Breaking News – Cyber Threats (last 6h)
Generated: 2026-05-28 13:00 PDT
- Analysis of a Year of Files Uploaded to DShield Sensors, (Wed, May 27th)
SANS ISC Diary (full) • 2026-05-28 12:41 • isc.sans.eduUsing the data collected over the past year and using Kibana these two ES|QL query to summarize the data, this shows the list of the most uploaded threat to two DShield sensors (local and cloud) over the past year. I have sorted the activity by months that shows the evolution of files uploaded to the sensors each month. The activity peaked during the winter months (Dec 2025 – Feb 2026) and started decreasing in March 2026 for each sensor.
- FBI warns of fake FIFA websites running World Cup fraud schemes
BleepingComputer • 2026-05-28 12:08 • www.bleepingcomputer.com
The FBI is warning of fake websites impersonating FIFA ahead of the 2026 World Cup, to steal personal and financial information, sell fake tickets and hospitality packages, and push other fraud related to the event. […]
https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-fifa-websites-running-world-cup-fraud-schemes/ - Hackers exploit FortiClient EMS flaw to push infostealer malware
BleepingComputer • 2026-05-28 10:25 • www.bleepingcomputer.com
Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer called EKZ. […]
https://www.bleepingcomputer.com/news/security/hackers-exploit-forticlient-ems-flaw-to-push-infostealer-malware/ - Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code
The Hacker News • 2026-05-28 10:24 • thehackernews.com
A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary code under certain conditions.The security flaw, per Rapid7, is rated 9.4 on the CVSS scoring system. It does not have a CVE identifier.
“The vulnerability allows any authenticated user to achieve remote code execution (RCE) on
https://thehackernews.com/2026/05/critical-gogs-rce-vulnerability-lets.html - Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer
The Hacker News • 2026-05-28 08:26 • thehackernews.com
Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver credential-stealing malware.“The campaign abused trusted endpoint management infrastructure to deliver malware across managed endpoints,” Arctic Wolf said. “Threat actors disguised the credential stealer payload as a Fortinet endpoint
https://thehackernews.com/2026/05/threat-actors-exploit-critical.html - New Gogs zero-day flaw lets hackers get remote code execution
BleepingComputer • 2026-05-28 07:25 • www.bleepingcomputer.com
An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances. […]
https://www.bleepingcomputer.com/news/security/new-gogs-zero-day-flaw-lets-hackers-get-remote-code-execution/ - How SIEM helps MSPs reduce noise and stop threats faster
BleepingComputer • 2026-05-28 07:01 • www.bleepingcomputer.com
MSPs don’t lack security data. They struggle to separate real threats from alert noise. Kaseya explains how SIEM helps MSPs improve visibility, reduce fatigue, and respond faster. […]
https://www.bleepingcomputer.com/news/security/how-siem-helps-msps-reduce-noise-and-stop-threats-faster/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
