Active exploit
May 2026
Fortinet CVE-2024-21762: Still Unpatched at 12% of Organizations We Scan
The critical FortiOS authentication bypass used by Volt Typhoon is still live at roughly one in eight organizations in our dataset. Here's what it looks like, how to check if you're exposed, and why patching alone isn't enough.
Compliance deadline
May 2026
CMMC 2.0 Phase 2: November 2026 and the 4.7 Gaps We Find Per Contractor
DoD contractors have until November 10, 2026 to achieve CMMC Level 2 certification or lose contract eligibility. Passive scanning across 2,600+ contractors shows what the most common gaps are — and they're fixable without major capex.
EU regulation
May 2026
NIS2 Directive: Fines Are Live and ISO 27001 Doesn't Cover You
NIS2 enforcement began October 2024. 18 critical sectors are in scope. The most common misconception we encounter from EU organizations: existing ISO 27001 certification does not satisfy NIS2 — the controls are different and the obligations are stricter.