Ivanti disclosed two critical vulnerabilities affecting its Endpoint Manager Mobile, which have already compromised several major organizations, including the Netherlands’ government and the European Commission. Researchers warn that attacks are spreading, with nearly 1,300 instances still exposed online. The vulnerabilities allow attackers to execute code remotely, raising concerns over ongoing exploitation.

The European Commission is probing a cyberattack that compromised staff personal data, including names and phone numbers. While no mobile devices were hacked, the breach is linked to vulnerabilities in Ivanti Endpoint Manager Mobile software, similar to attacks on other European institutions.

CISA has released an analysis detailing malware used in attacks exploiting vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), specifically an authentication bypass and a code injection issue. The vulnerabilities, already being exploited by a China-nexus espionage group, allow for arbitrary code execution and data exfiltration. CISA recommends immediate patching of affected systems and treating mobile device management solutions as high-value assets.

A critical security vulnerability (CVE-2025-22457) in Ivanti Connect Secure VPN appliances is being actively exploited by a suspected China-nexus threat actor, UNC5221, leading to remote code execution and the deployment of various malware families. Organizations are urged to upgrade their systems immediately to mitigate potential risks associated with this vulnerability.