Critical FortiClient EMS Flaw Exploited for Credential Theft — The Hacker News

Threat actors are actively exploiting a critical authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deploy credential-stealing malware. The flaw allows attackers to bypass authentication mechanisms and execute arbitrary code. This vulnerability has been patched, but organizations using FortiClient EMS must apply the update immediately to mitigate ongoing exploitation risks. Monitoring for indicators of compromise is essential to prevent data breaches.

Carnival Corporation Data Breach Exposes 6 Million Records — BleepingComputer

Carnival Corporation has confirmed a data breach affecting nearly 6 million individuals, exposing sensitive personal information such as names, addresses, and government ID numbers. The breach was reportedly executed through a social engineering attack that tricked an employee. This incident highlights the need for robust security training and awareness programs to defend against social engineering tactics. Affected individuals should monitor for signs of identity theft.

• Anthropic confirms Claude Mythos-class models will roll out to the public [BleepingComputer]
• GreyVibe hackers use ChatGPT, Gemini to power cyberattacks [BleepingComputer]
• New Gogs zero-day flaw lets hackers get remote code execution [BleepingComputer]
• JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware [The Hacker News]