Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CVE-2026-24858 is an authentication bypass vulnerability affecting FortiCloud’s Single Sign-On (SSO) implementation. Under certain conditions, the flaw allows an unauthenticated attacker to bypass standard authentication checks and gain access to FortiCloud services without valid credentials. The root cause is tied to insufficient validation within the SSO authentication flow, where trust boundaries between identity assertions and session establishment are not enforced strictly enough.

See how Torq harnesses AI in your SOC to detect, prioritize, and respond to threats faster. Request a Demo This article was originally published on Security Info Watch. Running a SOC has never been cheap — but in 2026, it’s become unsustainable. The combination of surging alert volumes, rising labor costs, sprawling tool stacks, and skyrocketing breach expenses has pushed the traditional model to the breaking point.

In January 2026, the AV-TEST Institute published results from a rigorous advanced threat protection (ATP) test that examined how effectively current security products defend Windows systems against sophisticated malware attacks. As attackers increasingly leverage legitimate features and subtle techniques to penetrate defenses, this test provides insight into which solutions can truly recognize and mitigate these threats.

For the fifth consecutive year, CRN has recognized Alex Ruslyakov as a Channel Chief. The honor for 2026 highlights Ruslyakov’s continued commitment to helping managed service providers (MSPs) deliver modern cyber protection successfully year after year. The annual CRN Channel Chiefs list spotlights the most influential leaders across the IT channel, celebrating those who champion collaboration, drive innovation and empower their partners and customers to achieve shared success.

Executive Summary: The Notepad++ update process was compromised by a supply chain attack, and users are strongly advised to upgrade to version 8.8.9 or later to ensure their security.

Netwrix found that SafeNet Agent for Windows Logon versions 4.0.0–4.1.2 create an insecure AD CS certificate template by default, enabling an ESC1 path that allows any authenticated user to escalate to Domain Admin. Thales fixed the issue in version 4.1.3 by restricting certificate enrollment to the NDES service account.

If you’re a founder or engineering leader at a growing startup, you’re probably familiar with this tension: You need compliance like SOC 2 to close deals, but earning it pulls your team away from building your product. ‍ For example, manual SOC 2 prep forces engineers to spend weeks collecting screenshots, tracking down documentation, and responding to auditors instead of shipping features.

If your organization uses public cloud services or frequently spins up short‑lived web assets, there’s a good chance you already have at least one "dangling"DNS record. It's surprisingly easy to create one, and even easier to forget it exists. But a single forgotten record can give attackers a ready-made subdomain to host phishing pages, allow them to plant malware, or hijack your brand's reputation–without ever touching your infrastructure.

Last July, I traveled with my wife and two-year-old daughter to my parent’s house on the coast for a week of summertime fun-in-the-sun. It’s a trip we try to make at least once a year to escape the day-to-day grind, see family, and lounge beside various bodies of water, all while enjoying complimentary, around-the-clock childcare (aka grandparents). At least that was the plan. Instead, I awoke on the very first morning of our trip feeling just about as sick as I’ve ever felt.

Few cybersecurity knowledge repositories are as broad, deep, or widely respected as LevelBlue Security Colony. Industry analyst firm IDC has recognized the value of Security Colony, noting that clients and other organizations interested in understanding their cybersecurity posture download thousands of resources each month, many of which are available at no cost.