{"id":184157,"date":"2026-02-03T12:29:00","date_gmt":"2026-02-03T17:29:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/03\/critical-flaws-in-ivanti-epmm-lead-to-fast-moving-exploitation-attempts\/"},"modified":"2026-02-03T12:45:10","modified_gmt":"2026-02-03T17:45:10","slug":"critical-flaws-in-ivanti-epmm-lead-to-fast-moving-exploitation-attempts","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/02\/03\/critical-flaws-in-ivanti-epmm-lead-to-fast-moving-exploitation-attempts\/","title":{"rendered":"Critical flaws in Ivanti EPMM lead to fast-moving exploitation attempts"},"content":{"rendered":"<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/critical-flaws-ivanti-epmm-exploitation\/811228\/\">Critical flaws in Ivanti EPMM lead to fast-moving exploitation attempts<\/a><\/p>\n<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/critical-flaws-ivanti-epmm-exploitation\/811228\/\">https:\/\/www.cybersecuritydive.com\/news\/critical-flaws-ivanti-epmm-exploitation\/811228\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-03 12:29:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.cybersecuritydive.com\">www.cybersecuritydive.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>Security teams are scrambling Tuesday as two critical vulnerabilities in Ivanti Endpoint Manager Mobile are facing exploitation attempts.\u00a0<br \/>\nIvanti issued advisories Thursday for the code injection flaws, which impact the on-premises version of Ivanti EPMM. The vulnerabilities, tracked as CVE-2026-1281 and CVE-2026-1340, allow an attacker to achieve remote code execution if successfully exploited. The flaws have a severity score of 9.8.<br \/>\nIvanti said it was aware of a \u201cvery limited number of customers\u201d that had already faced exploitation activity at the time of disclosure, according to a blog post from the company.<\/p>\n<p>It is not immediately known how long the vulnerabilities were being targeted. Stephen Fewer, senior principal security researcher at Rapid7, said the available evidence points to targeted, deliberate attacks by the threat actor and not a random or opportunistic threat.\u00a0<br \/>\n\u201cThis is in line with a highly targeted attack, whereby the threat actor seeks to compromise one or more specific organizations,\u201d Fewer told Cybersecurity Dive. \u201cWe can note that, back in 2023, the Norwegian Security and Service Organization (DSS) was compromised by an unknown threat actor using a zero day against EPMM in a highly targeted attack.\u201d<br \/>\nThe Cybersecurity and Infrastructure Security Agency immediately added CVE-2026-1281 to its Known Exploited Vulnerabilities catalog. The agency set an unusually short deadline for federal agencies to mitigate the threat by this past Sunday, Feb. 1.\u00a0<br \/>\nIvanti EPMM is a widely used tool in the workplace, as it helps IT administrators to manage a range of mobile devices across various operating systems.\u00a0<br \/>\nOn Saturday, researchers from the Shadowserver Foundation reported a spike in exploitation attempts against CVE-2026-1281. It noted that threat activity was detected from 13 source IPs and that 1,600 instances were exposed worldwide.\u00a0<br \/>\nAs of Tuesday, exposure has dropped to 1,400, but threat activities were still ongoing, \u201cwhich include attempts to execute callbacks or set up reverse shells,\u201d Shadowserver CEO Piotr Kijewski told Cybersecurity Dive.<br \/>\nRyan Dewhurst, head of proactive threat intelligence at watchTowr, confirmed that the initial threat activity appears to have been highly targeted. Post-compromise activity includes deployment of backdoor web shells and broad probing for vulnerable systems.\u00a0<\/p>\n<p>The Health Information Sharing and Analysis Center has identified a small number of organizations with potential exposure and has sent them targeted information with mitigation guidance, according to chief security officer Errol Weiss.\u00a0<br \/>\n\u201cThis vulnerability is actively being exploited, and any organization using Ivanti EPMM should treat it as a high-priority patch and monitor it closely,\u201d Weiss told Cybersecurity Dive. \u201cEven when exposure is narrow, the systems involved are often critical to enterprise operations, so rapid remediation and heightened vigilance are essential.\u201d<br \/>\nIvanti urged users to install a temporary patch, but warned the fix will not survive a version upgrade and will then need to be reinstalled. A permanent fix is under development and will be made available in the next product release 12.8.0.0, Ivanti said in the advisory.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Critical flaws in Ivanti EPMM lead to fast-moving exploitation attempts https:\/\/www.cybersecuritydive.com\/news\/critical-flaws-ivanti-epmm-exploitation\/811228\/ Publish Date: 2026-02-03 12:29:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":184158,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/Z1ehhTDwxapYbqO5DQqCaMey0Q2oBbdNtlqPyeZtQo4\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9HZXR0eUltYWdlcy0xNDIwMDM5OTAwLmpwZw==.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,34,27],"class_list":["post-184157","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-threat-actor","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/184157"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=184157"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/184157\/revisions"}],"predecessor-version":[{"id":184159,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/184157\/revisions\/184159"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/184158"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=184157"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=184157"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=184157"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}