FortiClient EMS, Gogs RCE actively exploited; CISA GitHub leak exposes AWS keys

This briefing reports multiple concurrent high-risk incidents: active exploitation of FortiClient EMS (CVE-2026-35616) to deploy the EKZ credential stealer, an unpatched Gogs RCE zero-day, public exposure of CISA-related AWS GovCloud credentials via a contractor's GitHub repo, a 4,300+ domain FIFA fraud campaign targeting World Cup attendees, and a Carnival data breach affecting ~6 million customers; recommended immediate actions include patching/isolation, credential rotation, log audits, and customer fraud/credit monitoring.