Hackers exploit FortiClient EMS flaw to push infostealer malware

Thursday, May 28, 2026 at 05:25 PM UTC·Source: BleepingComputer

Updated: Thursday, May 28, 2026 at 06:00 PM UTC

Executive Summary

Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer called EKZ. [...]

Analysis

Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer called EKZ. [...]

Indicators of Compromise (1)

CVE (1)

CVE-2026-35616

NVD MITRE CVE

Source Attribution

Originally published by BleepingComputer on May 28, 2026.

Related Threats

MEDIUMMalware

Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks

A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and FakeUpdates techniques on compromised sites. [...]

4h agoBleepingComputer

MEDIUMMalware

Dutch Police Dismantle Massive 17-Million-Device Botnet

Dutch authorities seized command-and-control servers tied to a botnet of infected computers, smartphones, and tablets that was allegedly used to power a residential proxy network and facilitate cybercrime. The post Dutch Police Dismantle Massive 17-Million-Device Botnet appeared first on SecurityWeek .

8h agoSecurityWeek

MEDIUMMalware

WordPress malware campaign hides payloads in Steam profiles

Nearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control (C2) data. [...]

9h agoBleepingComputer