Ivanti Exploitation Surges as Zero-Day Attacks Traced Back to July 2025

Security researchers have seen the vulnerabilities being exploited to deliver shells, conduct reconnaissance, and download malware.

Exploitation of two recently patched Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities, which had been zero-days, has surged, Palo Alto Networks warned this week.

The critical vulnerabilities, tracked as CVE-2026-1281 and CVE-2026-1340, can be exploited by remote, unauthenticated attackers to execute arbitrary code on target servers and gain complete control of the targeted mobile device management (MDM) infrastructure.

The security holes were patched by Ivanti in late January, when the vendor notified users that it had been aware of zero-day attacks aimed at “a very limited number of customers”.

Widespread exploitation of CVE-2026-1281 and CVE-2026-1340 started soon after disclosure and Palo Alto Networks has been seeing a wide range of attacks.

In a blog post dated February 17, the security firm reported that threat actors have been exploiting the vulnerabilities to download malware on compromised ...