← Latest brief

Security news.

·Afternoon Brief

Today's cybersecurity landscape is marked by active exploitation of critical vulnerabilities, significant data breaches, and the increasing sophistication of AI-powered cyberattacks. Organizations are urged to patch systems promptly and remain vigilant against evolving threats.

BLEEPINGMALWARE
May 28READ

Hackers exploit FortiClient EMS flaw to push infostealer malware

Threat actors are actively exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer called EKZ.

THNRCE
May 28READ

Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

A critical, unpatched vulnerability in the Gogs open-source self-hosted Git service allows any authenticated user to achieve remote code execution (RCE) under certain conditions.

SECURITYWEEKBREACH
May 28READ

Carnival Data Breach Exposed 6 Million People

Carnival Corporation confirmed a data breach affecting nearly 6 million people, which was claimed by the ShinyHunters extortion gang in April 2026.

SECURITYWEEKAI
May 28READ

Russia-Linked ‘GreyVibe’ Attackers Use AI to Supercharge Cyberattacks

Researchers warn that the GreyVibe group's extensive use of ChatGPT, Gemini, and other AI tools offers a glimpse into how future cybercriminal and state-aligned groups will operate.

BLEEPING
May 28READ

FBI warns of fake FIFA websites running World Cup fraud schemes

The FBI is cautioning about fraudulent websites impersonating FIFA ahead of the 2026 World Cup, designed to steal personal and financial information, sell fake tickets, and promote other related scams.

CISAKEV
May 27READ

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added CVE-2026-8398 (Daemon Tools Lite), CVE-2026-45321 (TanStack), and CVE-2026-48027 (Nx Console) to its KEV Catalog, urging federal agencies to patch these actively exploited flaws.

DARK READINGRANSOMWARE
May 27READ

Ransomware Actors Show Up In Person to Steal Law Firm Data

The FBI has warned that the Silent Ransom Group is targeting law firms, using social engineering to gain physical access to servers and databases to steal data.

THNSUPPLY CHAIN
May 27READ

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

CrowdStrike, Google, and the Shadowserver Foundation have disrupted all command-and-control channels associated with GlassWorm, a persistent supply chain campaign targeting software developers.

Generated twice daily from public security RSS feeds. Informational only.