Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

Ivanti’s EPMM Is Under Active Attack, Thanks to Two Critical Zero-Days

Two zero-day vulnerabilities with a 9.8 severity score are exploited globally, prompting urgent federal mitigation and ongoing attacks on about 1,400 Ivanti EPMM instances.

Summary by CyberScoop
Attackers are again focusing on a familiar target in the network edge space, actively exploiting two critical zero-day vulnerabilities in Ivanti software that allows administrators to set mobile device and application controls.  The vulnerabilities — CVE-2026-1281 and CVE-2026-1340 — each carry a CVSS rating of 9.8 and allow unauthenticated users to execute code remotely in Ivanti Endpoint Manager Mobile (EPMM). Ivanti did not say when the earli…

6 Articles

CyberScoopCyberScoop
Center

Ivanti’s EPMM is under active attack, thanks to two critical zero-days

Attackers are again focusing on a familiar target in the network edge space, actively exploiting two critical zero-day vulnerabilities in Ivanti software that allows administrators to set mobile device and application controls.  The vulnerabilities — CVE-2026-1281 and CVE-2026-1340 — each carry a CVSS rating of 9.8 and allow unauthenticated users to execute code remotely in Ivanti Endpoint Manager Mobile (EPMM). Ivanti did not say when the earli…

Read Full Article
Cybersecurity DiveCybersecurity Dive
Center

Critical flaws in Ivanti EPMM lead to fast-moving exploitation attempts

Security researchers warn that the initial threat activity was highly targeted, as a limited number of users were impacted prior to disclosure.

Read Full Article
cybernoz.comcybernoz.com

Critical flaws in Ivanti EPMM lead to fast-moving exploitation attempts - Cybernoz - Cybersecurity News

Security teams are scrambling Tuesday as two critical vulnerabilities in Ivanti Endpoint Manager Mobile are facing exploitation attempts.  Ivanti issued advisories Thursday for the code injection flaws, which impact the on-premises version of Ivanti EPMM. The vulnerabilities, tracked as CVE-2026-1281 and CVE-2026-1340, allow an attacker to achieve remote code execution if successfully exploited. The flaws have a severity score of 9.8. Ivanti sai…

Read Full Article
Clubic.comClubic.com

Ivanti Alerts on Two Critical Flaws in Epmm, the Anssi Calls for Urgent Correction

Two critical vulnerabilities affect Ivanti Endpoint Manager Mobile and allow remote code execution without authentication. Operated in targeted attacks, now accompanied by proof of public concept, they impose a quick fix.

Read Full Article
netzwoche.chnetzwoche.ch

Ivanti Patches Critical Vulnerabilities

Ivanti closes two critical vulnerabilities in the Endpoint Manager Mobile. Other products of the software provider should not be affected by the vulnerabilities with CVE score 9.8.

Read Full Article
HackReadHackRead

Ivanti Issues Urgent Fix for Critical Zero-Day Flaws Under Active Attack

Ivanti has disclosed two critical remote code execution (RCE) flaws (CVE-2026-1281 & CVE-2026-1340) in its EPMM software.

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

HackRead broke the news in on Monday, February 2, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Software icon

Software

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal