VulnHub

Real-time Cybersecurity News

CVE-2026-35616: FortiClient EMS Flaw Actively Exploited in Malware Attacks

Security Affairs
Actively Exploited
CVEVulnerabilityMalwareRCECritical

Overview

A recently identified vulnerability in FortiClient Endpoint Management Server (EMS), tracked as CVE-2026-35616, is being actively exploited to deploy information-stealing malware, according to a report from Arctic Wolf. This flaw has a high severity rating of 9.1 and allows attackers to execute remote code without needing authentication, making it particularly dangerous. Organizations using FortiClient EMS should be on high alert as the vulnerability can be exploited through specially crafted requests. The vulnerability was patched in April, but the ongoing exploitation highlights the importance of timely updates and monitoring for suspicious activity. Companies must ensure they have applied the latest patches to protect their systems from these attacks.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: FortiClient Endpoint Management Server (EMS)
  • Action Required: Organizations should apply the patch released in April to FortiClient EMS to mitigate the vulnerability.
  • Timeline: Newly disclosed

Original Article Summary

A critical FortiClient Endpoint Management Server (EMS) vulnerability patched in April has been exploited in fresh attacks to deploy information-stealing malware, Arctic Wolf reports. The flaw, tracked as CVE-2026-35616 (CVSS score of 9.1), can be exploited remotely via crafted requests for remote code execution (RCE) and does not require authentication. Threat actors are exploiting a critical FortiClient […]

Impact

FortiClient Endpoint Management Server (EMS)

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Organizations should apply the patch released in April to FortiClient EMS to mitigate the vulnerability. Regularly monitor systems for any unauthorized access or unusual activity.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to CVE, Vulnerability, Malware, and 2 more.

Read Original Article

Related Coverage

Attackers Move Past Typosquatting to Realistic Package Impersonation

Infosecurity Magazine

Recent research shows that cybercriminals have shifted tactics from typosquatting—where they create malicious packages with misspelled names—to developing more sophisticated open source packages that closely mimic legitimate code. This new approach allows attackers to trick users into downloading and installing harmful software without them realizing it. The implications are significant, as developers and organizations relying on open source software may inadvertently use these compromised packages, leading to potential data breaches or system vulnerabilities. Users must remain vigilant and verify the authenticity of packages before installation to prevent falling victim to these impersonation tactics.

May 28, 2026

Man arrested in Netherlands for hacking Ajax football club

SCM feed for Latest

A man was arrested in Buren, Netherlands, for allegedly hacking into the computer systems of Ajax, a prominent football club. The suspect is accused of unauthorized access to Ajax's systems multiple times earlier this year. This incident raises concerns about the security of sports organizations, which can be vulnerable to cyberattacks that may compromise sensitive data or disrupt operations. The arrest reflects ongoing efforts by law enforcement to tackle cybercrime and protect digital assets in the sports industry. As cyber threats grow, it is crucial for organizations to bolster their cybersecurity measures to prevent similar incidents in the future.

May 28, 2026

New Gogs zero-day flaw lets hackers get remote code execution

BleepingComputer

A newly discovered zero-day vulnerability in the Gogs self-hosted Git service allows attackers to execute remote code on servers that are exposed to the internet. This flaw poses a significant risk to organizations using Gogs for version control, as malicious actors could potentially gain full control over affected systems. Currently, there are no patches available to fix this issue, leaving users vulnerable until a solution is released. The exploitation of this vulnerability is particularly concerning because it can lead to data breaches or further attacks within an organization's infrastructure. Users and administrators of Gogs should take immediate action to secure their installations and monitor for any unusual activity.

May 28, 2026

When old data brings AI rollouts to a screeching halt - and how to manage it

Latest news

The article discusses how older data, which companies may have forgotten about, is becoming increasingly valuable as AI technologies advance. However, this revival of old data can pose significant security risks, as it may contain outdated or sensitive information that organizations have not adequately protected. Companies leveraging AI need to be aware of these potential vulnerabilities and take steps to secure their data assets. If not managed properly, these risks can derail AI initiatives and lead to data breaches or compliance issues. It's essential for organizations to assess their historical data for security risks before moving forward with AI projects.

May 28, 2026

Romanian gets 5 years in prison for hacking Oregon govt network

BleepingComputer

A Romanian man was sentenced to 56 months in federal prison for hacking into a computer network used by the Oregon state government. This incident was part of a broader series of cyberattacks that targeted multiple victims across the United States. The hacker's activities included unauthorized access to sensitive governmental information, which raises concerns about the security of public sector networks. Such breaches can compromise not only data integrity but also the trust of citizens in their government. The case serves as a reminder of the ongoing risks posed by cybercriminals, particularly those operating from abroad.

May 28, 2026

New Edamame Platform Aims to Catch AI Coding Agents Going Off the Rails

SecurityWeek

Edamame, a startup based in France, has launched a new platform designed to monitor AI coding agents for potential issues like 'intent drift,' which refers to a deviation from their intended programming. The platform uses host telemetry and AI analysis to detect problems in real time, including secret theft and supply-chain attacks. This is significant as it addresses the growing concern over how AI systems can behave unpredictably and pose risks to software integrity and data security. By implementing such a system, companies can better protect their applications and sensitive information from malicious activities. This innovation could be crucial for organizations relying on AI-driven coding agents to ensure they operate safely and as intended.

May 28, 2026