Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A few days ago, I published a post about why OpenClaw feels like a portal to the future, and why that future is scary in a very specific way.

In security, we never assume perfection. We assume zero-trust, and we design controls to limit the blast radius. That mindset is missing from many OpenClaw deployments today. It is almost impossible not to hear about the new personal AI assistant, OpenClaw (formerly known as ClawdBot and MoltBot). Since its release in November 2025, it has taken the tech world by storm, rapidly accumulating well over 100,000 stars, tens of thousands of forks, and millions of visitors.

CVE-2026-24858 is an authentication bypass vulnerability affecting FortiCloud’s Single Sign-On (SSO) implementation. Under certain conditions, the flaw allows an unauthenticated attacker to bypass standard authentication checks and gain access to FortiCloud services without valid credentials. The root cause is tied to insufficient validation within the SSO authentication flow, where trust boundaries between identity assertions and session establishment are not enforced strictly enough.

In January 2026, the AV-TEST Institute published results from a rigorous advanced threat protection (ATP) test that examined how effectively current security products defend Windows systems against sophisticated malware attacks. As attackers increasingly leverage legitimate features and subtle techniques to penetrate defenses, this test provides insight into which solutions can truly recognize and mitigate these threats.

For the fifth consecutive year, CRN has recognized Alex Ruslyakov as a Channel Chief. The honor for 2026 highlights Ruslyakov’s continued commitment to helping managed service providers (MSPs) deliver modern cyber protection successfully year after year. The annual CRN Channel Chiefs list spotlights the most influential leaders across the IT channel, celebrating those who champion collaboration, drive innovation and empower their partners and customers to achieve shared success.

Executive Summary: The Notepad++ update process was compromised by a supply chain attack, and users are strongly advised to upgrade to version 8.8.9 or later to ensure their security.

Netwrix found that SafeNet Agent for Windows Logon versions 4.0.0–4.1.2 create an insecure AD CS certificate template by default, enabling an ESC1 path that allows any authenticated user to escalate to Domain Admin. Thales fixed the issue in version 4.1.3 by restricting certificate enrollment to the NDES service account.

If you’re a founder or engineering leader at a growing startup, you’re probably familiar with this tension: You need compliance like SOC 2 to close deals, but earning it pulls your team away from building your product. ‍ For example, manual SOC 2 prep forces engineers to spend weeks collecting screenshots, tracking down documentation, and responding to auditors instead of shipping features.

If your organization uses public cloud services or frequently spins up short‑lived web assets, there’s a good chance you already have at least one "dangling"DNS record. It's surprisingly easy to create one, and even easier to forget it exists. But a single forgotten record can give attackers a ready-made subdomain to host phishing pages, allow them to plant malware, or hijack your brand's reputation–without ever touching your infrastructure.

Last July, I traveled with my wife and two-year-old daughter to my parent’s house on the coast for a week of summertime fun-in-the-sun. It’s a trip we try to make at least once a year to escape the day-to-day grind, see family, and lounge beside various bodies of water, all while enjoying complimentary, around-the-clock childcare (aka grandparents). At least that was the plan. Instead, I awoke on the very first morning of our trip feeling just about as sick as I’ve ever felt.