criticalVulnerabilities & Exploits
Critical Fortinet Zero-Day Exploited in Wild, Malicious npm Campaign Targets Databases
Fortinet released emergency patches for CVE-2026-35616, a critical pre-authentication bypass in FortiClient EMS being actively exploited. Researchers also discovered 36 malicious npm packages masquerading as Strapi plugins to exploit databases and deploy persistent implants.
The Hacker News, MSRC Security Updates
fortinetzero-daynpm-supply-chain