#ivanti-epmm

[ follow ]
#remote-code-execution #cve-2025-4427 #cve-2025-4428 #zero-day #security-patch #cve-2026-1281 #cve-2026-1340
fromSecurityWeek
4 hours ago

Ivanti Patches Exploited EPMM Zero-Days

Ivanti on Thursday announced emergency patches for two critical-severity vulnerabilities in Endpoint Manager Mobile (EPMM) that have been exploited in the wild as zero-days. Tracked as CVE-2026-1281 and CVE-2026-1340 (CVSS score of 9.8), the bugs are described as code injection issues that could be exploited by unauthenticated attackers to achieve remote code execution (RCE). The flaws impact the in-house application distribution and the Android file transfer configuration features of EPMM.
Information security
Information security
fromThe Hacker News
7 hours ago

Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released

Two critical code-injection vulnerabilities (CVE-2026-1281 and CVE-2026-1340) enable unauthenticated remote code execution in Ivanti EPMM, exploited in zero-day attacks.
Information security
fromTheregister
4 months ago

CISA: Attacker exploited Ivanti bugs, dropped snoopy malware

Two zero-day Ivanti EPMM vulnerabilities (CVE-2025-4427, CVE-2025-4428) were chained to deploy malware and enable arbitrary code execution on compromised servers.
#cve-2025-4427
more#cve-2025-4427
Information security
fromThe Hacker News
8 months ago

Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks

Ivanti Endpoint Manager Mobile vulnerabilities exploited by a China-based group pose significant risks across multiple sectors worldwide.
[ Load more ]