A critical vulnerability in FortiClient Enterprise Management Server (EMS) was exploited by attackers as a 0-day, prompting Fortinet to release an emergency patch over the weekend. The flaw, which was confirmed to be under attack since at least March 31, has been added to the Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities (KEV) catalog1. This move indicates that the bug is being actively exploited in the wild, highlighting the need for immediate attention from organizations using the affected software. The fact that attackers were able to exploit this vulnerability before a patch was available underscores the importance of prompt patching and vulnerability management. As a result, the window for patching is rapidly diminishing, making it essential for practitioners to assess their exposure and apply the emergency patch as soon as possible. This exploit highlights the ongoing risk of zero-day attacks targeting critical infrastructure, so patching quickly is crucial to prevent potential breaches.