MUST READ

U.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog

 | 

Russia-linked APT28 uses PRISMEX to infiltrate Ukraine and allied infrastructure with advanced tactics

 | 

Signature Healthcare hit by cyberattack, services and pharmacies impacted

 | 

Project Glasswing powered by Claude Mythos: defending software before hackers do

 | 

U.S. agencies alert: Iran-linked actors target critical infrastructure PLCs

 | 

Attackers exploit critical Flowise flaw CVE-2025-59528 for remote code execution

 | 

Major outage cripples Russian banking apps and metro payments nationwide

 | 

Fast-moving Storm-1175 uses new exploits to breach networks and drop Medusa

 | 

GPUBreach exploit uses GPU memory bit-flips to achieve full system takeover

 | 

Phishing LNK files and GitHub C2 power new DPRK cyber attacks

 | 

BKA unmasks two REvil Ransomware operators behind 130+ German attacks

 | 

Attackers Exploit RCE Flaw as 14,000 F5 BIG-IP APM Instances Remain Exposed

 | 

CVE-2026-35616: Fortinet fixes actively exploited high-severity flaw

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 91

 | 

Image or Malware? Read until the end and answer in comments :)

 | 

Security Affairs newsletter Round 571 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Qilin ransomware group claims the hack of German political party Die Linke

 | 

U.S. CISA adds a flaw in TrueConf Client to its Known Exploited Vulnerabilities catalog

 | 

European Commission breach exposed data of 30 EU entities, CERT-EU says

 | 

North Korea–linked hackers drain $285M from Drift in sophisticated attack

 | 

U.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog

Pierluigi Paganini April 08, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Ivanti EPMM, tracked as CVE-2026-1340 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog.

The critical vulnerability is a code injection in Ivanti Endpoint Manager Mobile that allows attackers to achieve unauthenticated remote code execution. 

Below is the list of affected versions:

Product Name Affected Version(s) Affected CPE(s) Resolved Version(s) 
Ivanti Endpoint Manager Mobile 12.5.0.0 and prior 12.6.0.0 and prior 12.7.0.0 and prior cpe:2.3:a:ivanti:endpoint_manager_mobile:12.7.0.0:*:*:*:*:*:*:* RPM 12.x.0.x  
Ivanti Endpoint Manager Mobile 12.5.1.0 and prior 12.6.1.0 and prior cpe:2.3:a:ivanti:endpoint_manager_mobile:12.5.1.0:*:*:*:*:*:*:* cpe:2.3:a:ivanti:endpoint_manager_mobile:12.6.1.0:*:*:*:*:*:*:*   RPM 12.x.1.x 

The software firm is aware of attacks in the wild exploiting this flaw.

“We are aware of a very limited number of customers who have been exploited at the time of disclosure. However, a POC was made available by a third party shortly after disclosure.” warns the company. “We urge all customers to apply the patch as soon as possible and run the Exploitation Detection RPM package as a tool to assist in identifying potential compromise.”

The company released a new RPM detection tool that helps customers check for possible exploitation by scanning for known indicators and generating logs for review. Any suspicious activity before patching may indicate compromise and requires investigation, while alerts after patching are likely just harmless scanning attempts.

The company pointed out that running the RPM tool alone doesn’t guarantee the appliance is clean. It helps detect known indicators of compromise, but absence of findings isn’t proof of safety. Results should be reviewed with the security team and combined with other analysis and tools.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix the vulnerability by April 11, 2026.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, US CISA Known Exploited Vulnerabilities catalog)

CISA Hacking hacking news information security news IT Information Security Ivanti EPMM Known Exploited Vulnerabilities Catalog Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini April 08, 2026
Russia-linked APT28 uses PRISMEX to infiltrate Ukraine and allied infrastructure with advanced tactics
Read more
Pierluigi Paganini April 08, 2026
Signature Healthcare hit by cyberattack, services and pharmacies impacted
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

U.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog

Security / April 08, 2026

Russia-linked APT28 uses PRISMEX to infiltrate Ukraine and allied infrastructure with advanced tactics

APT / April 08, 2026

Signature Healthcare hit by cyberattack, services and pharmacies impacted

Security / April 08, 2026

Project Glasswing powered by Claude Mythos: defending software before hackers do

Artificial Intelligence / April 08, 2026

U.S. agencies alert: Iran-linked actors target critical infrastructure PLCs

APT / April 08, 2026