Patching can't wait.

Fortinet releases an emergency update for a critical vulnerability. A major outage disrupts Russian banking apps. A new report highlights critical skills gaps. CyberCorp scholars struggle to secure jobs. Scammers use QR codes in fake traffic violation schemes. A proposed lawsuit accuses Perplexity of oversharing users’ AI transcripts. Cambodia outlaws scam centers. Scammers impersonate Harvard IT staff. With “wrench attack” threats of violence, life imitates art. Kevin Magee from Microsoft for Startups describes emerging trends. On Afternoon Cyber Tea with Ann Johnson, Ann speaks with Allie Mellen about her new book "Code War: How Nations Hack, Spy, and Shape the Digital Battlefield." Users find Copilot’s terms of use highly entertaining.

Today is Monday April 6th 2026. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Fortinet releases an emergency update for a critical vulnerability. 

Fortinet has released an emergency update for a critical FortiClient Enterprise Management Server vulnerability that attackers are already exploiting in the wild.

Tracked as CVE-2026-35616, the improper access control flaw lets unauthenticated attackers execute code through crafted requests. The issue affects FortiClient EMS versions 7.4.5 and 7.4.6. Researchers observed zero-day exploitation earlier this week. Shadowserver reports more than 2,000 exposed instances online.

Exposed management servers can enable rapid enterprise compromise. Fortinet urges immediate hotfix installation or upgrade to version 7.4.7.

A major outage disrupts Russian banking apps. 

A major outage disrupted banking apps and card payments across Russia, blocking transactions, ATM withdrawals, and transit fares in several regions, including Moscow.

The incident affected major banks including Sberbank, VTB, Alfa-Bank, T-Bank, and Gazprombank. Metro turnstiles reportedly stopped accepting cards, forcing staff to allow passengers through. The cause remains unclear. Some reports linked the disruption to internet regulator Roskomnadzor blocking infrastructure addresses or VPN services, while officials reportedly cited an internal Sberbank failure. Sberbank confirmed the outage but did not explain the cause.

Centralized payment infrastructure can create systemic disruption risk. The incident also reflects tightening Russian internet controls, including proposed “whitelist” access restrictions during disruptions.

A new report highlights critical skills gaps. 

A new SANS Institute and GIAC report finds the cybersecurity workforce crisis is shifting from staffing shortages to critical skills gaps that are already contributing to breaches.

About 60% of organizations report their teams lack necessary capabilities, while 27% link breaches directly to those gaps. Regulatory pressure influencing hiring surged from 40% to 95% in one year. At the same time, 74% of teams say artificial intelligence is reshaping workforce structure, reducing some entry-level roles while increasing demand for AI security specialists and governance expertise.

The report also finds workforce strain is slowing operations. About 57% of organizations report delayed projects, 47% report slower incident response, and 42% say skills gaps limit monitoring and technology adoption. Only 19% consider their teams fully skilled.

Workforce capability gaps now represent a direct security risk, especially in critical infrastructure environments. The report warns organizations must prioritize structured training, certification, and AI governance to maintain operational resilience as regulatory demands and automation reshape cyber roles.

CyberCorp scholars struggle to secure jobs. 

CyberCorps scholarship recipients are struggling to secure required federal cybersecurity jobs, raising concerns about a weakening talent pipeline into government service.

At a recent virtual CyberCorps career fair, only about 40 agencies participated, down from more than 75 typically attending in person. Many agencies lacked cybersecurity openings or directed applicants to USAJobs instead. Scholars must secure qualifying roles within 18 months or risk repaying scholarships that can total hundreds of thousands of dollars. Some graduates now report considering private sector jobs amid limited entry-level federal opportunities and lingering effects from last year’s hiring freeze and workforce cuts.

CyberCorps has long supplied early-career cybersecurity talent to federal agencies. Reduced hiring access could undermine workforce development and discourage future public service participation despite continued policy emphasis on expanding cyber capacity.

Scammers use QR codes in fake traffic violation schemes. 

Scammers are impersonating state courts in new text message campaigns that pressure recipients to scan QR codes tied to fake traffic violation notices.

The messages claim recipients owe $6.99 for unpaid toll or parking violations and include images of alleged court warnings. Scanning the QR code redirects victims through a CAPTCHA to phishing sites impersonating state agencies, where attackers collect personal and credit card data. Reports span multiple states, including New York, California, and Texas.

QR code delivery helps evade detection and enables credential theft at scale. State agencies warn they do not request payments by text message.

A proposed lawsuit accuses Perplexity of oversharing users’ AI transcripts. 

A proposed class action lawsuit alleges Perplexity shared users’ AI chat transcripts, including sensitive personal information, with Google and Meta without their knowledge or consent.

The complaint claims prompts, follow-up questions, and full conversations were transmitted through advertising trackers such as Meta Pixel and Google Ads, even when users enabled Incognito Mode. The lawsuit alleges financial and health-related queries were exposed and says non-subscribed users faced broader sharing risks. The case covers chats from December 2022 through February 2026 and accuses the companies of failing to disclose tracking practices.

Undisclosed sharing of AI chat transcripts could expose sensitive research behavior and personal data at scale. The lawsuit highlights growing privacy risks as users increasingly rely on conversational search tools.

Cambodia outlaws scam centers. 

Cambodia has passed its first law specifically targeting online scam centers, introducing prison sentences and fines for operators as authorities expand a nationwide crackdown.

The legislation sets penalties of two to five years in prison and fines up to $125,000 for online scam offenses, with harsher penalties for gang activity or large-scale victimization. The law also targets money laundering, data harvesting, and recruitment tied to scam operations. Officials say the measure supports a broader campaign to dismantle hundreds of suspected scam sites following international sanctions and criticism.

Southeast Asian scam compounds have become a major source of global cyber-enabled fraud. Formal criminal statutes may strengthen enforcement and signal increased regional pressure on organized fraud networks.

Scammers impersonate Harvard IT staff. 

Harvard University is warning affiliates about an active social engineering campaign in which attackers impersonate IT staff to steal login credentials and sensitive data.

Officials say attackers are directing targets to fraudulent websites or urging them to join live calls to capture credentials. The alert follows similar activity reported at University of Pennsylvania and comes after recent phishing and breach-related incidents affecting Harvard systems.

Targeted impersonation attacks can bypass technical defenses by exploiting user trust. Harvard urges affiliates to avoid unsolicited IT contacts and report suspected activity immediately.

With “wrench attack” threats of violence, life imitates art. 

A series of violent “wrench attacks” targeting cryptocurrency holders in San Francisco, San Jose, Sunnyvale, and Los Angeles has raised concerns about physical threats tied to digital asset theft.

In one case, attackers posing as delivery drivers forced entry into a San Francisco home and stole about $13 million in Bitcoin and Ethereum after threatening the victim. Investigators believe suspects sometimes accessed victims’ delivery accounts to obtain addresses. Authorities arrested multiple suspects linked to several incidents, though investigators, including the Federal Bureau of Investigation, suspect higher-level organizers may be involved.

Cryptocurrency’s irreversible transfers can make holders attractive targets for coercion-based theft, expanding cyber risk into the physical domain. “Wrench attack” refers to a famous XKCD comic which we will link in the show notes. 

Biz Briefing

Recent cybersecurity investment and acquisition activity reflects continued momentum around artificial intelligence, insider risk, and platform consolidation across the sector.

Censys raised $70 million to support global expansion, while Above Security emerged from stealth with $50 million for insider risk capabilities. Variance secured $21.5 million to expand investigative AI agents for financial institutions. On the acquisition side, Airbus agreed to acquire Ultra Cyber to strengthen sovereign cyber capabilities, and Rapid7 acquired Kenzo Security to advance AI-driven detection and response operations. Databricks also acquired Antimatter and SiftD.ai to enhance authentication and threat analytics for AI systems.

Investment and consolidation activity increasingly centers on agentic AI security, zero trust networking, and compliance-driven platforms, signaling a shift toward automation-heavy security operations architectures.

Users find Copilots terms of use highly entertaining. 

Microsoft is drawing renewed attention to Copilot’s terms of use, which plainly warn the AI assistant is “for entertainment purposes only” and may not work as intended.

The notice, unchanged since late 2025, resurfaced online after users rediscovered language advising people not to rely on Copilot for important decisions. Microsoft has repeatedly issued similar cautions during demonstrations, emphasizing human verification is required. Comparable limits appear elsewhere in the industry, reinforcing that even “Pro”-branded AI tools may still discourage professional reliance.

Vendor disclaimers quietly undercut the “genius in every laptop” narrative. The reminder is simple: AI assistants can be useful, occasionally impressive, and confidently wrong in equal measure.

As the great philosopher Tom Waits stated, the large print giveth and the small print taketh away.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re proud that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K helps cybersecurity professionals and organizations grow, learn, and stay ahead. We’re the nexus for discovering the people, tech, and ideas shaping the industry.  Learn how at n2k.com.

 

N2K’s lead producer is Liz Stokes. We’re mixed by  Tré Hester, with original music by and sound design Elliott Peltzman. Our contributing host is Maria Varmazis. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher. And I’m Dave Bittner. Thanks for listening.