Storia in 3 fonti

Critical FortiClient EMS Vulnerability Exploited in Fresh Attacks

CVE-2026-35616, a FortiClient EMS zero-day vulnerability patched in April, has been exploited in fresh infostealer attacks.

Raccontata da

securityweek.com

thehackernews.com

bleepingcomputer.com

Confronto fonti

3 prospettive sulla stessa storia

AI · summaries

securityweek.comStai leggendo2 g fa

Critical FortiClient EMS Vulnerability Exploited in Fresh Attacks

CVE-2026-35616, a FortiClient EMS zero-day vulnerability patched in April, has been exploited in fresh infostealer attacks.

originale

thehackernews.com2 g fa

Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

FortiClient EMS flaw CVE-2026-35616 enabled malware delivery via fake updates, risking credential theft across endpoints.

Leggi questa versione → originale

bleepingcomputer.com2 g fa

Hackers exploit FortiClient EMS flaw to push infostealer malware

Attackers exploit CVE-2026-35616 in FortiClient EMS to deploy the EKZ infostealer via VPN scripting, targeting 2,000 exposed instances. The flaw allows unauthenticated RCE and MFA bypass via cookie theft; Fortinet patched 7.4.5/7.4.6—apply immediately.

Leggi questa versione → originale

Timeline cronologica

giovedì 28 maggio 2026·securityweek.com
Critical FortiClient EMS Vulnerability Exploited in Fresh Attacks
CVE-2026-35616, a FortiClient EMS zero-day vulnerability patched in April, has been exploited in fresh infostealer attacks.
giovedì 28 maggio 2026·thehackernews.com
Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer
FortiClient EMS flaw CVE-2026-35616 enabled malware delivery via fake updates, risking credential theft across endpoints.
giovedì 28 maggio 2026·bleepingcomputer.com
Hackers exploit FortiClient EMS flaw to push infostealer malware
Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer…