The Hacker News

Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

FortiClient EMS flaw CVE-2026-35616 enabled malware delivery via fake updates, risking credential theft across endpoints.
TechRepublic

New Fortinet Flaw Allows Unauthorized Access to Enterprise Systems

Fortinet warns of a critical FortiClient EMS zero-day vulnerability that is currently being exploited, allowing attackers to bypass authentication and execute commands. Fortinet disclosed a critical ...
CSO Online

Fortinet fixes two critical RCE flaws in FortiAuthenticator and FortiSandbox

The company — whose recent vulnerabilities have been hit with zero-day and n-day exploits — also released three patches for flaws in FortiOS and FortiAP.
Infosecurity-magazine.com

Fortinet Releases Emergency Patch After FortiClient EMS Bug Is Exploited

Fortinet customers have been urged to update their FortiClient Enterprise Management Server (EMS) products after the vendor was forced to issue an emergency patch over the weekend. CVE-2026-35616 is a ...
Bleeping Computer

CISA orders feds to patch exploited Fortinet EMS flaw by Friday

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to secure FortiClient Enterprise Management Server (EMS) instances against an actively exploited vulnerability ...