Tag: ivanti
-
Storm-2561 Uses Fake Fortinet, Ivanti VPN Sites to Drop Hyrax Infostealer
In mid-January 2026, Microsoft Defender Experts identified a devious way that cybercriminals are tricking people into giving away… First seen on hackread.com Jump to article: hackread.com/storm-2561-fake-fortinet-ivanti-vpn-sites-hyrax-infostealer/
-
Storm-2561 lures victims to spoofed VPN sites to harvest corporate logins
Attackers linked to Storm-2561 use SEO-poisoned search results to lure users to fake Ivanti, Cisco, and Fortinet VPN sites that steal corporate login credentials. In mid-January 2026, Microsoft Defender Experts uncovered a credential-theft campaign attributed to Storm-2561. Threat actor is spreading fake enterprise VPN clients impersonating Ivanti, Cisco, and Fortinet software. By poisoning search engine…
-
Fake enterprise VPN sites used to steal company credentials
A threat actor tracked as Storm-2561 is distributing fake enterprise VPN clients from Ivanti, Cisco, and Fortinet to steal VPN credentials from unsuspecting users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-enterprise-vpn-downloads-used-to-steal-company-credentials/
-
Fake enterprise VPN sites used to steal company credentials
A threat actor tracked as Storm-2561 is distributing fake enterprise VPN clients from Ivanti, Cisco, and Fortinet to steal VPN credentials from unsuspecting users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-enterprise-vpn-downloads-used-to-steal-company-credentials/
-
Fake enterprise VPN downloads used to steal company credentials
A threat actor tracked as Storm-2561 is distributing fake enterprise VPN clients from Ivanti, Cisco, and Fortinet to steal VPN credentials from unsuspecting users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-enterprise-vpn-downloads-used-to-steal-company-credentials/
-
CISA Warns SolarWinds and Ivanti Vulnerabilities Are Actively Exploited
Organizations often prioritize patching vulnerabilities based on severity scores, assuming that lower-rated issues pose limited risk. In practice, attackers frequently exploit vulnerabilities that remain unpatched in real environments, regardless of their official severity rating. New reporting from The Hacker News highlights that the Cybersecurity and Infrastructure Security Agency (CISA) has added multiple vulnerabilities affecting products…
-
CISA shortens patch deadline for critical Ivanti, SolarWinds bugs
The Cybersecurity and Infrastructure Security Agency (CISA) gave all federal civilian agencies until Thursday to patch CVE-2025-26399, a critical vulnerability impacting the popular SolarWinds Web Help Desk. First seen on therecord.media Jump to article: therecord.media/cisa-shortens-patch-deadline-ivanti-solarwinds
-
CISA Alerts on Ivanti Endpoint Manager Vulnerability Auth Bypass Exploited in the Wild
Tags: access, authentication, cisa, credentials, cve, cyber, cybersecurity, data, endpoint, exploit, infrastructure, ivanti, kev, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a newly disclosed security vulnerability affecting Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) Catalog, warning that the issue is being actively exploited in the wild. The vulnerability, tracked as CVE-2026-1603, allows attackers to bypass authentication protections and potentially access sensitive credential data…
-
Recently patched Ivanti EPM flaw now actively exploited
CISA flagged a high-severity Ivanti Endpoint Manager (EPM) vulnerability as actively exploited in attacks and ordered U.S. federal agencies to patch systems within three weeks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-recently-patched-ivanti-epm-flaw-now-actively-exploited/
-
U.S. CISA adds Ivanti EPM, SolarWinds, and Omnissa Workspace One flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds EPM, SolarWinds, and Omnissa Workspace One flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Rockwell, and Hikvision flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The first vulnerability added to the catalog is…
-
CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The vulnerability list is as follows -CVE-2021-22054 (CVSS score: 7.5) – A server-side request forgery (SSRF) vulnerability in Omnissa Workspace One UEM (formerly VMware Workspace One UEM) that First…
-
Zero-day exploits hit enterprises faster and harder
Tags: access, apple, attack, backdoor, business, china, cisco, cve, data, detection, endpoint, espionage, exploit, firewall, flaw, fortinet, google, group, hacker, infrastructure, ivanti, least-privilege, mobile, network, oracle, radius, ransomware, risk, router, russia, service, software, technology, threat, update, vpn, vulnerability, zero-dayEnterprise environments under siege: Chinese threat actors continued to display a preference for targets that are difficult to monitor and allow persistent access to strategic networks. Notable examples include the groups that GTIG tracks as UNC5221, which exploited a flaw in Ivanti Connect Secure (CVE-2025-0282) and UNC3886, which exploited a vulnerability in Juniper routers (CVE-2025-21590).Another…
-
CISA Alerts on RESURGE Malware Exploiting Ivanti Connect Secure Zero-Days
The Cybersecurity and Infrastructure Security Agency (CISA) has released a Malware Analysis Report (MAR) detailing a new malware family dubbed RESURGE, which is actively exploiting a zero-day vulnerability in Ivanti Connect Secure devices. According to CISA, RESURGE builds upon the functionality of the earlier SPAWNCHIMERA malware strain, introducing new commands designed to enhance persistence and…
-
‘Resurge’ malware can remain undetected on devices
CISA previously issued an alert about attacks that exploited a vulnerability in Ivanti Connect Secure. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-resurge-malware-undetected-Ivanti/813373/
-
CISA warns that RESURGE malware can be dormant on Ivanti devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282 to breach Ivanti Connect Secure devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-that-resurge-malware-can-be-dormant-on-ivanti-devices/
-
VPN flaws allowed Chinese hackers to compromise dozens of Ivanti customers, says report
Chinese hackers allegedly broke into the network of an Ivanti subsidiary in 2021. The hackers exploited a backdoor in its VPN product, which allowed the hackers to gain access to 119 other unnamed organizations. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/23/vpn-flaws-allowed-chinese-hackers-to-compromise-dozens-of-ivanti-customers-says-report/
-
Attackers exploit Ivanti EPMM zero-days to seize control of MDM servers
Patch, but verify first: Unit 42 directed organizations to Ivanti’s security advisory for remediation guidance, which recommends applying version-specific RPM patches for EPMM 12.x branches that require no appliance downtime. Ivanti cautioned, however, that the patch does not survive a version upgrade and must be reinstalled if the software is updated. “The permanent fix for…
-
Ivanti EPMM Vulnerabilities Actively Exploited in the Wild
Ivanti EPMM flaws are being exploited to enable unauthenticated remote code execution on exposed MDM systems. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/ivanti-epmm-vulnerabilities-actively-exploited-in-the-wild/
-
Critical Ivanti EPMM Zero-Day Vulnerabilities Exploited in the Wild, Targeting Corporate Networks
Tags: control, corporate, cve, cyber, data-breach, endpoint, exploit, ivanti, mobile, network, remote-code-execution, vulnerability, zero-dayTwo critical zero-day vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, are being actively exploited to compromise enterprise mobile fleets and corporate networks. Both are remote code execution (RCE) vulnerabilities that allow unauthenticated attackers to run arbitrary commands on exposed EPMM servers, effectively giving them full control of the mobile device…
-
Ivanti-Schwachstellen unter Verdacht – EU-Kommission bestätigt schweren Cyberangriff
First seen on security-insider.de Jump to article: www.security-insider.de/eu-kommission-cyberangriff-mobile-infrastruktur-a-7fb908e67c59c438e067a4fe9fc128c5/
-
One threat actor responsible for 83% of recent Ivanti RCE attacks
Tags: attack, cve, endpoint, exploit, intelligence, ivanti, mobile, rce, remote-code-execution, threat, vulnerabilityThreat intelligence observations show that a single threat actor is responsible for most of the active exploitation of two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-21962 and CVE-2026-24061. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/one-threat-actor-responsible-for-83-percent-of-recent-ivanti-rce-attacks/
-
CVE-2026-1281 CVE-2026-1340: Actively Exploited Pre-Authentication RCE in Ivanti EPMM
Learn how CVE-2026-1281 and CVE-2026-1340 enable pre-auth RCE in Ivanti EPMM, now actively exploited, and how AppTrana helps block attacks across applications. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/cve-2026-1281-cve-2026-1340-actively-exploited-pre-authentication-rce-in-ivanti-epmm/
-
Ivanti EPMM Zero-Day Bugs Spark Exploit Frenzy, Again
It’s time to phase out the patch and pray approach, eliminate needless public interfaces, and enforce authentication controls, one expert says. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/ivanti-epmm-zero-day-bugs-exploit
-
Ivanti EPMM Zero-Day Bugs Spark Exploit Frenzy, Again
It’s time to phase out the patch and pray approach, eliminate needless public interfaces, and enforce authentication controls, one expert says. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/ivanti-epmm-zero-day-bugs-exploit
-
Ivanti EPMM Zero-Day Bugs Spark Exploit Frenzy, Again
It’s time to phase out the patch and pray approach, eliminate needless public interfaces, and enforce authentication controls, one expert says. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/ivanti-epmm-zero-day-bugs-exploit
-
83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure
A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile (EPMM) can be traced back to a single IP address on bulletproof hosting infrastructure offered by PROSPERO.Threat intelligence firm GreyNoise said it recorded 417 exploitation sessions from 8 unique source IP addresses between February 1 and 9,…
-
Multiple Endpoint Manager bugs patched by Ivanti, including remote auth bypass
Ivanti patched over a dozen Endpoint Manager flaws, including a high-severity auth bypass that let attackers steal credentials remotely. Ivanti released patches for more than a dozen vulnerabilities in Endpoint Manager, including flaws disclosed in October 2025. The update addresses a high-severity authentication bypass, tracked as CVE-2026-1603 (CVSS score of 8.6), that attackers could exploit…
-
Majority of Ivanti EPMM threat activity linked to hidden IP
A report by GreyNoise warns the IP address is operating behind bulletproof hosting infrastructure and might not show up in current IoCs.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/majority-ivanti-epmm-hidden-ip/811960/
-
Ivanti EPMM exploitation widespread as governments, others targeted
Researchers warn the activity shows evidence of initial access brokers preparing for future attacks. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ivanti-epmm-exploitation-widespread-as-governments-others-targeted/811827/
-
Cyberangriff auf EU-Kommission
Tags: advisory, authentication, bug, cve, cvss, cyberattack, endpoint, exploit, germany, ivanti, mail, mobile, usa, vulnerabilityCyberkriminellen ist es gelungen, in ein System der EU-Kommission einzudringen.Die Europäische Kommission wurde Ziel einer Cyberattacke. Wie aus einer kürzlich veröffentlichten Mitteilung hervorgeht, erfolgte der Angriff Ende Januar und zielte auf ein System zur Verwaltung mobiler Endgeräte ab (Mobile Device Management MDM) .Demnach sind die Täter möglicherweise an Namen und Rufnummern einiger Mitarbeiter gekommen. Es…