The Hacker News

Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

FortiClient EMS flaw CVE-2026-35616 enabled malware delivery via fake updates, risking credential theft across endpoints.
CSO Online

Flowise’s MCP implementation can run ghost commands

A 9.9-severity vulnerability in Flowise’s MCP stdio implementation can allow attackers to achieve remote code execution in ...
Bleeping Computer

Hackers exploit FortiClient EMS flaw to push infostealer malware

Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer called EKZ. The attacker ...

AI-built ransomware toolkit automates EDR evasion, AD discovery

A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade ...

Fake GTA 6, real malware: the new scam targeting Windows and Android

For several weeks now, multiple waves of fake GTA 6 betas have been circulating online, specifically targeting Windows and ...