Fortinet EMS Zero-Day Exploited, Anthropic's AI Finds Thousands of Bugs, and Iranian Hackers Target US ICS
Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst
Host David Shipley reports Fortinet issued emergency hotfixes for a new actively exploited FortiClient EMS unauthenticated RCE zero-day (CVE-2026-35616) affecting 7.4.0.5/7.4.0.6, with over 2,000 exposed instances online and a full fix coming in 7.4.0.7. Anthropic says its Claude "Mythos" model (Project Glasswing) has found thousands of high-severity zero days and demonstrated advanced exploit chaining and sandbox escape, but will not be released publicly; it is being used with major partners and funded with up to $100M in credits plus $4M for open-source security. A postmortem details a North Korea–linked social-engineering supply-chain breach of Axios on NPM, part of a broader campaign spreading 1,700+ malicious packages across multiple ecosystems. US agencies warn Iranian-linked hackers are targeting Rockwell/Allen-Bradley PLCs in critical infrastructure. The White House proposes a $707M cut to CISA, reducing staffing while preserving $1.4B for core cybersecurity.
00:00 Headlines and Sponsor 00:55 Fortinet EMS Zero Day 03:21 AI Finds Zero Days 05:56 Axios Supply Chain Breach 08:02 North Korea Package Campaign 10:13 Iran Targets Industrial Control 12:22 CISA Budget Cuts Debate 14:05 Wrap Up and Thanks 14:59 Sponsor Message Meter
