Summary

Hackers are actively exploiting a vulnerability in FortiClient Enterprise Management Server (EMS) to distribute a credential-stealing malware named EKZ. This attack leverages an authentication bypass flaw to infiltrate systems.

Key Points

• The vulnerability exploited is identified as CVE-2026-35616.
• The targeted product is FortiClient Enterprise Management Server (EMS).
• The malware deployed is an undocumented credential stealer known as EKZ.
• The attack involves an authentication bypass, allowing unauthorized access.

Analysis

This exploitation of CVE-2026-35616 in FortiClient EMS underscores the critical need for timely patch management and vulnerability assessment. The deployment of EKZ, a credential-stealing malware, poses significant risks to organizations by potentially exposing sensitive information. This incident highlights the importance of securing management interfaces and monitoring for unauthorized access attempts.

Conclusion

IT professionals should prioritize patching FortiClient EMS to mitigate this vulnerability. Additionally, implementing robust monitoring and access controls can help detect and prevent unauthorized access attempts.