THE article discusses a critical cybersecurity threat targeting corporate infrastructure through a FortiClient EMS exploitation campaign. It highlights three active vulnerabilities identified today, including CVE-2026-48027, CVE-2026-45321, and CVE-2026-8398. The primary focus is on CVE-2026-35616, which allows malicious actors to exploit FortiClient’s management pathways to deploy EKZ Infostealer malware, effectively masquerading as legitimate software updates.
This malware can extract user credentials from browser applications like Chrome and Firefox. The severity of this exploitation poses significant downstream risks, enabling attackers to access cloud networks and sensitive resources, thus requiring immediate infrastructure adjustments, stricter network access controls, and continuous monitoring to mitigate such threats.