Skip to content

News
Cybercrime
Risk
Policy
Privacy
Research
Cloud
Insurance

LinkedIn
Facebook

CVE-2026-35616

Threat actors abuse patched FortiClient EMS flaw to push credential stealer

Cybercrime, News, Risk, Vulnerabilities

May 29, 2026

Threat actors are exploiting a patched FortiClient EMS flaw to push a credential stealer disguised as a Fortinet update, according to a technical analysis from Arctic Wolf. The campaign affects managed endpoints and can expose browser data, cookies and saved credentials.

About
Editorial Policy
Privacy
Contact