Ivanti has disclosed two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, that were exploited in zero-day attacks. The flaws are ...

A domain registry provider is the first company to acknowledge a compromise related to the cyberattacks, which have exploited a critical vulnerability in Ivanti Connect Secure. Ivanti has released a ...

Mass exploitation began over the weekend for yet another critical vulnerability in widely used VPN software sold by Ivanti, as hackers already targeting two previous vulnerabilities diversified, ...

The Cybersecurity and Infrastructure Security Agency directed all federal agencies to disconnect themselves from a suite of Ivanti products by Friday, citing the discovery of two additional security ...

Hackers are exploiting yet another vulnerability in one of Ivanti’s widely used enterprise products, the U.S. government’s cybersecurity agency CISA warned in a fresh alert this week. The remote code ...

Unknown threat actors are actively targeting two critical zero-day vulnerabilities that allow them to bypass two-factor authentication and execute malicious code inside networks that use a widely used ...

Today, Ivanti urged customers to patch a critical authentication bypass vulnerability impacting Virtual Traffic Manager (vTM) appliances that can let attackers create rogue administrator accounts.

The code injection flaws allow for unauthenticated remote code execution on Ivanti Endpoint Manager Mobile deployments, but also endanger connected Ivanti Sentry mobile traffic gateways. IT software ...