Attackers Exploited the FortiClient EMS Bug as a 0-Day

Attackers exploited the FortiClient EMS bug as a 0-day

: CISA added the flaw to KEV after Fortinet confirmed exploitation in the wild

CISA orders feds to patch exploited Fortinet EMS flaw by Friday

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to secure FortiClient Enterprise Management Server (EMS) instances against an actively exploited vulnerability by Friday.

Critical flaw in FortiClient EMS under exploitation

Fortinet released an emergency hotfix after security researchers discovered the vulnerability being exploited as a zero-day.

Singapore, US warn of latest Fortinet bug being exploited in wild

The Cybersecurity and Infrastructure Security Agency (CISA) gave federal agencies until Thursday to apply the hotfix.

CISA Adds One Known Exploited Vulnerability to Catalog

CISA Adds One Known Exploited Vulnerability to Catalog ggaylor Apr 06, 2026 Release DateApril 06, 2026 DescriptionCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.CVE-2026-35616 - Fortinet FortiClient EMS Improper Access Control VulnerabilityThis type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the feder…

Week in review: Axios npm supply chain compromise, critical FortiClient EMS bugs exploited

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Financial groups lay out a plan to fight AI identity attacks Generative AI tools have brought the cost of deepfake production low enough that criminals and state-sponsored actors now use them routinely against financial institutions. A joint paper from the American Bankers Association, the Better Identity Coalition, and the Financial Services Sector…