Carnival breached and more - May 30, 2026

Weekly Roundup

May 31

Written By RF Wave

Featured

Carnival Corporation has confirmed they were victim of a data breach

ShinyHunters group has claimed responsibility for the breach, and affects nearly 6 million people

This Week’s Updates

Breaches

7-Eleven data breach exposes personal information of 185,000 people following ShinyHunters hack in April

Charter Communications data breach is confirmed to affect 4.9 million accounts after ShinyHunters hack in early April

Vulnerabilities

Ghost CMS critical SQL injection flaw (CVE-2026-26980) is being exploited in a large-scale ClickFix campaign injecting malicious JavaScript

CISA orders federal agencies to patch an actively exploited SQL injection vulnerability in Drupal CMS

CISA gives federal agencies four days to patch an actively exploited critical vulnerability in the LiteSpeed cPanel plugin

Hackers are exploiting a FortiClient EMS authentication bypass (CVE-2026-35616) to deliver an undocumented credential stealer called EKZ

Palo Alto Networks warns that hackers are actively exploiting a PAN-OS GlobalProtect authentication bypass flaw tracked as CVE-2026-0257

vulnerabilitydata breachCarnivalPaloCharter Communications7-ElevenGhost CMSDrupal CMSLiteSpeed cPanelFortiClient EMS

RF Wave

GitHub breached and more - May 24, 2026