InfoSecBulletin Cybersecurity for mankind
Ivanti has released an important security notice for its Endpoint Manager Mobile (EPMM) product. It reveals several serious weaknesses being used by attackers, like CVE-2026-6973, and asks all EPMM users to install updates right away.
Ivanti said that CVE-2026-6973 is being actively used by hackers. This issue needs admin login to work.
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
The flaw only affects the on-premises EPMM product. They do not exist in Ivanti Neurons for MDM, Ivanti’s cloud-based endpoint management solution, Ivanti EPM, Ivanti Sentry, or any other Ivanti products.
Exploitation activity has been described as “very limited” at the time of public disclosure, though the company strongly warned that advanced AI models have dramatically collapsed the time-to-exploit window from days to mere hours after a vulnerability becomes public.
Ivanti announced a big change in how it manages vulnerabilities. They have added several advanced AI systems that use large language models into their product security and engineering teams.
This integration has improved the ability of its internal security teams to find and fix weaknesses that regular static analysis (SAST) and dynamic analysis (DAST) tools often miss.
Ivanti said that some of the weaknesses announced today were found using AI help. The company has a “human in the loop” rule to check all automated results, making sure AI is used wisely in its security work.
Ivanti’s EPMM has often been a target for advanced hackers. CISA has noted at least 31 Ivanti flaws in its Known Exploited Vulnerabilities (KEV) list since late 2021. In the last two years, at least 19 flaws in Ivanti products have been used in attacks.
Previous zero-day attacks on EPMM involved CVE-2025-4427 and CVE-2025-4428 in May 2025, and CVE-2023-35078 and CVE-2023-35082 in 2023. Some of these attacks were linked to groups supported by the Chinese government.
The steady focus on EPMM shows how important it is in managing mobile devices in businesses.
The security issues mentioned in Ivanti’s May 2026 notice only affect on-premises EPMM systems. Companies using Ivanti Neurons for MDM in the cloud are not affected.
Ivanti has shared clear fix instructions in its official Security Advisory. The company says the patch packages are quick to apply and won’t cause any downtime.
Mitigations
Ivanti strongly urges all on-premises EPMM administrators to act right away:
Apply the available security patch to all EPMM on-premises instances without delay
Monitor Apache access logs at /var/log/httpd/https-access_log for signs of attempted or successful exploitation.
Implement network segmentation to restrict EPMM administrative interfaces to trusted networks only.
Review and harden mobile device management policies to reduce the overall attack surface
