SecurityWeek

Critical FortiClient EMS Vulnerability Exploited in Fresh Attacks

CVE-2026-35616, a FortiClient EMS zero-day vulnerability patched in April, has been exploited in fresh infostealer attacks.
TechRepublic

New Fortinet Flaw Allows Unauthorized Access to Enterprise Systems

Fortinet warns of a critical FortiClient EMS zero-day vulnerability that is currently being exploited, allowing attackers to bypass authentication and execute commands. Fortinet disclosed a critical ...
Concordia University

Multi-factor authentication with Concordia's VPN

All VPN users must upgrade to the latest tested and approved version of FortiClient and enable multi-factor authentication due to security vulnerabilities with earlier versions of the software. Please ...
The Hacker News

Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

FortiClient EMS flaw CVE-2026-35616 enabled malware delivery via fake updates, risking credential theft across endpoints.
Bleeping Computer

Hackers exploit FortiClient EMS flaw to push infostealer malware

Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer called EKZ. The attacker ...
Connecticut College Arboretum

Using Duo with FortiClient

When using the Fortinet VPN Client (FortiClient) you may be required to use the Duo Multi-Factor Authentication system to connect. By default, FortiClient uses Push ...