Recent threat intelligence reveals two Ivanti Endpoint Manager Mobile vulnerabilities, CVE-2026-21962 and CVE-2026-24061, are under active exploitation. A single threat actor or group accounts for 83% of related remote code execution attempts, raising concerns about persistent targeted attacks. These high-severity flaws enable attackers to control compromised devices and move laterally across networks, threatening wider infrastructure.
Immediate patching is crucial, as delays greatly increase the risk window. Security teams should monitor for repeated IPs and behavioural patterns to identify related activity. Ensuring EPMM deployments are up to date is vital, alongside log reviews and endpoint monitoring for signs of compromise. Post-remediation, sharing indicators of attack can help counter ongoing threats in the sector.
Threat Actor Linked to 83% of Recent Ivanti EPMM Remote Code Execution Attacks
