🤠 Monday Morning Briefing: Patch Tuesday Eve, Fortinet On Fire, And Oracle's 30K Hangover

In partnership with

This is an IT Support Group

Monday Morning Briefing 🤠

Patch Tuesday eve, a Chrome zero-day still rattling around, Fortinet on fire, and the weekend's worth of chaos you missed.

GM IT pros!

Happy Monday. You survived the weekend — and more importantly, so did your tickets queue (probably). Here's the short, Monday-morning brief on what actually matters before you open Outlook and regret it.

-Stetson

Your Monday Morning Brief

The weekend's IT news in 5-minutes-ish or less

🔒 WEEKEND SECURITY WATCH

What tried to ruin your weekend while you were pretending to be off

🚨 Fortinet FortiClient EMS Is Still On Fire — Patch Now, Apologize Later
CISA added CVE-2026-35616 (CVSS 9.1) to the KEV catalog back on April 6, with a federal deadline of April 9 — which means if you're running FortiClient EMS 7.4.5 or 7.4.6, you are either already patched or you are already compromised. There's also CVE-2026-21643 hanging out in 7.4.4 for good measure. Attackers have been exploiting this since March 31. Check your version, then check it again. Read more

🌐 Chrome Zero-Day CVE-2026-5281 Still Wants Your Attention
Google's fourth Chrome zero-day of the year lives in the Dawn graphics component and is under active exploitation. CISA's KEV deadline is April 15 — that's Wednesday. If you haven't pushed the update through your fleet, this is your Monday-morning reminder that browsers are an endpoint and browsers count. Read more

🐛 GlassWorm Evolves, Now With Zig Dropper, Because Of Course
Researchers flagged a new GlassWorm variant on Friday using a Zig-based dropper to stealthily infect developer IDEs. The target: your devs' machines, which in most orgs are the softest, juiciest endpoint you own. Have a word with your engineering leads about extension hygiene this week. Read more

🧩 "AI Browser Extensions Are The Scariest Attack Surface In Your Network"
A LayerX report dropped Friday arguing that AI-powered browser extensions — the ChatGPT sidebars, the Copilot helpers, the "summarize this page" toys Jenny in marketing installed without asking — have become the single most dangerous attack surface most orgs have. The permissions model is a disaster, and nobody's reviewing them. Consider an extension policy audit this week. Read more

⚡ PATCH TUESDAY ON DECK

Tomorrow is Patch Tuesday. You know what to do. Or at least, you know who to blame when you don't.

📅 Microsoft April 2026 Patch Tuesday Drops Tomorrow
Based on Q1 trends, expect 80–100+ CVEs to land on April 14, with the usual suspects — Windows kernel, Office, and server components. Forecasters are also flagging a critical Windows 11 24H2/25H2 fix and a Teams Meeting add-in / old Outlook reconciliation. Clear your afternoon. Read more

🛡️ Cross-Signed Kernel Drivers Just Got Fired
The April 2026 Windows update ends trust for legacy cross-signed kernel drivers on Windows 11 24H2/25H2/26H1 and Server 2025. It's WHCP-signed or explicit allow-list from here. Translation: that one dusty vendor driver your 2014 inventory scanner needs? Test it in a lab before you push. Read more

🔐 Chrome's Device Bound Session Credentials Now GA On Windows
Google quietly made DBSC generally available to all Windows Chrome 146 users on Friday. It binds session tokens to the device's TPM, which makes stolen cookies way less useful for attackers. macOS support is coming. Nice. Now go make sure your IdP team knows it exists. Read more

🤖 AI TAKING OVER

Our future robot overlords had a busy weekend too

🤝 OpenAI, Anthropic, And Google Form The Anti-Distillation Alliance
The three frontier labs are now sharing intelligence through the Frontier Model Forum to detect "adversarial distillation" — i.e., Chinese competitors pumping their APIs to train cheaper clones. Anthropic alone says it documented 16 million unauthorized exchanges from DeepSeek, Moonshot AI, and MiniMax. The thing to notice: the labs have decided the real competitive moat is not the model, it's the data. Read more

💰 Anthropic Signs 3.5 GW Compute Deal With Google + Broadcom
Anthropic announced a monster compute expansion with Google and Broadcom last week — 3.5 gigawatts of capacity, mostly in the US, as part of its $50B commitment to US infra. 3.5 gigawatts is "small nuclear plant" territory. Your VDI farm is not prepared for the power grid these guys are going to eat. Read more

🔌 "AI Spend Will Hit $700B In 2026"
Fresh CNBC numbers have the Big Four hyperscalers — Microsoft, Meta, Amazon, Google — on track for nearly $700B in combined AI capex this year. Barclays is forecasting Meta's free cash flow will drop almost 90% as Zuck keeps feeding the H100 gods. Good news: your cloud bill is probably subsidizing that. You're welcome. Read more

🏢 BUSINESS BEAT

While you were at a barbecue, people were getting laid off

🪓 Oracle's 30K Layoff Is Officially The Biggest Of 2026
In case you were on a social-media detox: Oracle cut up to 30,000 jobs via a 6 AM email on March 31 — roughly 18% of the workforce — and the severance details are still trickling out. US workers got up to 26 weeks; India got four months. TD Cowen says the cuts are freeing $8–10B in cash for AI data center buildout. Nothing says "we believe in AI" like firing humans to pay for it. Read more

🏃 Western Union Is Leaving VMware For Nutanix
Western Union's head of technology services told the Nutanix .NEXT crowd the company is six months into migrating 900–1,200 apps off 3,900 cores of VMware because it "didn't want to do business with Broadcom." CloudBolt's 2026 survey now puts 86% of orgs actively reducing their VMware footprint. The exodus continues and nobody's surprised. Read more

📉 GoPro Cuts 23%, Pendo Cuts 10%
Two more for the tracker: GoPro is cutting 23% of its workforce as part of a restructuring (April 8), and Raleigh unicorn Pendo cut 10% (April 7). The running 2026 tally is ~146 layoffs and ~99K tech workers affected — averaging ~993 people a day. The "AI productivity gains" narrative is doing a lot of heavy lifting in those press releases. Read more

✈️ NAFCO, Gulfstream, And A County Get Ransomware'd
Over the last week: NAFCO (aerospace fasteners, 1000+ employees) hit by Worldleaks; Gulfstream Services in Louisiana hit by PLAY with SSNs, medical, and payment data exposed; and Middlesex County's town and public safety systems were crippled by an April 1 attack. Aerospace, energy, and local government — pick your flavor. Read more

🔧 MISC TECH MADNESS

The weird stuff that doesn't fit anywhere else

🇭🇺 Citizen Lab: Hungarian Intel Bought Surveillance From An Ad Network
Citizen Lab revealed over the weekend that Hungarian domestic intelligence and several other law-enforcement agencies have been using "Webloc," a global geolocation surveillance system built on top of the advertising ecosystem. If you ever wondered whether ad tech was a surveillance industry wearing a marketing hat — here's your answer, again. Read more

🐚 Shameless Plug: Shell Samurai
Monday-morning reminder that if you have junior admins who need to actually learn Linux (not just copy-paste from Stack Overflow), Shell Samurai teaches Linux through hands-on practice. Built by yours truly. Try the app here. Zero regrets.

LLM traffic converts 3× better than Google search

58% of buyers now start their research in ChatGPT or Gemini, not Google. Most startups aren't showing up there yet.

The ones that are get cited by the AI tools their buyers, investors, and future hires already use. And they convert at 3×.

Download the free AEO Playbook for Startups from HubSpot and get the exact steps to start showing up. Five minutes to read.

Get the free playbook

That's the Monday brief. Test your patches in a ring, not on the CFO's laptop, and remember: Patch Tuesday tomorrow, Chrome zero-day deadline Wednesday, and the coffee is already cold.

Stay paranoid. Stay patched. See you next Friday 🤠