CISA Advisories

FortiClient Actively Exploited 💥 + Your AI Chats May Be Getting Stolen 🤖

Two major threats hit the security world today — one targeting enterprise networks through a popular VPN tool, and another that could be silently stealing your conversations with ChatGPT, Claude, or Gemini right now.

🔴 Hackers Are Actively Exploiting a Critical FortiClient Flaw

If your organization uses Fortinet's FortiClient Enterprise Management Server (EMS) — the tool many companies rely on to manage remote VPN access — attackers are actively exploiting a serious vulnerability in it right now. The flaw, tracked as CVE-2026-35616, lets attackers slip in without needing a password and hijack your VPN configuration so that malicious software runs automatically the moment an employee connects to the network. That malware then steals saved passwords, credit card numbers, and browser cookies from Chrome and Firefox, and ships them off to attacker-controlled servers.

The targeted versions are FortiClient EMS 7.4.5 and 7.4.6. If your IT team hasn't applied Fortinet's April hotfixes yet, that needs to happen today. This isn't a theoretical risk — attacks are happening in the wild.

Read more

🤖 A Fake Browser Extension Can Steal Everything You Type Into AI Chatbots

Researchers have demonstrated a proof-of-concept Chrome extension called LLMReaper that silently reads and exfiltrates your full conversations with ChatGPT, Claude, and Google Gemini in real time — without needing any unusual permissions. The extension looks like any other browser add-on, but it quietly watches the page and captures everything you type and receive, including any API keys, passwords, or sensitive data you may have pasted into an AI chat. It then sends all of that to a remote server.

This isn't just theoretical — it illustrates a real risk that any browser extension with standard web access could be doing the same thing without your knowledge. The takeaway: treat AI chat sessions like you would an unencrypted email. Don't paste in passwords, secret keys, or sensitive company data. Audit your browser extensions and remove any you don't actively use and trust.

Read more

Stay ahead of threats like these with GOCO Security at gocosecurity.com.

Comments

Popular Posts