The Healthcare Cyber Brief

A critical vulnerability (CVE-2026-35616) in FortiClient EMS has been actively exploited, allowing pre-authentication API access bypass and privilege escalation. This affects organizations using FortiClient EMS, including those with Microsoft 365 and Azure environments.

CVE-2026-35616

A critical FortiClient EMS zero-day vulnerability (CVE-2026-35616) is being actively exploited in the wild. Fortinet has released emergency hotfixes for versions 7.4.5 and 7.4.6. This affects organizations using FortiClient EMS, including those with Microsoft 365, Azure, and VMware vSphere/vCenter/ESXi environments.

CVE-2026-35616

A flaw in TrueConf Client (CVE-2026-3502) has been added to CISA's Known Exploited Vulnerabilities catalog, allowing attackers to deliver malicious updates and execute arbitrary code. This vulnerability targets secure networks used by governments and critical sectors, posing a significant risk due to its exploitation by China-aligned threat actors in Operation TrueChaos.

CVE-2026-3502

SMS-based one-time passcodes (OTPs) are being exploited by fraudsters to carry out account takeover and payment fraud schemes, compromising financial institution accountholders' accounts.

Qilin ransomware group claims the hack of German political party Die Linke. The attack exposed sensitive data of 30 EU entities, including personal and financial information. This breach could have significant implications for organizations handling similar types of data.

CVE-2026-3055

NICO-FTP 3.0.1.19 contains a critical buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending crafted FTP commands. This can be exploited via an unpatched Microsoft Exchange or SharePoint server using NICO-FTP for file transfers, leading to potential compromise of the entire network.

A high-severity stack-based buffer overflow vulnerability (CVE-2026-5544) has been discovered in UTT HiPER 1250GW up to version 3.2.7-210907-180535, affecting the /goform/formRemoteControl file. The manipulation of the Profile argument can lead to remote code execution. This vulnerability is actively exploited and poses a significant risk to organizations using UTT HiPER 1250GW.

Snews CMS 1.7 contains an unrestricted file upload vulnerability allowing unauthenticated attackers to upload and execute arbitrary PHP files, leading to remote code execution. This critical vulnerability poses a significant risk as it can be exploited by attackers to gain full control over affected systems.

A critical vulnerability in Cisco ISE and ISE-PIC could allow an authenticated attacker to execute arbitrary commands on the underlying operating system. This can lead to privilege escalation and denial of service conditions. The severity is CRITICAL due to the high CVSS score and potential for widespread impact.

A critical vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to execute arbitrary commands on the underlying operating system, potentially leading to a denial of service condition and root-level access. This affects devices running ISE with Read Only Admin credentials.

SMS-based one-time passcodes (OTPs) are being exploited by fraudsters to carry out account takeover and payment fraud schemes, compromising financial institution accountholders' accounts.

CIOs must reassess business continuity plans due to military targeting of commercial cloud data centers in the Middle East. This highlights a critical risk for enterprises relying on cloud services and underscores the need for robust resilience strategies.

Anthropic accidentally exposed its most powerful unreleased AI model and later shipped its flagship coding tool's full source code without meaning to, highlighting potential security vulnerabilities in AI development pipelines that could impact organizations using such tools.

Corti has released a new agentic model for medical coding that outperforms OpenAI, Anthropic, Amazon, Oracle, and Google by over 25% in clinical accuracy benchmarks. This could pose a significant risk to healthcare organizations relying on external or outdated coding solutions.

Mercor, a non-healthcare organization, experienced a breach via a LiteLLM supply-chain attack, enabling attackers to harvest credentials and access internal environments at scale. The threat highlights growing AI system exposure and limited visibility, posing significant risks to organizations with similar technology stacks.