Pierluigi Paganini
May 28, 2026
Threat actors are exploiting a critical FortiClient EMS flaw, tracked as CVE-2026-35616, to deploy malware on unpatched systems. Threat actors are exploiting a critical FortiClient EMS vulnerability, tracked as CVE-2026-35616 (CVSS score of 9.1), that allows remote code execution without authentication. Fortinet released fixes in April after confirming zero-day attacks in the wild and urged […]
Pierluigi Paganini
November 19, 2024
Chinese threat actors use custom post-exploitation toolkit ‘DeepData’ to exploit FortiClient VPN zero-day and steal credentials. Volexity researchers discovered a vulnerability in Fortinet’s Windows VPN client that China-linked threat actor BrazenBamboo abused in their DEEPDATA malware. BrazenBamboo is known to be the author of other malware families, including LIGHTSPY, DEEPDATA, and DEEPPOST. DEEPDATA is a […]
Pierluigi Paganini
March 21, 2024
Researchers released a PoC exploit for a critical flaw in Fortinet’s FortiClient Enterprise Management Server (EMS) software, which is actively exploited. Security researchers at Horizon3 have released a proof-of-concept (PoC) exploit for a critical vulnerability, tracked as CVE-2023-48788 (CVSS score 9.3), in Fortinet’s FortiClient Enterprise Management Server (EMS) software. The vulnerability is now actively exploited […]
Pierluigi Paganini
December 14, 2017
FortiClient for Linux, Mac OSX and Windows stores encrypted VPN authentication credentials in improperly secured locations. Fortinet provided security updates for its next-generation endpoint protection FortiClient product that address a serious information disclosure vulnerability. The flaw, tracked as CVE-2017-14184, could be exploited by an attacker to obtain VPN authentication credentials. FortiClient is a powerful product that includes […]
