2 min read
|
Saved February 14, 2026
|
Copied!
Do you care about this?
Ivanti disclosed two critical vulnerabilities affecting its Endpoint Manager Mobile, which have already compromised several major organizations, including the Netherlands’ government and the European Commission. Researchers warn that attacks are spreading, with nearly 1,300 instances still exposed online. The vulnerabilities allow attackers to execute code remotely, raising concerns over ongoing exploitation.
If you do, here's more
Ivanti is facing serious fallout from two recently disclosed zero-day vulnerabilities in its Endpoint Manager Mobile (EPMM) software, with nearly 100 victims reported so far. Major government agencies in the Netherlands, including the Dutch Data Protection Authority and the Council for the Judiciary, confirmed they were attacked. The European Commission also acknowledged a cyberattack on its mobile device management systems but did not disclose the vendor involved. As of Monday, Shadowserver identified 86 compromised instances linked to the vulnerabilities, CVE-2026-1281 and CVE-2026-1340, both rated 9.8 on the CVSS scale. These flaws allow unauthenticated users to execute code remotely.
Despite Ivanti claiming that only a "very limited number" of customers were exploited prior to its January 29 security advisory, the company has not updated the public on how many victims there are now. They did release indicators of compromise and a detection script to help customers identify potential impacts. Attackers from various backgrounds continue to exploit additional instances of EPMM, with Shadowserver collaborating with Saudi Arabia’s National Cybersecurity Authority to scan for signs of exploitation. The situation is dynamic, with researchers noting that nearly 1,300 instances of EPMM are still exposed online, but the exact number of vulnerable or compromised systems remains unclear.
Rapid7's honeypot detected significant malicious activity, logging hundreds of connection attempts from over 130 unique IP addresses in just 24 hours. More than half of these attempts were directly targeting the recent vulnerabilities. The payloads observed were designed for quick control, suggesting a growing urgency among attackers. Ivanti has not clarified when it first became aware of these vulnerabilities or when they were first exploited. This incident is part of a troubling trend, as the Cybersecurity and Infrastructure Security Agency has flagged 31 Ivanti defects since late 2021, with at least 19 of those exploited in the past two years.
Questions about this article
No questions yet.