Carnival Cruise Confirms Data Breach Affecting Nearly 6 Million People
Carnival Corporation, the world’s largest cruise line operator, began notifying nearly 6 million customers this week that their personal data was stolen in an April breach after attackers gained access to an employee account through a social engineering attack. The stolen data varies by individual but may include names, addresses, dates of birth, email addresses, phone numbers, passport numbers, and payment card information, affecting customers across brands including Carnival Cruise Line, Princess Cruises, Holland America, and others. The disclosure follows ShinyHunters claiming credit for the breach in April — the same group behind a string of high-profile extortion attacks this year including 7-Eleven, Vercel, and McGraw-Hill — and affected customers should monitor for follow-on phishing attempts that reference their booking or travel history to appear legitimate.
Chinese Hackers Exploit Iran War Instability to Target Maritime and Energy Firms
ESET’s Q4 2025–Q1 2026 APT Activity Report finds that China-aligned threat actors remained the most active APT source globally during the period, with groups actively pivoting to exploit geopolitical instability in the Gulf region — targeting maritime and energy organizations to improve Beijing’s visibility into oil shipments and regional power dynamics following U.S. military operations against Iran. The report also documented SteppeDriver targeting Syrian government networks in what researchers assess reflects both commercial interest in Syria’s reconstruction projects and security concerns surrounding Uyghur fighters present in the country, as well as FamousSparrow compromising a Venezuelan maritime affairs entity to monitor oil shipment resilience. Separately, the report notes continued Chinese APT interest in South Korea’s AI and robotics sector, Latin American financial services, and Central American government entities — a pattern consistent with Beijing’s broader Made in China 2025 industrial strategy.
Fortinet Patches FortiClient EMS Zero-Day Exploited in the Wild
Fortinet issued emergency hotfixes for CVE-2026-35616, a critical improper access control flaw in FortiClient EMS rated CVSS 9.1 that allows unauthenticated remote attackers to bypass API authentication and execute arbitrary code, after the vulnerability was observed being actively exploited in the wild. Approximately 2,000 FortiClient EMS instances are accessible from the internet according to the Shadowserver Foundation, and exploitation activity was observed as early as late March — meaning a significant window of exposure preceded the patch. Teams running FortiClient EMS should apply the hotfix immediately and treat any internet-exposed instances as potentially compromised, particularly given this is the second unauthenticated critical vulnerability disclosed in the product within a matter of weeks.
AI-Generated npm Infostealer Leaked Its Own GitHub Token, Exposing the Operator
A malicious npm package named “mouse5212-super-formatter” was discovered specifically targeting files in the /mnt/user-data directory used by Anthropic’s Claude to handle uploads and outputs, exfiltrating them to an attacker-controlled GitHub repository in a campaign researchers have dubbed Malware-Slop. The package’s code bears clear signs of AI generation, and in a significant operational security failure, the threat actor embedded their own live GitHub private token directly in the malware — effectively identifying themselves and giving researchers visibility into the attacker-controlled infrastructure. While sloppy, researchers at OX Security warn that the reduced barrier to creating functional malware through AI means defenders should expect increasing volumes of low-quality but functional infostealers targeting AI tool directories, developer credentials, and cloud environment variables.
Frontier AI Models Fail Under Multi-Turn Attacks, Cisco Research Finds
Cisco’s AI threat intelligence team tested 15 closed flagship models from OpenAI, Anthropic, Google, Amazon, and xAI and found that multi-turn attack success rates climbed as high as 88% — an order of magnitude above single-turn baselines for the same models — exposing a major gap between published safety benchmarks and real-world adversarial resilience. The research covered roughly 30,000 single-turn prompts and nearly 7,000 multi-turn attacks across more than 1,400 conversations, identifying five primary attack strategy families: role-play and persona adoption, contextual ambiguity, refusal reframing, information decomposition, and crescendo-style escalation. The practical implication for defenders deploying AI in enterprise workflows is that single-turn safety evaluations are not a reliable predictor of model behavior under sustained adversarial pressure, and organizations should test AI deployments against multi-turn attack scenarios before relying on them in sensitive contexts.
