Fortinet News Articles

Recent news articles refferecing the vendors vulnerabilities.

favicon imageSecurityweek

3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs

Fortinet FortiSandbox vulnerabilities tracked as CVE-2026-39808, CVE-2026-39813, and CVE-2026-25089 are being targeted in the wild.

2 weeks ago

favicon imagetheregister

Three critical Fortinet sandbox bugs splattered by unknown attackers

All have patches, so make sure you upgrade to a fixed version

2 weeks ago

favicon imageThe Register

Three critical Fortinet sandbox bugs splattered by unknown attackers

All have patches, so make sure you upgrade to a fixed version

2 weeks ago

favicon imageIt Security News

Attackers are exploiting FortiSandbox vulnerabilities - IT Security News

Attackers have been spotted exploiting three vulnerabilities (CVE-2026-39813, CVE-2026-39808, CVE-2026-25089) in FortiSandbox, a platform that other Fortinet security products depend on for threat verdicts to enforce blocking decisions and trigger automated responses. The warning came on Monday from...

2 weeks ago

favicon imageHelp Net Security

Attackers are exploiting FortiSandbox vulnerabilities - Help Net Security

Attackers have been spotted exploiting three vulnerabilities (CVE-2026-39813, CVE-2026-39808, CVE-2026-25089) in FortiSandbox.

2 weeks ago

favicon imageThe Hacker News

Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week

Attackers are exploiting three Fortinet FortiSandbox flaws, including one patched last week, risking auth bypass and command execution.

2 weeks ago

favicon imageBleepingComputer

Critical Fortinet FortiSandbox flaws now exploited in attacks

Attackers are now exploiting several critical vulnerabilities in Fortinet's FortiSandbox cyber threat detection platform, according to threat intelligence company Defused.

2 weeks ago

favicon imageIt Security News

New infostealer reaches enterprise devices through FortiClient EMS vulnerability - IT Security News

Attackers are delivering a broad-spectrum infostealer to enterprise computers by exploiting a known vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS). “The [malicious] payload was presented as a Fortinet endpoint update and executed through FortiClient-managed VPN scri...

favicon imageHelp Net Security

New infostealer reaches enterprise devices through FortiClient EMS vulnerability - Help Net Security

Attackers are delivering an infostealer to enterprise computers by exploiting a known vulnerability (CVE-2026-35616) in FortiClient EMS.

favicon imageWebpronews

Fortinet Flaw Opens Door to Mass Credential Theft via Managed Endpoints

Threat actors are exploiting CVE-2026-35616 in FortiClient EMS to push disguised credential stealers to all managed endpoints at scale. Arctic Wolf and WatchTowr detail how attackers abuse management infrastructure for silent deployment and browser data theft. Organizations must patch immediately.

favicon imageBleepingComputer

Hackers exploit FortiClient EMS flaw to push infostealer malware

Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer called EKZ.

favicon imageThe Hacker News

Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

FortiClient EMS flaw CVE-2026-35616 enabled malware delivery via fake updates, risking credential theft across endpoints.

favicon imageSecurityweek

Critical FortiClient EMS Vulnerability Exploited in Fresh Attacks

CVE-2026-35616, a FortiClient EMS zero-day vulnerability patched in April, has been exploited in fresh infostealer attacks.

favicon imageIt Security News

PoC Exploit Released for FortiSandbox Vulnerability that Allows Attacker to Execute Commands - IT Security News

A proof-of-concept (PoC) exploit has been publicly released for a critical vulnerability in Fortinet’s FortiSandbox product, tracked as CVE-2026-39808. The flaw allows an unauthenticated attacker to execute arbitrary operating system commands as root, the highest privilege level, without requiring a...

favicon imageIt Security News

PoC Released for FortiSandbox Flaw Enabling Arbitrary Command Execution - IT Security News

A proof-of-concept (PoC) exploit has been publicly released for a critical security flaw in Fortinet’s FortiSandbox. Tracked as CVE-2026-39808, this severe vulnerability allows an unauthenticated attacker to execute arbitrary commands on the underlying operating system with the highest level of…Read...

favicon imageThe Hacker News

CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software

CISA adds six exploited vulnerabilities, including Fortinet and Exchange flaws, requiring FCEB patching by April 27, 2026.

favicon imageIt Security News

U.S. CISA adds a flaw in Fortinet FortiClient EMS to its Known Exploited Vulnerabilities catalog - IT Security News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Fortinet FortiClient EMS to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Fortinet FortiClient EMS, tracked as CVE-2026-35616 (CVSS score of…...

favicon imageSecurityweek

Fortinet Rushes Emergency Fixes for Exploited Zero-Day

Fortinet issues emergency patches for CVE-2026-35616, a FortiClient EMS zero-day vulnerability that has been exploited in the wild.

favicon imageDark Reading

Fortinet Issues Emergency Patch for FortiClient Zero-Day

The authentication bypass flaw, tracked as CVE-2026-35616, is the latest in a series of Fortinet vulnerabilities that have been exploited in the wild.

favicon imageIt Security News

CISA Warns of Fortinet 0-Day Vulnerability Actively Exploited in Attacks - IT Security News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-35616, a critical improper access control vulnerability in Fortinet FortiClient Enterprise Management Server (EMS), to its Known Exploited Vulnerabilities (KEV) catalog on April 6, 2026, mandating federal agencies to...

favicon imageCybersecuritynews

CISA Warns of Fortinet 0-Day Vulnerability Actively Exploited in Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-35616, a critical improper access control vulnerability in Fortinet FortiClient Enterprise Management Server (EMS), to its Known Exploited Vulnerabilities (KEV) catalog on April 6, 2026, mandating federal agencies to...

favicon imageBleepingComputer

CISA orders feds to patch exploited Fortinet EMS flaw by Friday

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to secure FortiClient Enterprise Management Server (EMS) instances against an actively exploited vulnerability by Friday.

favicon imageTechrepublic

New Fortinet Flaw Allows Unauthorized Access to Enterprise Systems

Fortinet warns of a critical FortiClient EMS zero-day vulnerability that is currently being exploited, allowing attackers to bypass authentication and execute commands.

favicon imageEsecurity Planet

CVE-2026-35616: FortiClient EMS Flaw Under Active Exploitation | eSecurity Planet

A critical FortiClient EMS vulnerability (CVE-2026-35616) is under active exploitation, allowing unauthenticated attackers to bypass API protections.

favicon imageDecipher

Fortinet CVE-2026-35616 Actively Exploited - Decipher

The company published an advisory on Saturday and urged all customers who are running affected versions of the software to install the hotfix as quickly as possible. The bug affects versions 7.4.5 and 7.4.6 of FortiClient EMS. 

No more news articles to load.