Attackers Exploit CVE-2026-35616 in FortiClient EMS to Deploy EKZ Infostealer Disguised as a Fortinet Patch
Arctic Wolf found attackers abusing a critical 9.8-CVSS FortiClient EMS authentication bypass to silently push EKZ Infostealer to every managed endpoint via legitimate VPN scripting workflows.
5 min read7 sources