VulnHub

Real-time Cybersecurity News

Hackers exploit FortiClient EMS flaw to push infostealer malware

BleepingComputer
Actively Exploited
CVEExploitVulnerabilityMalware

Overview

Hackers are exploiting a vulnerability in FortiClient Enterprise Management Server (EMS), identified as CVE-2026-35616, which allows them to bypass authentication. This flaw is being used to deliver a credential-stealing malware known as EKZ. Organizations using FortiClient EMS are at risk, as attackers can gain unauthorized access to sensitive information through this exploit. The situation is concerning since the malware targets credentials, potentially leading to further data breaches. Companies should prioritize patching this vulnerability to protect their systems and data from compromise.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: FortiClient Enterprise Management Server (EMS)
  • Action Required: Organizations should apply the latest security patches for FortiClient EMS to address CVE-2026-35616.
  • Timeline: Newly disclosed

Original Article Summary

Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer called EKZ. [...]

Impact

FortiClient Enterprise Management Server (EMS)

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Organizations should apply the latest security patches for FortiClient EMS to address CVE-2026-35616. Regularly updating software and monitoring systems for unusual activity are also recommended to mitigate risks.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to CVE, Exploit, Vulnerability, and 1 more.

Read Original Article

Related Coverage

House panel poised to hold hearing centered on AI impact on cyber

CyberScoop

The House Homeland Security Committee is planning to hold a public hearing focused on the impact of artificial intelligence on cybersecurity. This event is part of a series of discussions aimed at understanding how AI can both enhance and complicate security measures. Lawmakers are looking to explore the potential risks and benefits associated with the integration of AI technologies in cybersecurity practices. The hearing will likely address concerns over AI's role in facilitating cyberattacks, as well as its potential for improving defensive strategies. This initiative reflects growing recognition of the need to adapt to rapidly changing technology in the field of cybersecurity.

May 28, 2026

Russia-Linked ‘GreyVibe’ Attackers Use AI to Supercharge Cyberattacks

SecurityWeek

Researchers have identified a group known as GreyVibe, linked to Russia, that is using artificial intelligence tools like ChatGPT and Gemini to enhance their cyberattacks. This development raises concerns about how cybercriminals and state-sponsored groups may evolve their tactics in the future. The use of AI allows these attackers to automate and optimize their strategies, potentially making their operations more effective and harder to detect. Companies and organizations need to be vigilant and adapt their cybersecurity measures in light of these advancements. This trend signifies a worrying shift in the capabilities of cyber adversaries, emphasizing the need for improved defenses against sophisticated AI-driven attacks.

May 28, 2026

CVE-2026-35616: FortiClient EMS Flaw Actively Exploited in Malware Attacks

Security Affairs

A recently identified vulnerability in FortiClient Endpoint Management Server (EMS), tracked as CVE-2026-35616, is being actively exploited to deploy information-stealing malware, according to a report from Arctic Wolf. This flaw has a high severity rating of 9.1 and allows attackers to execute remote code without needing authentication, making it particularly dangerous. Organizations using FortiClient EMS should be on high alert as the vulnerability can be exploited through specially crafted requests. The vulnerability was patched in April, but the ongoing exploitation highlights the importance of timely updates and monitoring for suspicious activity. Companies must ensure they have applied the latest patches to protect their systems from these attacks.

May 28, 2026

Wireless Attacks on AI Data Centers: The Hidden Threat No One Is Watching - WC #1

SCM feed for Latest

Recent research has uncovered vulnerabilities in AI data centers that can be exploited through wireless attacks. These attacks can allow cybercriminals to access sensitive data and disrupt operations, raising concerns for organizations that rely heavily on AI technologies. The findings indicate that many existing security measures are inadequate to protect against these types of threats. As AI continues to integrate into various sectors, the implications of these vulnerabilities could lead to significant data breaches and operational disruptions. Companies operating AI data centers need to reassess their security protocols to mitigate these risks.

May 28, 2026

Attackers Move Past Typosquatting to Realistic Package Impersonation

Infosecurity Magazine

Recent research shows that cybercriminals have shifted tactics from typosquatting—where they create malicious packages with misspelled names—to developing more sophisticated open source packages that closely mimic legitimate code. This new approach allows attackers to trick users into downloading and installing harmful software without them realizing it. The implications are significant, as developers and organizations relying on open source software may inadvertently use these compromised packages, leading to potential data breaches or system vulnerabilities. Users must remain vigilant and verify the authenticity of packages before installation to prevent falling victim to these impersonation tactics.

May 28, 2026

Man arrested in Netherlands for hacking Ajax football club

SCM feed for Latest

A man was arrested in Buren, Netherlands, for allegedly hacking into the computer systems of Ajax, a prominent football club. The suspect is accused of unauthorized access to Ajax's systems multiple times earlier this year. This incident raises concerns about the security of sports organizations, which can be vulnerable to cyberattacks that may compromise sensitive data or disrupt operations. The arrest reflects ongoing efforts by law enforcement to tackle cybercrime and protect digital assets in the sports industry. As cyber threats grow, it is crucial for organizations to bolster their cybersecurity measures to prevent similar incidents in the future.

May 28, 2026