Critical

Sunken Ships: Will Orgs Learn From Ivanti EPMM Attacks?

darkreading
Actively Exploited

Overview

In April and May 2023, a Chinese advanced persistent threat (APT) group exploited a zero-day vulnerability in Ivanti's Endpoint Mobile Management (EPMM) platform, impacting thousands of organizations. This attack allowed unauthorized access and control over mobile devices managed through Ivanti's software, raising serious concerns about the security of sensitive data within those systems. The incident serves as a stark reminder of the vulnerabilities that can exist in widely used management tools. Security experts warn that similar attacks could occur again if organizations do not take proactive measures to secure their systems. Companies using Ivanti EPMM should assess their security posture and implement necessary updates to prevent future breaches.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Ivanti Endpoint Mobile Management (EPMM) platform, affecting thousands of organizations.
  • Action Required: Organizations should immediately update their Ivanti EPMM software to the latest versions and apply any security patches released by Ivanti.
  • Timeline: Ongoing since April/May 2023

Original Article Summary

The April/May zero-day exploitations of Ivanti's mobile device management platform meant unprecedented pwning of thousands of orgs by a Chinese APT — and history will probably repeat itself.

Impact

Ivanti Endpoint Mobile Management (EPMM) platform, affecting thousands of organizations.

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since April/May 2023

Remediation

Organizations should immediately update their Ivanti EPMM software to the latest versions and apply any security patches released by Ivanti. Additionally, companies should review their security configurations and implement stricter access controls to mitigate the risk of similar attacks in the future.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Zero-day, Vulnerability, APT.

Related Coverage

Dutch police bust investment fraud ring stealing over €100 million

BleepingComputer

Dutch police have arrested several individuals connected to an international investment fraud scheme that has reportedly defrauded over €100 million from tens of thousands of victims. The suspects are believed to have lured investors with promises of high returns, often targeting individuals through online platforms. This crackdown is part of a larger effort to combat financial fraud, which has been on the rise, particularly with the increase in online investment opportunities. The police are now investigating the full extent of the operation and are urging anyone who thinks they might have been a victim to come forward. The implications of this fraud ring are significant, as it not only affects individual investors but also undermines trust in legitimate investment practices.

Jul 15, 2026

Forgotten Bootloaders Expose Secure Boot Blind Spot

darkreading

Researchers have discovered that nearly a dozen UEFI shim bootloaders, which were deemed vulnerable and subsequently revoked, remained trusted for years. This oversight allowed attackers an opportunity to bypass the Secure Boot feature designed to protect systems from unauthorized software. The situation raises significant security concerns, particularly for users and organizations relying on Secure Boot to safeguard their devices. The affected bootloaders could have been exploited to run malicious code, potentially compromising the integrity of the systems. As this issue has persisted for some time, it highlights the need for better management of trusted software components in the boot process.

Jul 15, 2026

Europe built the world's strongest privacy law. WhatsApp just found the gap it doesn't cover.

SCM feed for Latest

A recent discussion around WhatsApp's use of usernames has raised concerns about privacy and identity verification. While usernames can enhance user privacy by allowing individuals to avoid sharing phone numbers, they also create a loophole that could be exploited for fraud. This change in how users identify themselves on the platform could make it easier for scammers to impersonate others, leading to increased risks for users. As WhatsApp continues to navigate these privacy features, the balance between protecting user identity and ensuring security is becoming more complicated. This situation is particularly relevant given the strong privacy laws in Europe that WhatsApp must comply with.

Jul 15, 2026

CISA warns that three SharePoint Server bugs are actively exploited

SCM feed for Latest

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about three vulnerabilities in SharePoint Server that are currently being exploited by attackers. Federal agencies have until July 17 to apply patches to mitigate the risks associated with these flaws. The vulnerabilities could allow unauthorized access and manipulation of sensitive data, posing a significant threat to organizations using these systems. It's crucial for users of SharePoint Server to take immediate action to protect their environments from potential breaches. Ignoring these vulnerabilities could lead to serious security incidents and data loss.

Jul 15, 2026

SonicWall customers under threat as attackers exploit 2 zero-days

CyberScoop

SonicWall customers are currently facing significant risks as attackers exploit two critical zero-day vulnerabilities. Researchers revealed that these flaws were actively targeted by hackers three weeks prior to SonicWall's disclosure and patching efforts. This means that many users may still be vulnerable to attacks if they haven't updated their systems. The exploitation of these vulnerabilities could lead to unauthorized access to sensitive information and compromise network security. It's crucial for organizations using SonicWall products to take immediate action to secure their systems against these threats.

Jul 15, 2026

TuxBot v3 Evolution Shows Signs of LLM-Assisted IoT Botnet Development

The Hacker News

Cybersecurity researchers have identified a new Internet-of-Things (IoT) botnet framework called TuxBot v3 Evolution. This botnet appears to have been developed with some assistance from a large language model (LLM), although the results have not been entirely successful. Notably, when the developers prompted the AI to generate botnet code, it included a safety disclaimer that the developers did not remove. This incident raises concerns about the potential misuse of AI in creating malicious software. As IoT devices become more prevalent, any vulnerabilities or botnets that target them could impact a wide range of users and systems, making it crucial for manufacturers and users to enhance their security measures.

Jul 15, 2026