New vulnerability in FortiClient EMS: hackers deploy malware
A critical flaw in FortiClient EMS is being exploited to install EKZ malware, putting corporate credentials and sensitive data at risk.

The threat behind vulnerability CVE-2026-35616
The cybersecurity ecosystem is on high alert once again following confirmation that malicious actors are exploiting a critical vulnerability in FortiClient Enterprise Management Server (EMS). Identified as CVE-2026-35616, this authentication bypass flaw allows attackers to circumvent security controls and execute code remotely, facilitating infiltration into corporate networks.
Incidents like this, much like when Zero-Day Vulnerabilities are exploited in KnowledgeDeliver, demonstrate that centralized management tools are prime targets for cybercriminals due to their ability to control multiple endpoints.
EKZ: The new danger to corporate data
The primary objective of this hack is the distribution of a little-known infostealer dubbed EKZ. This malware is specifically designed for credential harvesting, which serves as the first step for more complex attacks, including the deployment of large-scale ransomware.
The ability of EKZ to evade perimeter defenses and silently extract information makes it a high-priority threat for incident response teams.
Immediate mitigation measures
To protect infrastructures against this threat, it is essential to follow these recommendations:
- Update immediately: Apply the security patches provided by Fortinet to fix CVE-2026-35616.
- Network monitoring: Inspect traffic for unusual connections to C2 (command and control) servers associated with the EKZ payload.
- Segmentation: Limit access to the EMS control panel to secure, restricted management networks only.
Conclusion
The exploitation of enterprise management systems is a growing trend. While we recently analyzed cases such as Iranian Hacking: MiniFast and MiniJunk V2 on the prowl, today we see how legitimate administrative tools are being turned into attack vectors. Proactive patch management remains the most effective defense in an ever-evolving threat landscape.
Source: BleepingComputer (https://www.bleepingcomputer.com/news/security/hackers-exploit-forticlient-ems-flaw-to-push-infostealer-malware/)
Related articles
11 de julio de 2026
Condemna històrica: membre de la banda Ryuk ransomware admet la seva culpabilitat
Un ciutadà armeni es declara culpable als EUA pel desplegament de ransomware Ryuk, afrontant una possible sentència de 15 anys de presó.
11 de julio de 2026
Historic Conviction: Ryuk Ransomware Gang Member Admits Guilt
An Armenian national pleads guilty in the U.S. for deploying Ryuk ransomware and faces a potential 15-year prison sentence.
11 de julio de 2026
Condena histórica: miembro de la banda Ryuk ransomware admite su culpa
Un ciudadano armenio se declara culpable en EE. UU. por el despliegue de ransomware Ryuk, enfrentando una posible sentencia de 15 años de prisión.
10 de julio de 2026
Hackers exploten Microsoft Entra: Nova vulnerabilitat en passkeys
Un grup d'actors maliciosos utilitza enginyeria social per comprometre comptes de Microsoft 365 mitjançant falsos registres de passkeys a Entra.
Loading comments...