Ivanti\u2019s EPMM is under active attack, thanks to two critical zero-days | CyberScoop<\/title> <meta name=\"description\" content=\"Limited attacks occurred prior to Ivanti\u2019s disclosure, followed by mass exploitation by multiple threat groups. More than 1,400 potentially vulnerable instances remain exposed.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/ivanti-endpoint-manager-mobile-zero-day-vulnerabilities-exploit\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Ivanti\u2019s EPMM is under active attack, thanks to two critical zero-days\"> <meta property=\"og:description\" content=\"Limited attacks occurred prior to Ivanti\u2019s disclosure, followed by mass exploitation by multiple threat groups. More than 1,400 potentially vulnerable instances remain exposed.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/ivanti-endpoint-manager-mobile-zero-day-vulnerabilities-exploit\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-02-03T21:14:49+00:00\"> <meta property=\"article:modified_time\" content=\"2026-02-03T23:44:55+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/ivantis-epmm-is-under-active-attack-thanks-to-two-critical-zero-days-2.jpg\"> <meta property=\"og:image:width\" content=\"3000\"> <meta property=\"og:image:height\" content=\"2000\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1770142553g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1768841770g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1767808656g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/87661\"><meta name=\"generator\" content=\"WordPress 6.8.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=87661\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fivanti-endpoint-manager-mobile-zero-day-vulnerabilities-exploit%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fivanti-endpoint-manager-mobile-zero-day-vulnerabilities-exploit%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-87661 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/ivanti-endpoint-manager-mobile-zero-day-vulnerabilities-exploit\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.665178571429\">\n<div class=\"single-article__header-content\" readability=\"36.545045045045\">\n<p> Limited attacks occurred prior to Ivanti\u2019s disclosure, followed by mass exploitation by multiple threat groups. More than 1,400 potentially vulnerable instances remain exposed. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/87661\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/ivantis-epmm-is-under-active-attack-thanks-to-two-critical-zero-days.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/ivantis-epmm-is-under-active-attack-thanks-to-two-critical-zero-days-2.jpg 3000w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/ivantis-epmm-is-under-active-attack-thanks-to-two-critical-zero-days-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/ivantis-epmm-is-under-active-attack-thanks-to-two-critical-zero-days-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/ivantis-epmm-is-under-active-attack-thanks-to-two-critical-zero-days-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/ivantis-epmm-is-under-active-attack-thanks-to-two-critical-zero-days-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/ivantis-epmm-is-under-active-attack-thanks-to-two-critical-zero-days-2.jpg?resize=2048,1365 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/ivantis-epmm-is-under-active-attack-thanks-to-two-critical-zero-days-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/ivantis-epmm-is-under-active-attack-thanks-to-two-critical-zero-days-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/ivantis-epmm-is-under-active-attack-thanks-to-two-critical-zero-days-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/ivantis-epmm-is-under-active-attack-thanks-to-two-critical-zero-days-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/ivantis-epmm-is-under-active-attack-thanks-to-two-critical-zero-days-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> A logo sign outside of the headquarters of Ivanti in South Jordan, Utah. (Kristoffer Tripplaar \/ Alamy Stock Photo) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"52.191337623935\"><body readability=\"108.08196721311\"><\/p>\n<p>Attackers are again focusing on a familiar target in the network edge space, actively exploiting two critical zero-day vulnerabilities in Ivanti software that allows administrators to set mobile device and application controls. <\/p>\n<p>The vulnerabilities \u2014 <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-1281\">CVE-2026-1281<\/a> and <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-1340\">CVE-2026-1340<\/a> \u2014 each carry a CVSS rating of 9.8 and allow unauthenticated users to execute code remotely in Ivanti Endpoint Manager Mobile (EPMM). Ivanti did not say when the earliest known date of exploitation occurred but warned that a \u201c<a href=\"https:\/\/forums.ivanti.com\/s\/article\/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US\">very limited number of customers<\/a>\u201d were attacked before it disclosed and addressed the defects Thursday.<\/p>\n<p>Ivanti\u2019s post-attack warning marks a <a href=\"https:\/\/cyberscoop.com\/ivanti-exploited-vulnerabilities-network-edge-devices-kev-list\/\">frequent occurrence for its customers<\/a>, involving yet again highly destructive defects in its code that attackers exploited before the vendor caught or fixed the errors. <\/p>\n<p>The Cybersecurity and Infrastructure Security Agency has flagged 31 Ivanti defects on its <a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog?f%5B0%5D=vendor_project%3A817&page=0\">known exploited vulnerabilities catalog<\/a> since late 2021. At least 19 defects across Ivanti products have been exploited in the past two years. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The agency added CVE-2026-1281 to the catalog Thursday, but not CVE-2026-1340. Both defects have been exploited, according to watchTowr. Yet, a spokesperson for Ivanti said the vulnerabilities have not been chained together for exploitation.<\/p>\n<p>The latest code-injection vulnerabilities demonstrate attackers are focusing on EPMM in particular of late. Ivanti disclosed a <a href=\"https:\/\/cyberscoop.com\/ivanti-epmm-defects-exploited\/\">separate pair of vulnerabilities in the same product<\/a> in May 2025. <\/p>\n<p>Ivanti declined to say how many customers have been impacted by the recent zero-day attacks, but researchers warn a recurring pattern is emerging with mass exploitation observed shortly after public disclosure and the release of exploit code.<\/p>\n<p>\u201cThis started as tightly scoped zero-day exploitation,\u201d Ryan Dewhurst, head of proactive threat intelligence at watchTowr, told CyberScoop. \u201cIt has since devolved into global mass exploitation by a wide mix of opportunistic actors. That arc is depressingly predictable.\u201d<\/p>\n<p>Shadowserver said it observed a spike in CVE-2026-1281 exploitation attempts from at least 13 source IPs by Saturday. More than <a href=\"https:\/\/dashboard.shadowserver.org\/statistics\/iot-devices\/time-series\/?date_range=7&vendor=ivanti&model=epmm&dataset=count&limit=100&group_by=geo&stacking=stacked\">1,400 instances of Ivanti EPMM<\/a> are still exposed to the internet, according to Shadowserver scans, but it\u2019s unknown how many of those are vulnerable or already compromised. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cIt\u2019s important to remember that exposure does not equal exploitation,\u201d Dewhurst said. \u201cBut any organization exposing vulnerable instances to the internet must consider them compromised, tear down infrastructure and instigate incident response processes.\u201d<\/p>\n<p>Ivanti advised all on-premises EPMM customers to apply patches, but warned that the script is temporary and will be overridden when customers upgrade software to a new version. The software packages that address the defects \u201ctakes only seconds to apply, does not cause downtime and significantly increases adoption and protection rates for customers,\u201d a company spokesperson said. <\/p>\n<p>Ivanti said it will release a permanent fix for the vulnerability in a future update, but did not say when customers should anticipate that release.<\/p>\n<p>The new Ivanti zero-days share many similarities to previous EPMM vulnerabilities, said Ryan Emmons, staff security researcher at Rapid7. \u201cThe line between attacker input and trusted code is blurred, resulting in the ability to execute malicious payloads.\u201d<\/p>\n<p>Remotely exploitable vulnerabilities in network edge devices are an appealing and effective attack vector for hackers looking to break into targeted networks. Multiple threat groups last year, including some linked to China, exploited another zero-day defect in Ivanti EPMM \u2014 CVE-2025-4428 \u2014 and a <a href=\"https:\/\/cyberscoop.com\/china-espionage-group-ivanti-vulnerability-exploits\/\">string of vulnerabilities in other Ivanti products<\/a>.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cState-sponsored adversaries have generally made strong use of remotely exploitable vulnerabilities in Ivanti kit, which isn\u2019t surprising,\u201d said Caitlin Condon, vice president of security research at VulnCheck.<\/p>\n<p>The latest actively exploited defects affecting Ivanti products reflect a continuation of a years-long battle between the vendor and threat groups that poses a consistent risk for customers. <\/p>\n<p>Some security researchers are more inclined to pin the blame for this sustained security problem on Ivanti itself, yet there is broad agreement these vulnerabilities were not easy for the company to discover prior to exploitation. <\/p>\n<p>Emmons described the defects as nuanced with an odd path to code injection. \u201cWith these vulnerable code patterns now known, the vendor\u2019s security teams can more effectively hunt for these sorts of bugs in the future,\u201d he added.<\/p>\n<p>Dewhurst concurred the vulnerabilities were not easy to spot, but said that does not excuse the outcome. \u201cDefensive engineering needs to assume attackers will find the non-obvious paths eventually, because they always do,\u201d he said. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Ivanti\u2019s spokesperson said these types of vulnerabilities are difficult to find, and insisted the company\u2019s security and engineering teams acted quickly to address the defects once they were identified.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"2.9206730769231\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/02\/ivantis-epmm-is-under-active-attack-thanks-to-two-critical-zero-days-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/ivanti-endpoint-manager-mobile-zero-day-vulnerabilities-exploit\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ivanti\u2019s EPMM is under active attack, thanks to two critical<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[282,452,281,1394,4838,3353,2880,288,4136,643,2281,703,5199,1544,5292,1170],"tags":[286,454,285,1395,4841,3357,2882,294,4140,645,2283,705,5200,1545,5296,1171],"class_list":["post-8327","post","type-post","status-publish","format-standard","hentry","category-cybercrime","category-cybersecurity-and-infrastructure-security-agency-cisa","category-hacking","category-ivanti","category-network-edge-devices","category-rapid7","category-shadowserver","category-threats","category-vulncheck","category-vulnerabilities","category-vulnerability","category-vulnerability-disclosure","category-watchtowr","category-zero-day","category-zero-day-exploit","category-zero-days","tag-cybercrime","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-hacking","tag-ivanti","tag-network-edge-devices","tag-rapid7","tag-shadowserver","tag-threats","tag-vulncheck","tag-vulnerabilities","tag-vulnerability","tag-vulnerability-disclosure","tag-watchtowr","tag-zero-day","tag-zero-day-exploit","tag-zero-days"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/hacking\/\" rel=\"category tag\">hacking<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ivanti\/\" rel=\"category tag\">Ivanti<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/network-edge-devices\/\" rel=\"category tag\">network edge devices<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/rapid7\/\" rel=\"category tag\">Rapid7<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/shadowserver\/\" rel=\"category tag\">Shadowserver<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulncheck\/\" rel=\"category tag\">VulnCheck<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerabilities\/\" rel=\"category tag\">vulnerabilities<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability\/\" rel=\"category tag\">vulnerability<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability-disclosure\/\" rel=\"category tag\">vulnerability disclosure<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/watchtowr\/\" rel=\"category tag\">watchTowr<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/zero-day\/\" rel=\"category tag\">Zero-day<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/zero-day-exploit\/\" rel=\"category tag\">zero-day exploit<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/zero-days\/\" rel=\"category tag\">zero-days<\/a>","tag_info":"zero-days","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8327","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8327"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8327\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8327"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8327"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8327"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8327,"date":"2026-02-03T15:14:49","date_gmt":"2026-02-03T21:14:49","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=87661"},"modified":"2026-02-03T15:14:49","modified_gmt":"2026-02-03T21:14:49","slug":"ivantis-epmm-is-under-active-attack-thanks-to-two-critical-zero-days","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/02\/03\/ivantis-epmm-is-under-active-attack-thanks-to-two-critical-zero-days\/","title":{"rendered":"Ivanti\u2019s EPMM is under active attack, thanks to two critical zero-days"},"content":{"rendered":"