Last week, Ivanti released a patch for CVE-2023-35078, a critical remote unauthenticated API access vulnerability in EPMM that impacted all supported versions of Ivanti's EPMM and allowed ...

While no patches are available yet, Ivanti urged customers to ‘apply the mitigation immediately,’ with threat actors now exploiting the flaws to carry out worldwide attacks. Volexity ...

Mandiant researchers reported that exploitation of two high-severity Ivanti VPN vulnerabilities began in December, confirming earlier findings on the timing of the attacks by researchers at Volexity.