Critical

Sunken Ships: Will Orgs Learn From Ivanti EPMM Attacks?

darkreading
Actively Exploited

Overview

In April and May 2023, a Chinese advanced persistent threat (APT) group exploited a zero-day vulnerability in Ivanti's Endpoint Mobile Management (EPMM) platform, impacting thousands of organizations. This attack allowed unauthorized access and control over mobile devices managed through Ivanti's software, raising serious concerns about the security of sensitive data within those systems. The incident serves as a stark reminder of the vulnerabilities that can exist in widely used management tools. Security experts warn that similar attacks could occur again if organizations do not take proactive measures to secure their systems. Companies using Ivanti EPMM should assess their security posture and implement necessary updates to prevent future breaches.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Ivanti Endpoint Mobile Management (EPMM) platform, affecting thousands of organizations.
  • Action Required: Organizations should immediately update their Ivanti EPMM software to the latest versions and apply any security patches released by Ivanti.
  • Timeline: Ongoing since April/May 2023

Original Article Summary

The April/May zero-day exploitations of Ivanti's mobile device management platform meant unprecedented pwning of thousands of orgs by a Chinese APT — and history will probably repeat itself.

Impact

Ivanti Endpoint Mobile Management (EPMM) platform, affecting thousands of organizations.

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since April/May 2023

Remediation

Organizations should immediately update their Ivanti EPMM software to the latest versions and apply any security patches released by Ivanti. Additionally, companies should review their security configurations and implement stricter access controls to mitigate the risk of similar attacks in the future.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Zero-day, Vulnerability, APT.

Related Coverage

What public money does to open-source projects

Help Net Security

Open-source software plays a crucial role in the infrastructure of many companies, with about 96 percent of codebases incorporating it. This reliance became evident with high-profile vulnerabilities like the log4j flaw in December 2021, which affected a wide range of applications, from social media platforms to gaming software. More recently, the xz utils backdoor discovered in 2024 has further emphasized the security risks associated with open-source projects. These incidents raise concerns about the stability and security of software that many organizations depend on but do not financially support. As open-source projects often rely on volunteer contributions, the need for dedicated funding and resources to maintain and secure these projects is becoming increasingly critical.

Jul 16, 2026

Ransom demands are down, email is the top way attackers get in

Help Net Security

A recent survey of 2,158 IT and security leaders reveals that email, particularly through phishing attacks, is the primary method for cyber attackers to gain access to networks. In many cases, employees unknowingly open malicious emails and provide their login credentials, allowing attackers to infiltrate deeper into the system. This chain of events often leads to ransomware incidents, where files become inaccessible. Notably, while ransom demands have decreased, the reliance on email as an attack vector remains significant, accounting for half of all reported incidents. This trend emphasizes the need for organizations to bolster their email security and educate employees about the risks of phishing.

Jul 16, 2026

Companies keep getting breached by vulnerabilities they already knew about

Help Net Security

A recent survey by Vicarius reveals a troubling trend in cybersecurity: many companies are getting breached by vulnerabilities they were already aware of. Despite advanced scanning tools that help identify weaknesses across systems, organizations struggle with the subsequent steps of fixing these vulnerabilities. The survey included responses from 300 IT and cybersecurity leaders in the U.S. and the U.K., highlighting a significant gap in the process of assigning, approving, deploying, and confirming fixes. This issue raises concerns about the effectiveness of current cybersecurity strategies and the potential risks to sensitive data. Organizations need to address these gaps to better protect themselves from breaches that could have been prevented.

Jul 16, 2026

GPT-Red beat human red teamers on a prompt injection test

Help Net Security

OpenAI's GPT-Red, an automated red-teaming model, has outperformed human red teamers in testing for prompt injection vulnerabilities. The model operates similarly to a human attacker, sending prompts to a GPT model and analyzing the responses to identify weaknesses. Through a process called self-play reinforcement learning, GPT-Red learns alongside various defensive models to improve its effectiveness in finding and exploiting vulnerabilities. This development raises concerns about the capabilities of AI in cybersecurity, as it can potentially identify and exploit weaknesses faster than human teams can respond. As AI continues to advance, organizations may need to enhance their defenses against such automated threats.

Jul 16, 2026

Finance phishing works because it sounds boringly normal

Help Net Security

Phishing attacks targeting finance departments are becoming increasingly sophisticated and effective. According to research from Cofense, attackers are crafting phishing emails that mimic legitimate business communications, making them harder to detect. These emails often bypass advanced email security tools, such as AI-based secure email gateways, because they lack the typical urgency cues that would raise alarms. This tactic poses a significant risk to organizations in the financial sector, as employees might unknowingly engage with these deceptive messages, potentially leading to data breaches or financial loss. Companies need to enhance employee training and awareness to combat these subtle phishing efforts.

Jul 16, 2026

Dutch police bust investment fraud ring stealing over €100 million

BleepingComputer

Dutch police have arrested several individuals connected to an international investment fraud scheme that has reportedly defrauded over €100 million from tens of thousands of victims. The suspects are believed to have lured investors with promises of high returns, often targeting individuals through online platforms. This crackdown is part of a larger effort to combat financial fraud, which has been on the rise, particularly with the increase in online investment opportunities. The police are now investigating the full extent of the operation and are urging anyone who thinks they might have been a victim to come forward. The implications of this fraud ring are significant, as it not only affects individual investors but also undermines trust in legitimate investment practices.

Jul 15, 2026