> TritonInfoSec News
Home / May 30, 2026 / Story
0
#5 The Hacker News general May 28, 2026 at 15:26 UTC

Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

By [email protected] (The Hacker News)

AI Summary

Threat actors are actively exploiting a critical patched vulnerability in Fortinet's FortiClient Endpoint Management Server (EMS) to deploy credential-stealing malware disguised as a Fortinet endpoint agent. Arctic Wolf's research shows attackers abused trusted endpoint management infrastructure to propagate the stealer across all managed endpoints, amplifying the blast radius beyond the initial compromise.

Read full article → https://thehackernews.com/2026/05/threat-actors-ex…

Relevance score: 80.0/100

# More from May 30

  1. 1
    Dutch govt disrupts malware botnet with 17 million infected devices BleepingComputer
  2. 2
    Charter Communications data breach affects 4.9 million accounts BleepingComputer
  3. 3
    Federal audit reveals NIST’s NVD is plagued by poor planning and duplication CyberScoop
  4. 4
    Gogs Zero-Day Exposes Servers to Remote Code Execution SecurityWeek
  5. 6
    Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit The Hacker News
  6. 7
    Google Chrome adds session cookie theft protection for all users BleepingComputer
  7. 8
    New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks The Hacker News
  8. 9
    California AG sues 23andMe over 2023 breach exposing health data BleepingComputer
  9. 10
    Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal The Hacker News