A zero-day in Fortinet FortiClient EMS is under active exploitation, with threat actors delivering the EKZ infostealer via a trojanized file masquerading as a legitimate Fortinet patch. Credential theft from EMS infrastructure poses broad lateral movement risk across any enterprise where FortiClient EMS manages endpoints. No CVSS score has been published by NVD; EPSS is at the 97.46th percentile.