Bleeping Computer

Ivanti warns of critical vTM auth bypass with public exploit

Today, Ivanti urged customers to patch a critical authentication bypass vulnerability impacting Virtual Traffic Manager (vTM) appliances that can let attackers create rogue administrator accounts.
TechCrunch

Hackers begin mass-exploiting Ivanti VPN zero-day flaws

Malicious hackers have begun mass-exploiting two critical zero-day vulnerabilities in Ivanti’s widely used corporate VPN appliance. That’s according to cybersecurity company Volexity, which first ...
Bleeping Computer

Ivanti warns of two EPMM flaws exploited in zero-day attacks

Ivanti has disclosed two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, that were exploited in zero-day attacks. The flaws are ...
CRN

Five Latest Updates On The 2025 Ivanti VPN Attacks

A domain registry provider is the first company to acknowledge a compromise related to the cyberattacks, which have exploited a critical vulnerability in Ivanti Connect Secure. Ivanti has released a ...
CRN

CISA: Attackers Are Bypassing Ivanti VPN Bug Mitigations

As Ivanti Connect Secure customers await delayed patches, threat actors have ‘developed workarounds to current mitigations,’ the U.S. cybersecurity agency says. Malicious actors have “recently” ...
Dark Reading

Sunken Ships: Will Orgs Learn From Ivanti EPMM Attacks?

The Ivanti Endpoint Manager Mobile (EPMM) zero-day attacks, which began last spring and lasted well into the summer as attackers took advantage of patching lag, were one of the top cyber-stories of ...