🤠 Oracle Fires 30K Via 6AM Email, Fortinet's On Fire Again, and Chrome's 4th Zero-Day of 2026

Sponsored by

This is an IT Support Group

Weekly IT Roundup 🤠

Oracle axes 30K via 6AM email, Fortinet's on fire (again), and Big AI teams up against copycats

GM IT pros!

Happy Friday! Here's this week's IT roundup.

-Stetson

Tech News TL;DR

This week's IT and tech news in 5-minutes-ish or less

🔒 CYBER-SECURITY NIGHTMARES

Because sleep is overrated anyway...

🚨 Fortinet Drops Another "Oh No" Hotfix
Fortinet rushed emergency patches for CVE-2026-35616, a 9.1 CVSS pre-auth bypass in FortiClient EMS that attackers started exploiting on March 31, days before Fortinet even posted the advisory. CISA gave feds until April 9 to patch, which is... today. Good luck. Read more

🌐 Chrome Zero-Day #4 of 2026 (We're Only in April)
Google shipped an emergency patch for CVE-2026-5281, a use-after-free in Dawn/WebGPU that's already being exploited in the wild. That's four actively exploited Chrome zero-days in four months — at this pace, we're getting a Zero-Day Advent Calendar by December. Read more

🔓 Cisco Patches Two 9.8 CVSS Monsters
Cisco dropped fixes for CVE-2026-20093 (IMC auth bypass that lets anyone rewrite the admin password via crafted HTTP request) and CVE-2026-20160 (SSM On-Prem RCE as root). Both are 9.8 CVSS because of course they are. Patch your fleet or start practicing your "how did this happen" face for management. Read more

📦 Adobe Leaks 13 Million Support Tickets
Adobe confirmed a breach exposing 13 million customer support tickets, 15,000 employee records, internal docs, and — chef's kiss — their bug bounty program submissions. So the people reporting vulnerabilities just got a vulnerability. Very meta. Read more

📱 Odido Coughs Up 6.2M Customer Records
Dutch carrier Odido disclosed a breach affecting up to 6.2 million customers, with attackers grabbing names, addresses, IBANs, passport details, and driver's license info. Basically everything you'd need to open a credit line in someone else's name. Read more

☁️ CLOUD CHAOS

Where your data goes to party without you

🤖 Azure OpenAI Gets the Hiccups
Azure's OpenAI Service spent March 9-10 vomiting HTTP 400s and 429s at GPT-5.2 users across Australia East, Central US, East US 2, Korea Central, and half of Europe. Nothing instills confidence in your "AI transformation" like your LLM returning error codes. Read more

🔮 Forrester: Buckle Up, More Outages Coming
Forrester is predicting at least two multi-day hyperscaler outages in 2026 as AWS/Azure/GCP pour capex into AI buildouts and starve the legacy plumbing. Translation: the thing running your prod is duct-taped while the shiny AI stuff gets a new data center. Read more

🧱 Broadcom Pitches Kubernetes on VMware VCF
At KubeCon Europe, VMware rolled out expanded OS support for VKS cluster nodes — now with RHEL 9 alongside Photon, Ubuntu, and Windows Server. Broadcom's big pitch: "please don't leave us for the hyperscalers." The great VMware exodus continues anyway. Read more

🐧 Ubuntu 26.04 LTS Beta Ships With Kernel 7.0
Ubuntu 26.04 LTS is in beta and lined up for April 23 with Linux 7.0, GNOME 50, and Mesa 26. Start booking those upgrade nights now, and warn your users about the reboot before they open an end-of-quarter spreadsheet — not after. Read more

🏢 BUSINESS SHENANIGANS

Corporate chaos you need to know about

📧 Oracle Fires 30,000 With a 6 AM Form Email
Oracle laid off around 30,000 employees globally — roughly 18% of its workforce — via termination emails that hit inboxes at 6 AM Tuesday under the signature "Oracle Leadership." The cuts are projected to free up $8-10B for AI data center capex. Nothing says "we value our people" like being replaced by a GPU budget line item. Read more

📉 2026 Tech Layoffs Cruise Past 85,000
Cumulative 2026 tech layoffs have now passed 85,000 workers across 80+ companies, with more than 52,000 cuts in Q1 alone. Amazon ditched 16K corporate roles in January, Microsoft is cutting 9K, and Oracle's bombshell single-handedly made April the worst month yet. The "we're a family" emails must have gotten lost in the mail. Read more

🩹 Microsoft Patch Tuesday Looms (Again)
Next Patch Tuesday lands April 14 and analysts are expecting 80-100+ CVEs. This is the first Patch Tuesday after March's parade of broken updates — KB5079391 pulled within 24 hours, KB5079473 breaking Microsoft account sign-in, emergency patches fixing emergency patches. Maybe let it bake on a test ring this time. Wild concept, I know. Read more

💼 GitHub Copilot Now Trains on Your Code by Default
GitHub quietly updated its privacy policy: starting April 24, inputs, outputs, code snippets, and context from Copilot Free, Pro, and Pro+ users will train Microsoft's AI models unless you opt out. Business and Enterprise users are exempt. Translation: if you're not paying extra, you're the training data. Read more

📅 Microsoft 365 Copilot Shuffles In-App Access
Starting April 15, Microsoft is changing how Copilot Chat appears inside some Microsoft 365 apps. The web Copilot interface still works, but the in-app surface is getting rearranged. Expect at least a dozen "where did the Copilot button go" tickets. Read more

🤖 AI TAKING OVER

Our future robot overlords are getting smarter

🕵️ OpenAI, Anthropic, and Google Form "Stop Copying Us" Club
OpenAI, Anthropic, and Google announced they're sharing intelligence via the Frontier Model Forum to stop Chinese AI firms from stealing models via adversarial distillation. Anthropic says it caught 16 million such exchanges from three Chinese companies running ~24,000 fake accounts. The AI arms race now has its own counter-intelligence department. Read more

💥 Claude Takes Two Naps in Two Days
Anthropic's Claude hit back-to-back outages on April 6 and April 7, with thousands of users staring at error screens for about two hours each incident. If your devs suddenly got productive again this week, that's why. Read more

🎭 Anthropic's "Claude Mythos" — Too Dangerous to Ship
Anthropic is testing an internal frontier model called "Claude Mythos" that reportedly represents a "step change in capabilities" — but it won't be publicly released due to cybersecurity risks. It's only available to select partners under "Project Glasswing." Nothing hypes a product like "so powerful we can't let you have it." Read more

📊 Claude App Downloads Briefly Dethrone ChatGPT
Anthropic's Claude mobile app briefly passed ChatGPT on the App Store for the first time this week. Turns out "it writes code well" is a killer feature among the people who make apps. Read more

☠️ Flowise AI Platform Has a Perfect 10.0 Code Injection Bug
Threat actors are actively exploiting CVE-2025-59528 in Flowise, an open-source AI platform, scoring a flawless 10.0 CVSS and resulting in remote code execution. If you stood up a Flowise instance "just to try it," go check on it. Now. Read more

🔧 MISC TECH MADNESS

The weird stuff that doesn't fit anywhere else

🐧 Linux 7.0 Lands Mid-April (Yes, 7.0)
Linus confirmed the next kernel bumps straight to 7.0 — expected between April 12 and April 19. Rust support is officially complete, container creation is 40% faster via OPEN_TREE_NAMESPACE, and Redis benchmarks got a 20% speed boost. Large memory allocations dropped from 3.6s to 0.43s. Not bad for a point-release in disguise. Read more

🔁 Microsoft Now Force-Upgrading Unmanaged 24H2 PCs
Microsoft has started forcibly upgrading unmanaged Windows 11 24H2 machines to newer builds. If you run a "bring your own device" shop or have shadow IT rigs floating around, expect surprise reboots to become surprise tickets Monday morning. Read more

🥷 Shell Samurai: Learn Linux Without Breaking Prod
Want to actually get good at the terminal before Linux 7.0 drops and everyone asks you why systemctl is yelling? Shell Samurai teaches Linux through hands-on practice in a safe sandbox. Built by yours truly. Shameless plug, zero regrets. Check it out at shellsamurai.com or jump straight in at app.shellsamurai.com.

That's the roundup for this week. Patch what Cisco told you to patch, check on your Fortinet boxes, and maybe don't stand up any new Flowise instances until that 10.0 is behind you.

Stay paranoid. Stay patched. See you next Friday 🤠

P.S. — One sponsor below before you go. I read every pitch before I ship it; the one down there made the cut. Ten seconds, then you're free for the weekend.

Your Kafka Bill Is an Architecture Problem

More than 80% of Kafka costs aren't hardware – they're interzone networking fees. WarpStream BYOC eliminates them entirely by replacing stateful brokers with stateless agents that write directly to your own object storage. 

No disks, no inter-AZ replication, no partition fees. Goldsky cut TCO by 90%+. Your existing clients keep working – just point them at a new URL. 

Learn how it works, then sign up for free. Get $400 in credits that never expire. No credit card required to start.

Learn More