Recent intelligence reveals two high-risk Ivanti Endpoint Manager Mobile vulnerabilities (CVE-2026-21962 and CVE-2026-24061) are being actively exploited. Notably, a single threat actor is reportedly responsible for 83% of recent remote code execution attempts, highlighting sustained and targeted attacks.
Both flaws allow attackers control of devices and potential lateral movement within networks, making swift remediation critical. Security teams should prioritise patching, closely monitor logs, and watch for recurring indicators of compromise, such as familiar IP addresses or behavioural patterns.
Ivanti’s central role in mobile device management means a breach threatens wider infrastructure. Immediate action is advised: update EPMM deployments, investigate for historic compromise, and share incident details with sector partners to bolster collective defence.
Threat Actor Linked to 83% of Recent Ivanti EPMM Remote Code Execution Attacks
