Aggregated from vendor advisories, security research, and industry publications.
How should you shape your IT strategy around the possibility–or is it probability–that the AI economy is a true bubble and will burst soon? John Burke and Johna Johnson revisit the signs indicating that an AI bubble is in full swing and pointing to the potential for collapse in the near term. Doomsaying having been... Read more »
CVSSv3 Score: 5.4 An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNDR and FortiVoice may allow a remote authenticated attacker w…
CVSSv3 Score: 6.2 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiSOAR may allow an authenticated remote atta…
CVSSv3 Score: 7.3 A heap-based buffer overflow vulnerability [CWE-122] in FortiAnalyzer Cloud oftpd daemon may allow a remote unauthenticated attacker to execute arbitrary co…
CVSSv3 Score: 5.2 A use of hard-coded cryptographic key vulnerability [CWE 321] in FortiClientEMS may allow an attacker in possession of an encrypted dump of the database to…
CVSSv3 Score: 6.2 A Cleartext Transmission of Sensitive Information vulnerability [CWE-319] in FortiSOAR may allow an authenticated attacker to view cleartext password in re…
CVSSv3 Score: 5.4 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] in the command line interpreter of FortiOS, FortiPAM, FortiProxy …
CVSSv3 Score: 7.1 An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiClientEMS may allow an authenticated …
CVSSv3 Score: 6.7 An Improper authentication vulnerability [CWE-287] in FortiSOAR web GUI may allow an unauthenticated attacker to bypass authentication via replaying capture…
CVSSv3 Score: 4.9 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiSandbox and FortiSandbox Cloud may al…
CVSSv3 Score: 2.5 An Insufficiently protected credentials vulnerability [CWE-522] in FortiSanbox and FortiSanbox PaaS GUI may allow an authenticated administrator to read LDA…
CVSSv3 Score: 4.4 An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiWeb may allow a privileged authenticated attacker to perform a denial of service of the sy…
CVSSv3 Score: 6.2 A missing authentication for critical function vulnerability [CWE-306] in FortiOS and FortiSwitchManager CAPWAP daemon may allow a local unauthenticated att…
CVSSv3 Score: 4.3 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiSandbox and FortiSandbox Cloud may al…
On March 31, 2026, the Axios npm package was compromised via a maintainer account takeover. Two malicious versions were published - [email protected] and [email protected] - which introduced…
CVSSv3 Score: 6.2 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiSandbox, FortiSandbox Cloud, FortiSandbox P…
CVSSv3 Score: 4.1 A Storing Passwords in a Recoverable Format vulnerability [CWE-257] in FortiSOAR may allow an authenticated remote attacker to retrieve Service account pass…
CVSSv3 Score: 4.1 A Storing Passwords in a Recoverable Format vulnerability [CWE-257] in FortiSOAR may allow an authenticated remote attacker to retrieve passwords for multip…
CVSSv3 Score: 6.2 Multiple Relative Path Traversal vulnerabilities [CWE-23] in FortiWeb may allow a local privileged attacker to execute unauthorized code on the underlying s…
CVSSv3 Score: 9.1 A Path Traversal vulnerability [CWE-24] in FortiSandbox JRPC API may allow an unauthenticated attacker to bypass authentication via specially crafted HTTP …
CVSSv3 Score: 4.1 A Server-Side request forgery (SSRF) vulnerability [CWE-918] in FortiSOAR may allow an authenticated attacker to discover services running on local ports vi…
CVSSv3 Score: 7.9 An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiDDoS-F may allow an authenticated att…
CVSSv3 Score: 6.8 An improper neutralization of special elements used in an SQL command ('SQL injection') [CWE-89] in FortiAnalyzer, FortiAnalyzer Cloud, FortiManager and For…
Take a Network Break! We commence with a red alert on FastMCP, and then debate whether Anthropic’s Project Glasswing is a marketing stunt or a reasonable response to the growing ab…
Today we welcome Damien Garros, Co-Founder and CEO of OpsMill, to discuss how network automation is creating the need to redefine roles beyond traditional engineers, including netw…
On today’s sponsored episode we talk with David Gee, CEO at Curvium, a systems integrator and VAR. David holds thoughtful opinions about network automation and orchestration, how s…
Kevin and Alexis are back with a behind-the-scenes look at the podcast with guest Melina Bertholf, who joined the team a while back to help manage content. (And yes, sharp-eyed rea…
Vibe coding: give AI a description of what you want, the model writes the code, you ship it, and then you hope for the best. It works great for side projects, but it can fall apart…
Eric Chou is joined by Matt Campbell, a seasoned network engineer whose career has taken him into some of the most demanding and high-stakes environments around. Together they’ll e…
The best strategy in the world won’t succeed if a team falters operationally. But what is operational excellence, and what does it take to acquire it? Cal Poly faculty member (and …