Bleeping Computer

Ivanti warns of two EPMM flaws exploited in zero-day attacks

Ivanti has disclosed two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, that were exploited in zero-day attacks. The flaws are ...
Dark Reading

Sunken Ships: Will Orgs Learn From Ivanti EPMM Attacks?

The Ivanti Endpoint Manager Mobile (EPMM) zero-day attacks, which began last spring and lasted well into the summer as attackers took advantage of patching lag, were one of the top cyber-stories of ...
Bleeping Computer

One threat actor responsible for 83% of recent Ivanti RCE attacks

Update: The article initially listed the wrong CVEs. This has now been corrected to list the CVEs: CVE-2026-1286 and CVE-2026-1340 Threat intelligence observations show that a single threat actor is ...
CSOonline

Ivanti patches two actively exploited critical vulnerabilities in EPMM

The code injection flaws allow for unauthenticated remote code execution on Ivanti Endpoint Manager Mobile deployments, but also endanger connected Ivanti Sentry mobile traffic gateways. IT software ...
TechCrunch

VPN flaws allowed Chinese hackers to compromise dozens of Ivanti customers, says report

In February 2021, software giant Ivanti discovered that Chinese hackers had breached the network of Pulse Secure, one of its subsidiaries that provided VPN appliances to dozens of companies and ...