CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ⬡ Vulnerabilities & CVEs May 22, 2026

New Ivanti EPMM 0-Day Vulnerability Actively Exploited in Attacks - CyberSecurityNews

CyberSecurityNews Archived May 22, 2026 ✓ Full text saved

New Ivanti EPMM 0-Day Vulnerability Actively Exploited in Attacks CyberSecurityNews

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security New Ivanti EPMM 0-Day Vulnerability Actively Exploited in Attacks By Guru Baran May 7, 2026 Ivanti has issued a critical security advisory for its Endpoint Manager Mobile (EPMM) product, disclosing multiple actively exploited vulnerabilities, including CVE-2026-6973, and urging all on-premises EPMM customers to apply patches immediately. At the time of disclosure, Ivanti confirmed active exploitation of CVE-2026-6973, a vulnerability that requires admin authentication to succeed. The flaws exclusively affect the on-premises EPMM product and are not present in Ivanti Neurons for MDM, Ivanti’s cloud-based unified endpoint management solution, Ivanti EPM, Ivanti Sentry, or any other Ivanti products. Exploitation activity has been described as “very limited” at the time of public disclosure, though the company strongly warned that advanced AI models have dramatically collapsed the time-to-exploit window from days to mere hours after a vulnerability becomes public. In a notable shift in vulnerability management strategy, Ivanti disclosed that it has integrated multiple advanced large language model (LLM) AI systems into its product security and engineering red team processes. This integration has enhanced the capabilities of its internal security teams to identify and remediate vulnerabilities that traditional static analysis (SAST) and dynamic analysis (DAST) tools typically miss. Ivanti acknowledged that some of the vulnerabilities being disclosed today were discovered directly through this AI-assisted process. The company maintains a “human in the loop” policy to verify all automated or agentic findings, ensuring responsible use of AI in its security program. Ivanti’s EPMM has been a recurring target for sophisticated threat actors. CISA has flagged at least 31 Ivanti defects on its Known Exploited Vulnerabilities (KEV) catalog since late 2021, and at least 19 defects across Ivanti products have been exploited in the past two years alone. Previous zero-day campaigns against EPMM include CVE-2025-4427 and CVE-2025-4428 in May 2025, and CVE-2023-35078 and CVE-2023-35082 in 2023, with some attacks attributed to Chinese state-sponsored threat groups. The consistent targeting of EPMM underscores the product’s high-value position in enterprise mobile device management infrastructure. The vulnerabilities disclosed in Ivanti’s May 2026 security advisory affect only on-premises EPMM deployments. Organizations running cloud-based Ivanti Neurons for MDM are not impacted. Ivanti has published detailed remediation instructions through its official Security Advisory, with patch packages that the company says take only seconds to apply and cause no downtime. Mitigations Ivanti strongly urges all on-premises EPMM administrators to take immediate action: Apply the available security patch to all EPMM on-premises instances without delay Monitor Apache access logs at /var/log/httpd/https-access_log for signs of attempted or successful exploitation. Implement network segmentation to restrict EPMM administrative interfaces to trusted networks only. Review and harden mobile device management policies to reduce the overall attack surface Subscribe to Ivanti’s Security Blog and the Ivanti Innovators Hub for real-time vulnerability alerts Ivanti cautioned that as AI-driven tooling becomes further embedded in its security processes, customers should expect an increase in vulnerability disclosures, a transparency initiative the company frames as a proactive step toward more resilient products rather than a sign of weakening security posture. Cybercriminals now enter through your suppliers instead of your front door – Free Webinar Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Guru Baranhttps://cybersecuritynews.com Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments. Trending News 1 Million WordPress Sites Affected by Avada Builder File Read and SQL Injection Flaws Hackers Abuse OAuth Device Authorization Flow to Steal Microsoft 365 Tokens Microsoft Exchange, Windows 11, and Cursor Zero-Days Exploited on Pwn2Own Day 2 macOS Malware Installs Fake Google Software Update LaunchAgent for Persistence Compromised GitHub Action Exfiltrates Workflow Credentials to Attacker Domain Latest News Cyber Security News TamperedChef Malware Uses Signed Productivity Apps to Deliver Stealers and RATs Cyber Security News Fake Invitation Phishing Campaign Targets U.S. Organizations With Credential Theft Cyber Security News Indian Student Data Weaponized for Phishing, Social Engineering, and Financial Fraud Chrome Critical Chrome Vulnerabilities Enable Remote Code Execution Attacks – Patch Now! Cyber Security Authorities Have Taken Down “First VPN” Used in Ransomware Attacks
    💬 Team Notes
    Article Info
    Source
    CyberSecurityNews
    Category
    ⬡ Vulnerabilities & CVEs
    Published
    May 22, 2026
    Archived
    May 22, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗