Fortinet News Articles

New infostealer reaches enterprise devices through FortiClient EMS vulnerability - IT Security News

Attackers are delivering a broad-spectrum infostealer to enterprise computers by exploiting a known vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS). “The [malicious] payload was presented as a Fortinet endpoint update and executed through FortiClient-managed VPN scri...

2 weeks ago

New infostealer reaches enterprise devices through FortiClient EMS vulnerability - Help Net Security

Attackers are delivering an infostealer to enterprise computers by exploiting a known vulnerability (CVE-2026-35616) in FortiClient EMS.

2 weeks ago

Fortinet Flaw Opens Door to Mass Credential Theft via Managed Endpoints

Threat actors are exploiting CVE-2026-35616 in FortiClient EMS to push disguised credential stealers to all managed endpoints at scale. Arctic Wolf and WatchTowr detail how attackers abuse management infrastructure for silent deployment and browser data theft. Organizations must patch immediately.

2 weeks ago

Hackers exploit FortiClient EMS flaw to push infostealer malware

Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer called EKZ.

2 weeks ago

Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

FortiClient EMS flaw CVE-2026-35616 enabled malware delivery via fake updates, risking credential theft across endpoints.

2 weeks ago

Critical FortiClient EMS Vulnerability Exploited in Fresh Attacks

CVE-2026-35616, a FortiClient EMS zero-day vulnerability patched in April, has been exploited in fresh infostealer attacks.

2 weeks ago

PoC Exploit Released for FortiSandbox Vulnerability that Allows Attacker to Execute Commands - IT Security News

A proof-of-concept (PoC) exploit has been publicly released for a critical vulnerability in Fortinet’s FortiSandbox product, tracked as CVE-2026-39808. The flaw allows an unauthenticated attacker to execute arbitrary operating system commands as root, the highest privilege level, without requiring a...

PoC Released for FortiSandbox Flaw Enabling Arbitrary Command Execution - IT Security News

A proof-of-concept (PoC) exploit has been publicly released for a critical security flaw in Fortinet’s FortiSandbox. Tracked as CVE-2026-39808, this severe vulnerability allows an unauthenticated attacker to execute arbitrary commands on the underlying operating system with the highest level of…Read...

CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software

CISA adds six exploited vulnerabilities, including Fortinet and Exchange flaws, requiring FCEB patching by April 27, 2026.

U.S. CISA adds a flaw in Fortinet FortiClient EMS to its Known Exploited Vulnerabilities catalog - IT Security News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Fortinet FortiClient EMS to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Fortinet FortiClient EMS, tracked as CVE-2026-35616 (CVSS score of…...

Fortinet Rushes Emergency Fixes for Exploited Zero-Day

Fortinet issues emergency patches for CVE-2026-35616, a FortiClient EMS zero-day vulnerability that has been exploited in the wild.

Fortinet Issues Emergency Patch for FortiClient Zero-Day

The authentication bypass flaw, tracked as CVE-2026-35616, is the latest in a series of Fortinet vulnerabilities that have been exploited in the wild.

CISA Warns of Fortinet 0-Day Vulnerability Actively Exploited in Attacks - IT Security News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-35616, a critical improper access control vulnerability in Fortinet FortiClient Enterprise Management Server (EMS), to its Known Exploited Vulnerabilities (KEV) catalog on April 6, 2026, mandating federal agencies to...

CISA Warns of Fortinet 0-Day Vulnerability Actively Exploited in Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-35616, a critical improper access control vulnerability in Fortinet FortiClient Enterprise Management Server (EMS), to its Known Exploited Vulnerabilities (KEV) catalog on April 6, 2026, mandating federal agencies to...

CISA orders feds to patch exploited Fortinet EMS flaw by Friday

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to secure FortiClient Enterprise Management Server (EMS) instances against an actively exploited vulnerability by Friday.

New Fortinet Flaw Allows Unauthorized Access to Enterprise Systems

Fortinet warns of a critical FortiClient EMS zero-day vulnerability that is currently being exploited, allowing attackers to bypass authentication and execute commands.

CVE-2026-35616: FortiClient EMS Flaw Under Active Exploitation | eSecurity Planet

A critical FortiClient EMS vulnerability (CVE-2026-35616) is under active exploitation, allowing unauthenticated attackers to bypass API protections.

Fortinet CVE-2026-35616 Actively Exploited - Decipher

The company published an advisory on Saturday and urged all customers who are running affected versions of the software to install the hotfix as quickly as possible. The bug affects versions 7.4.5 and 7.4.6 of FortiClient EMS. 

Week In Review: Axios Npm Supply Chain Compromise, Critical FortiClient EMS Bugs Exploited - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Week in review: Axios npm supply chain compromise, critical FortiClient EMS bugs exploited - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Financial groups lay out a plan to fight AI identity

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

CVE-2026-35616 (CVSS 9.1) exploited since March 31, 2026, affects FortiClient EMS 7.4.5–7.4.6, enabling privilege escalation.

FortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616) - IT Security News

Defused Cyber has spotted a critical Fortinet FortiClient Endpoint Management Server (EMS) zero-day vulnerability (CVE-2026-35616) being exploited in the wild. This time around, the confirmation of active exploitation came almost immediately from Fortinet, as well. “Fortinet has observed [CVE-2026-3...

FortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616) - Help Net Security

Defused Cyber spotted a critical Fortinet FortiClient EMS zero-day (CVE-2026-35616) being exploited in the wild this week

Critical Fortinet FortiClient EMS 0-Day Vulnerability Actively Exploited in the Wild - IT Security News

Fortinet has issued an emergency hotfix after security researchers disclosed a critical zero-day vulnerability in FortiClient EMS that is already being actively exploited by threat actors. Tracked as CVE-2026-35616 and carrying a CVSSv3 score of 9.1 (Critical), the flaw enables…Read more →

Fortinet Confirms New Zero-Day Behind Malicious SSO Logins

To stop the ongoing attacks, the cybersecurity vendor took the drastic step of temporarily disabling FortiCloud single sign-on (SSO) authentication.