Summary

A single threat actor is responsible for 83% of the active exploitation of two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM). These vulnerabilities are tracked as CVE-2026-21962 and CVE-2026-24061.

Key Points

• A single threat actor is behind the majority of recent attacks on Ivanti EPMM.
• The vulnerabilities exploited are CVE-2026-21962 and CVE-2026-24061.
• These vulnerabilities are classified as critical, indicating a high risk of remote code execution (RCE).
• The exploitation of these vulnerabilities is currently active.

Analysis

The concentration of attacks by a single threat actor highlights the need for immediate attention to these vulnerabilities. The critical nature of CVE-2026-21962 and CVE-2026-24061 suggests that successful exploitation could lead to severe consequences, such as unauthorized access or control over affected systems. This situation underscores the importance of timely patch management and threat monitoring.

Conclusion

IT professionals should prioritize patching Ivanti EPMM to mitigate the risks associated with these critical vulnerabilities. Continuous monitoring for unusual activity and implementing robust security measures are also recommended to protect against potential exploitation.