization, which means they can’t be imported or sold here. Existing models already on shelves aren’t affected, and manufacturers can apply for a “Conditional Approval” exemption through the Department of War (formerly Department of Defense) or the Department of Homeland Security.
The ruling names the Volt, Flax, and Salt Typhoon campaigns as direct justification. And that’s where this gets interesting for anyone working in network security.
NHIs are the privileged service account problem reborn at 100x scale. Same mistakes, same inertia, same excuses. Except now the service account can reason, make decisions, and talk to other service accounts autonomously.