Security news.
Today's cybersecurity landscape is marked by active exploitation of critical vulnerabilities, significant data breaches, and the increasing sophistication of AI-powered cyberattacks. Organizations are urged to patch systems promptly and remain vigilant against evolving threats.
Hackers exploit FortiClient EMS flaw to push infostealer malware
Threat actors are actively exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer called EKZ.
Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code
A critical, unpatched vulnerability in the Gogs open-source self-hosted Git service allows any authenticated user to achieve remote code execution (RCE) under certain conditions.
Carnival Data Breach Exposed 6 Million People
Carnival Corporation confirmed a data breach affecting nearly 6 million people, which was claimed by the ShinyHunters extortion gang in April 2026.
Russia-Linked ‘GreyVibe’ Attackers Use AI to Supercharge Cyberattacks
Researchers warn that the GreyVibe group's extensive use of ChatGPT, Gemini, and other AI tools offers a glimpse into how future cybercriminal and state-aligned groups will operate.
FBI warns of fake FIFA websites running World Cup fraud schemes
The FBI is cautioning about fraudulent websites impersonating FIFA ahead of the 2026 World Cup, designed to steal personal and financial information, sell fake tickets, and promote other related scams.
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added CVE-2026-8398 (Daemon Tools Lite), CVE-2026-45321 (TanStack), and CVE-2026-48027 (Nx Console) to its KEV Catalog, urging federal agencies to patch these actively exploited flaws.
Ransomware Actors Show Up In Person to Steal Law Firm Data
The FBI has warned that the Silent Ransom Group is targeting law firms, using social engineering to gain physical access to servers and databases to steal data.
GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
CrowdStrike, Google, and the Shadowserver Foundation have disrupted all command-and-control channels associated with GlassWorm, a persistent supply chain campaign targeting software developers.