Ivanti EPMM Zero‑Day Campaign Traced to One Hardened IP

Security researchers have identified a focused attack campaign exploiting two critical Ivanti EPMM flaws—CVE‑2026‑1281 and CVE‑2026‑1340. The entire operation originates from a single, heavily fortified IP address that has been used to target high‑profile European public‑sector organizations. The attackers achieve unauthenticated remote code execution, bypassing normal access controls.

Defenders should prioritize immediate patching of the disclosed vulnerabilities and enforce strict network segmentation for Ivanti EPMM endpoints. Blocking the identified IP, deploying IDS/IPS signatures, and monitoring for anomalous EPMM traffic will help contain this threat and prevent further compromise of sensitive government systems.

Categories: Vulnerabilities & Exploits, AI Security & Threats, Threat Intelligence

Source: Read original article