Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

28Mai 2026 by Webmaster

Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver credential-stealing malware.

« The campaign abused trusted endpoint management infrastructure to deliver malware across managed endpoints, » Arctic Wolf said. « Threat actors disguised the credential stealer payload as a Fortinet endpoint