Cybersecurity Brief – April 5, 2026

Active Exploitation and Critical Infrastructure Vulnerabilities

Fortinet has confirmed active exploitation of CVE-2026-35616 affecting FortiClient EMS and released an emergency hotfix ahead of the full patch in version 7.4.7. The company has not disclosed exploitation details or attacker attribution, but the rapid response suggests significant risk to enterprise environments relying on the endpoint management platform. Organizations should prioritize applying the hotfix immediately while awaiting the complete remediation.

Government and Healthcare Sector Incidents

Massachusetts' emergency communications system was compromised in a cyberattack affecting critical state infrastructure, though the full scope of the breach remains unclear. Separately, the Department of Transportation's inspector general identified systemic cybersecurity failures at the FAA, noting inadequate governance and transparency in protecting the National Airspace System—findings that elevate concerns about aviation infrastructure resilience. In the healthcare sector, TriZetto disclosed a breach exposing 3.4 million patient records including names, birth dates, Social Security numbers, and insurance information, marking another significant compromise of sensitive healthcare data. These incidents underscore persistent security gaps across critical infrastructure sectors that require coordinated remediation efforts.

Sources: The Hacker News · The Record · FedScoop · Fox News