Hackers are actively exploiting the critical SQL injection vulnerability CVE-2023-48788 in Fortinet FortiClient EMS (patched) to deploy remote access tools like AnyDesk and ScreenConnect. The campaign involves dropping payloads such as Mimikatz and password recovery tools to achieve lateral movement, persistence, and data theft, targeting companies across multiple countries.