> TritonInfoSec News
Home / May 29, 2026 / Story
0
#3 BleepingComputer general May 28, 2026 at 17:25 UTC

Hackers exploit FortiClient EMS flaw to push infostealer malware

By Bill Toulas

AI Summary

Threat actors are actively exploiting CVE-2026-35616, an authentication bypass in Fortinet's FortiClient Enterprise Management Server (EMS), to deliver a previously undocumented credential stealer dubbed EKZ. Arctic Wolf confirmed the campaign abused trusted endpoint management infrastructure to push malware across managed endpoints. Fortinet issued hotfixes in April 2026 after identifying in-the-wild exploitation as a zero-day.

Read full article → https://www.bleepingcomputer.com/news/security/hac…

Relevance score: 80.0/100

# More from May 29

  1. 1
    New Gogs zero-day flaw lets hackers get remote code execution BleepingComputer
  2. 2
    Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code The Hacker News
  3. 4
    Carnival Cruise confirms data breach affecting nearly 6 million people BleepingComputer
  4. 5
    CrowdStrike disrupts Glassworm botnet that preyed on open-source supply chain CyberScoop
  5. 6
    GreyVibe hackers use ChatGPT, Gemini to power cyberattacks BleepingComputer
  6. 7
    Ransomware Actors Show Up In Person to Steal Law Firm Data Dark Reading
  7. 8
    JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware The Hacker News
  8. 9
    Malicious npm Package Stole Files From Claude AI User Directory via GitHub The Hacker News
  9. 10
    Gitea Vulnerability Exposed 30,000 Deployments to Attacks SecurityWeek