Critical FortiClient EMS Flaw Actively Exploited, Emergency Patch Released — BleepingComputer

Fortinet has issued an emergency patch for a critical vulnerability in FortiClient Enterprise Management Server (EMS), identified as CVE-2026-35616. This flaw is actively being exploited in the wild, posing a significant risk to enterprise networks using this software. The vulnerability allows remote attackers to execute arbitrary code, potentially leading to unauthorized access and data breaches. Security teams should prioritize applying the patch to mitigate this threat.

DPRK Social Engineering Operation Behind $285 Million Drift Hack — The Hacker News

A sophisticated North Korean social engineering operation, conducted over six months, culminated in the theft of $285 million from Drift. The attack highlights the persistent threat posed by nation-state actors using social engineering to breach financial platforms. This incident underscores the importance of robust security awareness training and multi-layered security controls to defend against advanced persistent threats (APTs).

• Traffic violation scams switch to QR codes in new phishing texts [BleepingComputer]
• NetScaler ADC および NetScaler Gateway に境界外読み取りの脆弱性 - Excite エキサイト [Google News Security (JP)]
• 金融庁、仮想通貨のサイバーセキュリティ強化方針を公表 - Cryptonews [Google News Security (JP)]
• Hackers exploit React2Shell in automated credential theft campaign [BleepingComputer]
• 36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants [The Hacker News]