FortiClient Servers Are Delivering Malware, AI Is Running the Attacks, and WordPress Just Handed Out Admin Rights: Your Threat Brief for 29 May 2026
Attackers exploited a patched FortiClient EMS vulnerability to push credential-stealing malware to corporate endpoints. An AI agent turned a single compromised server into a raided internal database in under two minutes. A WordPress plugin handed administrative access to anyone who submitted the right POST request. Three separate stories. One pattern: the margin for slow response is gone.
Here is what the data actually shows.
Story One: FortiClient EMS Is Being Used as a Malware Distribution Network
In early April 2026, Fortinet disclosed active exploitation of CVE-2026-35616, a critical flaw in FortiClient EMS (Enterprise Management Server). The vulnerability allows an unauthenticated attacker to execute arbitrary code or commands on the server remotely. Fortinet issued a patch. Many organisations did not apply it.
The consequence, documented by Arctic Wolf and reported by The Hacker News, is specific. Attackers are compromising unpatched FortiClient EMS deployments and then using the server’s legitimate endpoint management capabilities to push malware to every device the server manages. The malware is labelled to look like an official Fortinet software update. Staff see a familiar interface prompting them to apply a security patch. They click. They install a credential stealer.
FortiClient EMS is used precisely because it has administrative reach across an organisation’s endpoints. That reach is now being turned against the organisations that rely on it. The attack is not targeting individuals through phishing. It is targeting infrastructure and using that infrastructure to deliver the payload at scale.
What this means in practice: If your organisation uses FortiClient EMS and has not applied the patch for CVE-2026-35616, every device that server manages is a potential target. The malware being delivered steals credentials. Those credentials will be used to access email, cloud storage, financial platforms, and anything else your staff log into.
The patch exists. Apply it. If your MSP manages this for you, ask them today whether it has been applied and ask for written confirmation.
Story Two: AI Agents Are Compressing Attack Timelines to Minutes
On 10 May 2026, researchers documented an attack in which a threat actor used a large language model agent to automate post-exploitation activity following an initial remote code execution via a Marimo notebook vulnerability (CVE-2026-39987).
The sequence: initial access via the RCE, then the AI agent took over. Four automated pivots. Cloud provider credentials extracted from environment variables. Internal database identified, connected to, and exfiltrated. Total elapsed time: under two minutes.
This is not a vendor’s hypothetical threat scenario. It is a documented incident with a specific date and a specific technique. The significance for small businesses is not the technical mechanism. It is the timeline.
Traditional security thinking assumes a detection window: the attacker gets in, moves laterally, and your tools or your team notice something and respond. That model assumes the attacker needs hours or days to do meaningful damage. An AI-driven agent operating at machine speed removes that assumption. By the time an alert fires and a human looks at it, the database has already been copied.
What this means in practice: Detection is not sufficient if your response is measured in hours. The practical implication is not that every small business needs an AI security platform (they do not). The implication is that backup and recovery posture matters more than ever. If credential theft or data exfiltration can happen in under two minutes, your backup needs to be recent, tested, and isolated. You cannot rely on detecting and stopping an attack that moves faster than your detection cycle.
Review your backup frequency. Test your restore process. Confirm your backups are not accessible from the same credentials that protect your live systems.
Story Three: WordPress Plugin Handed Out Admin Rights to Unauthenticated Visitors
CVE-2026-8809 is a privilege escalation vulnerability in the Advanced Custom Fields: Extended (ACFE) plugin for WordPress, affecting all versions up to and including 0.9.2.5.
The mechanism is straightforward. A function within the plugin responsible for saving post data trusted an attacker-controlled parameter in the POST request without any authentication check or integrity verification. By submitting a crafted request, an unauthenticated visitor could suppress validation errors and assign themselves an administrative role. No login. No password. Administrative access on request.
WordPress underpins a significant proportion of UK small business websites, including those used for e-commerce, client portals, and booking systems. Plugins with administrative functions and poor input validation are a consistent attack surface. This particular vulnerability required no credentials and no prior access. It was a front door held open by a design error.
What this means in practice: If you run a WordPress site and use the Advanced Custom Fields: Extended plugin, update it immediately. Version 0.9.2.6 or later addresses this. If you are not sure what plugins your site runs, that is a separate problem worth addressing. Log into your WordPress admin panel, navigate to the plugins list, and verify that everything is up to date. If your web developer or MSP manages this for you, ask them to confirm the patch status in writing.
Why This Week’s Stories Give You an Edge
Most of your competitors are not reading threat intelligence. They are finding out about incidents after they happen, from a breach notification letter or a call from their bank.
Knowing that FortiClient EMS is actively being exploited as a delivery mechanism for credential stealers means you can ask the specific question: has our server been patched? That question, asked this week, might prevent the incident entirely. That is a competitive advantage expressed as avoided downtime, avoided ICO notification obligations, and avoided customer notification costs.
Understanding that AI is compressing attack timelines means you can make a rational argument for improving backup frequency and testing restore processes. Not because a vendor told you to buy something, but because the evidence supports it.
Being able to explain to a client that you actively monitor threat intelligence and patch against known exploits is a differentiator. Most of your competitors cannot say that with evidence.
Making the Case to Decision-Makers
If you need to justify action internally or to a board, three points grounded in this week’s data:
Patching is cheaper than breach response. The FortiClient EMS vulnerability has a patch. Applying it takes time and causes brief disruption. Not applying it risks credential theft across every managed endpoint. The ICO’s average fine for a notifiable breach affecting customer data is not a rounding error for a small business.
The speed of modern attacks makes recovery planning non-negotiable. An AI-driven attack chain documented this week completed full data exfiltration in under two minutes. You cannot detect and respond to something that fast. You can only recover from it. Recovery requires tested, isolated backups. That is a budget conversation with a concrete risk basis.
Your website is part of your security perimeter. The WordPress privilege escalation vulnerability required no authentication. If your website runs on WordPress, it is an asset with a potential attack surface. Treating website security as a separate category from business security is a mistake that attackers do not respect.
What to Do Before Friday
-
Patch FortiClient EMS now. If you manage it yourself, apply the fix for CVE-2026-35616. If your MSP manages it, send them this article and ask for written confirmation that the patch has been applied. Do not accept verbal assurance.
-
Update WordPress plugins, specifically ACFE. Log into your WordPress admin panel. Go to Plugins, then Updates. Apply all available updates. If you are running Advanced Custom Fields: Extended at version 0.9.2.5 or below, this is urgent, not optional.
-
Test your backups this week. Not just that they are running. Restore something. A single folder, a database, a file. Confirm the process works and that the restored data is current. If you cannot restore from your backup in under an hour, your backup strategy is not a recovery strategy.
-
Audit your credential exposure. The FortiClient campaign delivers a credential stealer. If staff on affected systems reuse passwords across services, those credentials may already be compromised. Enforce a password manager. Rotate credentials for any accounts accessible from affected devices.
-
Ask your MSP what they know about this week’s threats. A competent MSP should already be aware of the FortiClient EMS exploitation campaign and should have acted. If they are not aware of it, or if they cannot tell you the patch status of your systems, that is information worth having.