Four infrastructure-security stories from early March 2026: AI attack tool CyberStrikeAI compromising 600 FortiGates, Cloudflare's split detection/blocking WAF architecture, standardization of TLS Encrypted Client Hello, and CISA's KEV addition for VMware Aria Operations.
An intrusion campaign that auto-scanned FortiGate in 106 countries using DeepSeek and Claude; Starkiller, a reverse-proxy PhaaS that nullifies MFA; Anthropic's Claude Code Security finding 500+ vulnerabilities in production OSS; and PayPal exposing SSNs for six months due to a coding mistake.
