VulnHub

Real-time Cybersecurity News

One threat actor responsible for 83% of recent Ivanti RCE attacks

BleepingComputer
Actively Exploited
CVERCECritical

Overview

Recent threat intelligence reports indicate that a single threat actor is behind the majority of attacks exploiting two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), identified as CVE-2026-21962 and CVE-2026-24061. These vulnerabilities allow for remote code execution, posing significant risks to organizations using this mobile management solution. The findings suggest that companies using Ivanti's software need to be vigilant, as the attacks are actively occurring. The focus on a single actor highlights the need for targeted defenses against this specific threat. Organizations are encouraged to monitor for unusual activity and apply any available patches to mitigate potential exploitation.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Ivanti Endpoint Manager Mobile (EPMM), versions affected not specified.
  • Action Required: Organizations should apply the latest security patches from Ivanti for the affected vulnerabilities and monitor their systems for any signs of exploitation.
  • Timeline: Newly disclosed

Original Article Summary

Threat intelligence observations show that a single threat actor is responsible for most of the active exploitation of two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-21962 and CVE-2026-24061. [...]

Impact

Ivanti Endpoint Manager Mobile (EPMM), versions affected not specified.

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Organizations should apply the latest security patches from Ivanti for the affected vulnerabilities and monitor their systems for any signs of exploitation. Regular updates and security assessments are recommended.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to CVE, RCE, Critical.

Read Original Article

Related Coverage

European Commission breach exposed data of 30 EU entities, CERT-EU says

Security Affairs

A breach involving the European Commission's cloud infrastructure has resulted in the exposure of sensitive data from at least 30 EU entities. The incident was linked to the TeamPCP hacking group, which is known for targeting various organizations. CERT-EU, the Computer Emergency Response Team for the EU, confirmed this breach and made the information public on March 27. This incident raises significant concerns about the security of sensitive government data and the potential for further exploitation of the exposed information. Organizations within the EU must assess their security measures to prevent similar breaches in the future.

Apr 4, 2026

Inconsistent Privacy Labels Don't Tell Users What They Are Getting

darkreading

The article discusses the shortcomings of data privacy labels for mobile apps, emphasizing that while the concept is beneficial, the current implementations fail to provide clear and useful information to users. Researchers found that inconsistencies in how these labels are presented can lead to confusion about what data is collected and how it is used. This lack of clarity can affect user trust and decision-making regarding app downloads. The article calls for improvements in the labeling process to ensure users are better informed about their privacy. Ultimately, enhancing these labels is crucial for protecting user data and fostering a safer digital environment.

Apr 3, 2026

Stryker back online after cyberattack

SCM feed for Latest

Stryker, a prominent medical device manufacturer in the U.S., has announced that it has fully resumed operations after a cyberattack attributed to the Iran-linked hacktivist group Handala. The attack, which occurred three weeks ago, resulted in the wiping of several of Stryker's systems, disrupting its operations. This incident raises concerns about the security of critical healthcare infrastructure, as such attacks can impact patient care and safety. Stryker's swift recovery is a positive sign, but it highlights the ongoing risks that companies in the healthcare sector face from cyber threats. As the industry becomes more reliant on digital systems, securing these networks is increasingly crucial.

Apr 3, 2026

Accelerated Akira ransomware intrusions examined

SCM feed for Latest

Recent findings show that the Akira ransomware group has become more efficient in executing attacks, significantly shortening the time it takes to compromise systems. This development poses a serious risk to organizations, as attackers are now able to exploit vulnerabilities and deploy ransomware more quickly than before. The report from CyberScoop indicates that businesses need to be increasingly vigilant, as traditional defenses may no longer be sufficient against this evolving threat. Companies are urged to review their cybersecurity measures and ensure they are up to date with the latest defenses to mitigate potential attacks. The growing speed of these intrusions could lead to increased financial and operational damage for those caught off guard.

Apr 3, 2026

Threat actors impersonate CERT-UA, distribute AGEWHEEZE malware

SCM feed for Latest

A recent campaign has seen threat actors impersonating CERT-UA, the Ukrainian Computer Emergency Response Team, to distribute AGEWHEEZE malware. This operation has targeted around 1 million users across various sectors, including government, healthcare, education, and finance. By masquerading as a trusted entity, the attackers aim to deceive users into downloading the malicious software, which can lead to data theft and other security issues. The scale of the attack is concerning, as it affects critical sectors that handle sensitive information. Users in these fields should be particularly vigilant about the sources of software downloads and ensure they are only using verified channels.

Apr 3, 2026

Residential proxies undermine IP reputation systems, researchers warn

SCM feed for Latest

A recent study by GreyNoise has revealed that a significant portion of malicious online activity, about 39%, comes from home networks, likely linked to residential proxy services. These proxies allow users to mask their true IP addresses, making it harder for security systems to identify and block malicious traffic. This trend poses a challenge for companies trying to maintain accurate IP reputation systems, as the line between legitimate and malicious traffic blurs. As residential proxies become more common, organizations may find it increasingly difficult to protect themselves from various cyber threats. This situation raises concerns for businesses relying on IP reputation to manage online security.

Apr 3, 2026