◆ Fortinet Threat ResearchKEVEPSS 94%
FortiOS SSL-VPN authentication bypass — actively exploited
Critical pre-auth flaw (CVE-2026-1043) in FortiOS SSL-VPN, added to the CISA KEV catalog. EPSS 94%. Patch to 7.4.5 / 7.2.9 and rotate credentials on exposed appliances.
A product several of your accounts run is being actively exploited right now — a timely, credible reason to reach out this week and check they're patched.
◆ EU · Cyber NewsEU
NIS2 enforcement begins — regulators start issuing fines
First NIS2 penalties issued to essential-entity operators for inadequate incident reporting. Scope now covers managed service providers and their supply chains.
Regulatory pressure is turning into budget. Every EU account in scope now has board-level urgency — a clean opener for a security posture conversation.
◆ CrowdStrike Blog
Ransomware crew pivots to healthcare with new loader
New campaign chains a signed-driver loader with living-off-the-land discovery. Detection guidance + IOCs published; maps to MITRE T1543 / T1055.
Vendor momentum + a healthcare-sector hook: a concrete, current story to lead a QBR or a prospecting call into your health accounts.
◆ Zscaler ThreatLabz
New SSE data-protection capabilities announced
Inline DLP for GenAI apps + expanded CASB coverage. Relevant to SASE consolidation and shadow-AI governance conversations.
A launch you can take to accounts evaluating SASE — "your vendor just shipped the thing you asked about" is the easiest follow-up call there is.
A static preview. The live feed is personalised to the vendors, regions and role you pick.