SysBlue Cyber Solutions

Hackers exploit FortiClient EMS flaw to push infostealer malware.

Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer called EKZ.

The attacker disguised the malware as an update for Fortinet endpoints and executed it through VPN scripting workflows managed by FortiClient.

Hackers exploit FortiClient EMS flaw to push infostealer malware Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer called EKZ.

Glassworm botnet disrupted after resilient C2 infrastructure takedown.

The Glassworm botnet targeting developers in software supply-chain attacks has been disrupted after researchers took down its resilient command-and-control infrastructure relying on Solana blockchain transactions and the BitTorrent DHT network.

​In a coordinated operation conducted yesterday, CrowdStrike, Google, and The Shadowserver Foundation cut off the botnet operators’ access to four distinct command-and-control (C2) channels designed to resist conventional disruption efforts.

Glassworm botnet disrupted after resilient C2 infrastructure takedown The Glassworm botnet targeting developers in software supply-chain attacks has been disrupted after researchers took down its resilient command-and-control infrastructure relying on Solana blockchain transactions and the BitTorrent DHT network.

How Varonis Atlas integrates Claude Compliance API for AI governance.

Varonis announced an integration with the Claude Compliance API, bringing Claude Enterprise and Claude Platform activity into Varonis' Atlas AI Security Platform.

Organizations across industries rely on Claude Enterprise for day-to-day knowledge work and analysis, and Claude Platform to build, deploy, and operate applications, tools, and AI agents. Varonis Atlas provides the visibility and oversight that enterprises need to adopt AI with confidence.

How Varonis Atlas integrates Claude Compliance API for AI governance AI governance requires visibility into how AI tools interact with enterprise data. Varonis explains how its Atlas platform uses Claude Compliance API data to help monitor usage, investigate risk, and support compliance.

Anthropic’s restricted Claude Mythos model may be coming to Claude Code.

Anthropic appears to be preparing for the public rollout of "Mythos," which was announced in April as a restricted model that poses major security risks to private and public software.

On April 7, Anthropic announced the Mythos in early preview and called it a new frontier model with strikingly advanced capabilities in computer security tasks.

Anthropic’s restricted Claude Mythos model may be coming to Claude Code Anthropic appears to be preparing for the public rollout of the Mythos model, which was announced in April as a restricted model that poses major security risks to private and public software.

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign.

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows.

The campaign was discovered by XLab threat intelligence researchers at Chinese cybersecurity company Qianxin, who confirmed impact on more than 700 domains, including university portals, AI/SaaS companies, media outlets, fintech firms, security sites, and personal blogs.

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows.

Italy disrupts CINEMAGOAL piracy app that stole streaming auth codes.

Italian authorities have dismantled a piracy ecosystem centered around the CINEMAGOAL app that provided access to various streaming platforms, including Netflix, Disney+, and Spotify.

Unlike typical IPTV service providers that openly market themselves online and expose their operations, CINEMAGOAL's approach was stealthier, as it used an app that customers installed on their devices.

Italy disrupts CINEMAGOAL piracy app that stole streaming auth codes Italian authorities have dismantled a piracy ecosystem centered around the CINEMAGOAL app that provided access to various streaming platforms, including Netflix, Disney+, and Spotify.

Netherlands seizes 800 servers of hosting firm enabling cyberattacks.

Financial crime investigators in the Netherlands (FIOD) arrested two men and seized 800 servers linked to a web hosting company that enabled cyberattacks, interference operations, and disinformation campaigns.

FIOD arrested a 57-year-old suspect, who was the company director, and a 39-year-old who headed a separate firm that provided internet connectivity.

Netherlands seizes 800 servers of hosting firm enabling cyberattacks Financial crime investigators in the Netherlands (FIOD) arrested two men and seized 800 servers linked to a web hosting company that enabled cyberattacks, interference operations, and disinformation campaigns.

Google accidentally exposed details of unfixed Chromium flaw.

Google has accidentally leaked details about an unfixed issue in Chromium that keeps JavaScript running in the background even when the browser is closed, allowing remote code ex*****on on the device.

The flaw was reported by security researcher Lyra Rebane and acknowledged as valid in December 2022, as per the thread on Chromium Issue Tracker.

Google accidentally exposed details of unfixed Chromium flaw Google has accidentally leaked details about an unfixed issue in Chromium that keeps JavaScript running in the background even when the browser is closed, allowing remote code ex*****on on the device.

Grafana breach caused by missed token rotation after TanStack attack.

The Grafana data breach was caused by a single GitHub workflow token that slipped through the rotation process following the TanStack npm supply-chain attack last week.

In the ongoing Shai-Hulud malware campaign attributed to TeamPCP hackers, dozens of TanStack packages infected with credential-stealing code were published on the npm index, compromising developer environments, including Grafana's.

Grafana breach caused by missed token rotation after TanStack attack The Grafana data breach was caused by a single GitHub workflow token that slipped through the rotation process following the TanStack npm supply-chain attack last week.

Microsoft plans to improve Windows 11 driver quality in 2026.

Microsoft plans to raise the quality bar of Windows 11 drivers, as drivers "sit at the heart of every Windows experience" and connect the OS to the "silicon, components, and peripherals."

Before Microsoft shipped Windows 11, it frequently hosted WinHEC (Windows Hardware Engineering Conference), where Microsoft's developers and OEM partners met to work on quality.

Microsoft plans to improve Windows 11 driver quality in 2026 Microsoft plans to raise the quality bar of Windows 11 drivers, as drivers "sit at the heart of every Windows experience" and connect the OS to the "silicon, components, and peripherals."

Leaked Shai-Hulud malware fuels new npm infostealer campaign.

The Shai-Hulud malware leaked last week is now used in new attacks on the Node Package Manager (npm) index, as infected packages emerged over the weekend.

A threat actor using the account deadcode09284814 published four malicious packages on npm and embedded one of them with a non-obfuscated version of Shai-Hulud that targeted developer credentials, secrets, cryptocurrency wallet data, and account information.

Leaked Shai-Hulud malware fuels new npm infostealer campaign The Shai-Hulud malware leaked last week is now used in new attacks on the Node Package Manager (npm) index, as infected packages emerged over the weekend.