Ivanti warns of two EPMM flaws exploited in zero-day attacks

Ivanti has disclosed two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, that were exploited in zero-day attacks.
Yahoo Finance

Ivanti Debuts New Ivanti Connect Secure Version 25.X with Modern OS and SELinux Advances that Set New Standard for VPN Security

The rearchitecture of Ivanti Connect Secure will help customers elevate security posture, enhance control and performance, and modernize network security infrastructure. SALT LAKE CITY, Sept. 30, 2025 ...
CSOonline

Ivanti EPM vulnerabilities actively exploited in the wild, CISA warns

Three of the four critical path traversal flaws fixed in January in Ivanti Endpoint Manager are being exploited in cyberattacks after proof-of-concept exploit code was released last month. The US ...
CSOonline

Ivanti warns critical RCE flaw in Connect Secure exploited as zero-day

The software maker announced that a stack-based buffer overflow flaw in its SSL VPN appliance has been exploited in the wild. Ivanti Policy Secure and Ivanti Neurons for ZTA gateways are also impacted ...
Business Wire

New Ivanti Research: 93% of Security Professionals Say Prioritizing Digital Employee Experience Positively Impacts an Organization’s Cybersecurity Efforts

SALT LAKE CITY--(BUSINESS WIRE)--Ivanti, the tech company that breaks down barriers between IT and security so that Everywhere Work can thrive, revealed the results of its third-annual 2024 Digital ...
Bleeping Computer

Ivanti warns of critical vTM auth bypass with public exploit

Today, Ivanti urged customers to patch a critical authentication bypass vulnerability impacting Virtual Traffic Manager (vTM) appliances that can let attackers create rogue administrator accounts.
Dark Reading

Ivanti Keeps Security Teams Scrambling With 2 More Vulns

Ivanti, whose products have been a big target for attackers recently, has disclosed two more critical vulnerabilities in its technologies — raising more questions about the security of its products in ...
SiliconANGLE

Report: Hackers used Ivanti vulnerabilities to breach two CISA systems

Hackers have gained access to two applications operated by the U.S. Cybersecurity and Infrastructure Security Agency, The Record reported today. A CISA spokesperson confirmed the breach in a statement ...
techtimes

Ivanti Firmware Appears to Be Vulnerable to Multiple Security Flaws: Here's the Alarming Part

Ivanti Connect Secure and Policy Secure endpoints have been left vulnerable to a series of security flaws, posing significant risks to organizations relying on these products for secure access and ...
CRN

US Agencies Must Disconnect Ivanti VPN Devices Amid ‘Substantial Threat’: CISA

The cybersecurity agency has ordered the VPN disconnection by a Saturday deadline, as attackers exploit multiple vulnerabilities in Ivanti Connect Secure devices. U.S. agencies must disconnect Ivanti ...
Ars Technica

Agencies using vulnerable Ivanti products have until Saturday to disconnect them

Federal civilian agencies have until midnight Saturday morning to sever all network connections to Ivanti VPN software, which is currently under mass exploitation by multiple threat groups. The US ...
TechCrunch

Ivanti patches two zero-days under attack, but finds another

Ivanti warned on Wednesday that hackers are exploiting another previously undisclosed zero-day vulnerability affecting its widely used corporate VPN appliance. Since early December, Chinese ...