⚠️ Region Alert: UAE/Middle East
Two critical zero-day vulnerabilities, CVE-2026-1281 and CVE-2026-1340, are being actively exploited in Ivanti Endpoint Manager Mobile (EPMM) instances worldwide. These vulnerabilities allow unauthenticated attackers to achieve remote code execution (RCE) by exploiting legacy bash scripts susceptible to arithmetic expansion attacks. Attackers have been observed deploying web shells, establishing reverse shells, and installing persistent backdoors to maintain long-term access to enterprise mobile management infrastructure.
Unit 42 reports that threat actors are moving rapidly from reconnaissance to full exploitation, targeting sectors including healthcare, government, and high technology. Organizations are strongly advised to apply the recommended RPM patches (versions 12.x.0.x or 12.x.1.x) immediately, as the exploitation window has significantly collapsed. In addition to patching, administrators should scan for indicators of compromise (IOCs) such as unauthorized JSP files and suspicious outbound network connections.
Top comments (0)