https://vulnerability.circl.lu/sightings/feed 2026-06-01T08:46:49.863440+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/1acf38fb-f95c-472b-91a7-0e0d345f115f/export 2026-06-01T08:46:49.869850+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "1acf38fb-f95c-472b-91a7-0e0d345f115f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35616", "type": "seen", "source": "https://infosec.exchange/users/jbhall56/statuses/116657860267303158", "content": "The activity, observed by the cybersecurity company in May 2026, involves the exploitation of CVE-2026-35616 (CVSS score: 9.1), a critical pre-authentication API access bypass leading to privilege escalation. https://thehackernews.com/2026/05/threat-actors-exploit-critical.html", "creation_timestamp": "2026-05-29T12:28:02.870321Z"} 2026-05-29T12:28:02.870321+00:00 https://vulnerability.circl.lu/sighting/43714733-0286-4918-8186-73f12bf4465e/export 2026-06-01T08:46:49.869784+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "43714733-0286-4918-8186-73f12bf4465e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35616", "type": "seen", "source": "https://bsky.app/profile/jbhall56.bsky.social/post/3mmyjx6mpvc2m", "content": "The activity, observed by the cybersecurity company in May 2026, involves the exploitation of CVE-2026-35616 (CVSS score: 9.1), a critical pre-authentication API access bypass leading to privilege escalation. thehackernews.com/2026/05/thre...", "creation_timestamp": "2026-05-29T12:28:11.752477Z"} 2026-05-29T12:28:11.752477+00:00 https://vulnerability.circl.lu/sighting/fa96742a-9ab0-4e19-b40d-25ac70d1212c/export 2026-06-01T08:46:49.869716+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "fa96742a-9ab0-4e19-b40d-25ac70d1212c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-35616", "type": "seen", "source": "https://mastodon.social/ap/users/115426718704364579/statuses/116658691037013457", "content": "\ud83d\udcf0 Active Exploitation of Critical FortiClient EMS Flaw (CVE-2026-35616) Used to Deploy Credential Stealers\n\ud83d\udce2 ACTIVE EXPLOITATION: A critical FortiClient EMS flaw (CVE-2026-35616, CVSS 9.1) is being used to push credential stealers to all managed endpoints via PowerShell. Update to version 7.4.7 NOW. \ud83d\udee1\ufe0f #Fortinet #CyberAttack #PatchNow\n\ud83c\udf10 cyber[.]netsecops[.]io\n\ud83d\udd17 https://cyber.netsecops.io/articles/forticlient-ems-flaw-cve-2026-35616-actively-exploited/?utm_source=m\u2026", "creation_timestamp": "2026-05-29T15:59:19.766680Z"} 2026-05-29T15:59:19.766680+00:00 https://vulnerability.circl.lu/sighting/e802dbee-b986-43a4-aecf-0ea7732d93a3/export 2026-06-01T08:46:49.869643+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "e802dbee-b986-43a4-aecf-0ea7732d93a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35616", "type": "seen", "source": "https://bsky.app/profile/netsecio.bsky.social/post/3mmyvrs5fwv2o", "content": "\ud83d\udce2 ACTIVE EXPLOITATION: A critical FortiClient EMS flaw (CVE-2026-35616, CVSS 9.1) is being used to push credential stealers to all managed endpoints via PowerShell. Update to version 7.4.7 NOW. \ud83d\udee1\ufe0f #Fortinet #CyberAttack #PatchNow\n\n\ud83c\udf10 cyber[.]netsecops[.]io", "creation_timestamp": "2026-05-29T15:59:55.061612Z"} 2026-05-29T15:59:55.061612+00:00 https://vulnerability.circl.lu/sighting/6aca29da-acdf-4642-b4b0-eb1da6628f99/export 2026-06-01T08:46:49.869574+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "6aca29da-acdf-4642-b4b0-eb1da6628f99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35616", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mmyzptssfk2g", "content": "CVE-2026-35616: FortiClient EMS Flaw Actively Exploited in Malware Attacks\n\nA critical FortiClient Endpoint Management Server (EMS) vulnerability patched in April has been exploited in fresh attacks to deploy information-stealing malware, Arctic Wolf reports. The flaw, tracked as\u00a0\u2026\n#hackernews #news", "creation_timestamp": "2026-05-29T17:10:24.915135Z"} 2026-05-29T17:10:24.915135+00:00 https://vulnerability.circl.lu/sighting/aa1cab41-ff5f-4dd5-8180-ad58c8e6a291/export 2026-06-01T08:46:49.869498+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "aa1cab41-ff5f-4dd5-8180-ad58c8e6a291", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35616", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mmz6fdr53s2g", "content": "Hackers exploit FortiClient EMS flaw to push infostealer malware\n\nHackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer called EKZ. [...]\n#hackernews #news", "creation_timestamp": "2026-05-29T18:34:01.264351Z"} 2026-05-29T18:34:01.264351+00:00 https://vulnerability.circl.lu/sighting/562fa725-27d2-4cf8-9555-558963f7661f/export 2026-06-01T08:46:49.869425+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "562fa725-27d2-4cf8-9555-558963f7661f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35616", "type": "seen", "source": "https://bsky.app/profile/sec-news-bot.bsky.social/post/3mn2erzuybe2s", "content": "FortiClient EMS\u306e\u8106\u5f31\u6027CVE-2026-35616\u3001\u8a8d\u8a3c\u60c5\u5831\u7a83\u53d6\u30de\u30eb\u30a6\u30a7\u30a2\u914d\u4fe1\u306b\u60aa\u7528\n\nFortiClient EMS \u306e\u91cd\u5927\u306a\u8106\u5f31\u6027 CVE-2026-35616 \u304c\u60aa\u7528\u3055\u308c\u3001\u507d\u306e\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3092\u901a\u3058\u3066\u30de\u30eb\u30a6\u30a7\u30a2\u304c\u914d\u4fe1\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u5168\u4f53\u3067\u306e\u8a8d\u8a3c\u60c5\u5831\u7a83\u53d6\u306e\u30ea\u30b9\u30af\u304c\u3042\u308a\u3001FortiClient \u3092\u904b\u7528\u3057\u3066\u3044\u308b\u7d44\u7e54\u306f\u81f3\u6025\u30d1\u30c3\u30c1\u9069\u7528\u304c\u5fc5\u8981\u3067\u3059\u3002\n\n#CVE #\u8106\u5f31\u6027 #\u30de\u30eb\u30a6\u30a7\u30a2", "creation_timestamp": "2026-05-30T06:01:09.706151Z"} 2026-05-30T06:01:09.706151+00:00 https://vulnerability.circl.lu/sighting/4f7e3f19-8956-4ecb-a744-ec6dfb53a9d8/export 2026-06-01T08:46:49.869350+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "4f7e3f19-8956-4ecb-a744-ec6dfb53a9d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35616", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mn36wxrzsk2g", "content": "New infostealer reaches enterprise devices through FortiClient EMS vulnerability\n\nAttackers are delivering a broad-spectrum infostealer to enterprise computers by exploiting a known vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS). \u201cThe [malicious] \u2026\n#hackernews #news", "creation_timestamp": "2026-05-30T13:49:12.178898Z"} 2026-05-30T13:49:12.178898+00:00 https://vulnerability.circl.lu/sighting/731d3dfb-d09d-4eab-a5ff-4df3674f3a1c/export 2026-06-01T08:46:49.869257+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "731d3dfb-d09d-4eab-a5ff-4df3674f3a1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-35616", "type": "seen", "source": "https://bsky.app/profile/cyberveille-ch.bsky.social/post/3mn5v2sih322k", "content": "\ud83d\udce2 CVE-2026-35616 exploit\u00e9e dans FortiClient EMS pour d\u00e9ployer l'infostealer EKZ d\u00e9guis\u00e9 en patch Fortinet\n\ud83d\udcdd ## \ud83d\udd0d Contexte\n\nEn\u2026\nhttps://cyberveille.ch/posts/2026-05-31-cve-2026-35616-exploitee-dans-forticlient-ems-pour-deployer-l-infostealer-ekz-deguise-en-patch-fortinet/ #CVE_2026_35616 #Cyberveille", "creation_timestamp": "2026-05-31T15:30:28.969060Z"} 2026-05-31T15:30:28.969060+00:00 https://vulnerability.circl.lu/sighting/7e2b0498-bbb4-42c3-9ee0-a83e3861fba8/export 2026-06-01T08:46:49.868273+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "7e2b0498-bbb4-42c3-9ee0-a83e3861fba8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-35616", "type": "seen", "source": "https://t.me/GithubRedTeam/86705", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #Exploit\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-35616\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a jennydokumi30\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Unknown\n\u2b50 Star\u6570\u91cf\uff1a 0 | \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-31 15:39:37\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-31T16:00:05.000000Z"} 2026-05-31T16:00:05+00:00