Ivanti Issues Urgent Fix for Critical Zero-Day Flaws Under Active Attack

Cybersecurity researchers are warning of a major security crisis involving a tool used by large companies to manage employee mobile phones. The software, known as Ivanti Endpoint Manager Mobile (EPMM), is a central hub for businesses to control corporate emails and apps on iPhones and Android devices.

This isn’t the first time this specific software has been targeted by hackers. In May 2025, Hackread.com reported about two other flaws (CVE-2025-4427 and CVE-2025-4428) that were also being used by attackers to seize control of systems. Now, in January 2026, a new set of even more dangerous vulnerabilities has emerged.

Breaking down the 2026 vulnerabilities

On 29 January 2026, Ivanti released an emergency advisory for two critical code injection flaws tracked as CVE-2026-1281 and CVE-2026-1340. These bugs are particularly dangerous because they allow remote code execution, which means a hacker can take full control of the system from anywhere in ...