A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

#ivanti #cybersecurity #vulnerabilitymanagement #vulnerability

https://vulnerability.circl.lu/vuln/CVE-2026-1281

Latest News (Jan 29-30, 2026):

Tech: Apple plans "Apple Intelligence" with Google Gemini integration, coinciding with Google's Chrome "auto browse" launch. China approved Nvidia H200 chip sales to its tech giants.

Cybersecurity: The FBI launched "Operation Winter SHIELD" to protect critical infrastructure. A major ShinyHunters phishing campaign targets Okta SSO accounts, and Ivanti EPMM (CVE-2026-1281) is a newly exploited vulnerability.

#News #Anonymous #AnonNews_irc

⚠️ Alerte CERT-FR ⚠️

Les vulnérabilités critiques CVE-2026-1281 et CVE-2026-1340 affectant Ivanti Endpoint Manager Mobile sont activement exploitées dans le cadre d'attaques ciblées.
https://www.cert.ssi.gouv.fr/alerte/CERTFR-2026-ALE-001/

‼️ CVE-2026-1281 & CVE-2026-1340: A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Zero-Day: Yes
CVSS: Both 9.8
CVE Published: January 29th, 2026
KEV Catalog: January 29th, 2026

Affected Vendor: Ivanti
Vulnerability Type: Remote Code Execution (RCE)

Advisory: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US

#Ivanti: Two Ivanti EPMM #ZeroDay Unauthenticated #RCE Vulnerabilities CVE-2026-1281 & CVE-2026-1340 Actively Exploited, Patch Now!
👇
https://thehackernews.com/2026/01/two-ivanti-epmm-zero-day-rce-flaws.html

Ivanti warns of two EPMM flaws exploited in zero-day attacks
https://www.bleepingcomputer.com/news/security/ivanti-warns-of-two-epmm-flaws-exploited-in-zero-day-attacks/
Ivanti has disclosed two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, that have been exploited in zero-day attacks. Both are unauthenticated remote code execution flaws with a CVSS score of 9.8.
Ivanti confirmed a limited number of customers were impacted at the time of disclosure.
Successful exploitation could allow attackers to execute arbitrary code on vulnerable EPMM appliances and potentially access sensitive administrative, user and device data.
Mitigations are available via RPM scripts:
• RPM 12.x.0.x for EPMM 12.5.0.x, 12.6.0.x and 12.7.0.x
• RPM 12.x.1.x for EPMM 12.5.1.0 and 12.6.1.0
Ivanti states the updates require no downtime and have no functional impact. Organizations should apply the mitigations immediately.
CISA has added CVE-2026-1281 to its Known Exploited Vulnerabilities catalogue, reinforcing the urgency of remediation.

Ivanti Provides Temporary Patches for Actively Exploited EPMM Zero-Day
https://www.helpnetsecurity.com/2026/01/30/ivanti-epmm-cve-2026-1281-cve-2026-1340/
Ivanti issued provisional patches for two critical EPMM vulnerabilities (including one exploited in the wild). Security teams should apply these immediately and plan for permanent updates in upcoming releases.

Ivanti confirms active exploitation of EPMM zero-day RCE flaws (CVE-2026-1281, CVE-2026-1340).
Emergency patches released—apply immediately.

🔗 https://www.technadu.com/ivanti-epmm-zero-day-rce-flaws-actively-exploited-affecting-very-limited-number-of-customers/619369/

#ZeroDay #RCE #Ivanti #Infosec

📰 CRITICAL: Ivanti Patches Two Actively Exploited RCE Zero-Days in EPMM

🚨 CRITICAL UPDATE: Ivanti patches two actively exploited zero-day RCEs (CVE-2026-1281, CVE-2026-1340) in EPMM. Both are CVSS 9.8. Unauthenticated attackers can gain full control. Patch immediately! #Ivanti #ZeroDay #CyberSecurity #RCE

🔗 https://cyber.netsecops.io/articles/ivanti-patches-two-critical-actively-exploited-rce-flaws-in-epmm/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

Not sure I like that I didn’t need the explanation about variable expansion to understand wtf happened 😅

https://labs.watchtowr.com/someone-knows-bash-far-too-well-and-we-love-it-ivanti-epmm-pre-auth-rces-cve-2026-1281-cve-2026-1340/

⚠️ Alerte CERT-FR ⚠️

Les vulnérabilités critiques CVE-2026-1281 et CVE-2026-1340 affectant Ivanti Endpoint Manager Mobile sont activement exploitées dans le cadre d'attaques ciblées.
https://www.cert.ssi.gouv.fr/alerte/CERTFR-2026-ALE-001/

‼️ CVE-2026-1281 & CVE-2026-1340: A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.

Zero-Day: Yes
CVSS: Both 9.8
CVE Published: January 29th, 2026
KEV Catalog: January 29th, 2026

Affected Vendor: Ivanti
Vulnerability Type: Remote Code Execution (RCE)

Advisory: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340?language=en_US

#Ivanti: Two Ivanti EPMM #ZeroDay Unauthenticated #RCE Vulnerabilities CVE-2026-1281 & CVE-2026-1340 Actively Exploited, Patch Now!
👇
https://thehackernews.com/2026/01/two-ivanti-epmm-zero-day-rce-flaws.html

Ivanti warns of two EPMM flaws exploited in zero-day attacks
https://www.bleepingcomputer.com/news/security/ivanti-warns-of-two-epmm-flaws-exploited-in-zero-day-attacks/
Ivanti has disclosed two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, that have been exploited in zero-day attacks. Both are unauthenticated remote code execution flaws with a CVSS score of 9.8.
Ivanti confirmed a limited number of customers were impacted at the time of disclosure.
Successful exploitation could allow attackers to execute arbitrary code on vulnerable EPMM appliances and potentially access sensitive administrative, user and device data.
Mitigations are available via RPM scripts:
• RPM 12.x.0.x for EPMM 12.5.0.x, 12.6.0.x and 12.7.0.x
• RPM 12.x.1.x for EPMM 12.5.1.0 and 12.6.1.0
Ivanti states the updates require no downtime and have no functional impact. Organizations should apply the mitigations immediately.
CISA has added CVE-2026-1281 to its Known Exploited Vulnerabilities catalogue, reinforcing the urgency of remediation.

Ivanti Provides Temporary Patches for Actively Exploited EPMM Zero-Day
https://www.helpnetsecurity.com/2026/01/30/ivanti-epmm-cve-2026-1281-cve-2026-1340/
Ivanti issued provisional patches for two critical EPMM vulnerabilities (including one exploited in the wild). Security teams should apply these immediately and plan for permanent updates in upcoming releases.

Ivanti confirms active exploitation of EPMM zero-day RCE flaws (CVE-2026-1281, CVE-2026-1340).
Emergency patches released—apply immediately.

🔗 https://www.technadu.com/ivanti-epmm-zero-day-rce-flaws-actively-exploited-affecting-very-limited-number-of-customers/619369/

#ZeroDay #RCE #Ivanti #Infosec

📰 CRITICAL: Ivanti Patches Two Actively Exploited RCE Zero-Days in EPMM

🚨 CRITICAL UPDATE: Ivanti patches two actively exploited zero-day RCEs (CVE-2026-1281, CVE-2026-1340) in EPMM. Both are CVSS 9.8. Unauthenticated attackers can gain full control. Patch immediately! #Ivanti #ZeroDay #CyberSecurity #RCE

🔗 https://cyber.netsecops.io/articles/ivanti-patches-two-critical-actively-exploited-rce-flaws-in-epmm/?utm_source=mastodon&utm_medium=social&utm_campaign=twitter_auto

Not sure I like that I didn’t need the explanation about variable expansion to understand wtf happened 😅

https://labs.watchtowr.com/someone-knows-bash-far-too-well-and-we-love-it-ivanti-epmm-pre-auth-rces-cve-2026-1281-cve-2026-1340/

Sicherheitsloch in WinRAR wird reichlich ausgenutzt

Da Windows früher nicht mit komprimierten Dateien umgehen konnte, musste man sich mit zusätzlichen Tools helfen. Eines von denen war und ist WinRAR. Das dürfte immer noch als Altlast auf vielen Windows-Rechnern herumliegen. Das ist gefährlich, wenn es nicht aktualisiert wurde. Im Juli 2025 wurde ein Update (auf Version 7.13) veröffentlicht, mit dem eine kritische Sicherheitslücke (CVE-2025-8088) geschlossen wird. Diese Sicherheitslücke wird allerseits für Angriffe ausgenutzt, vom kommerziell interessierten Cybergangster bis zu staatlichen Hackern. Für einen Angriff reicht es aus, WinRAR ein speziell präpariertes Archiv (komprimierte Datei) unterzuschieben. Ist es

https://www.pc-fluesterer.info/wordpress/2026/01/30/sicherheitsloch-in-winrar-wird-reichlich-ausgenutzt/

#Warnung #cybercrime #exploits #windows #wissen

New #synology #DSM Version: 7.3.2-86009 Update 1 is out.

This is a security patch:

Fixed Issues
- Fixed a security vulnerability regarding telnetd (CVE-2026-24061).

https://www.synology.com/en-global/releaseNote/DSM

#selfhosting #selfhosted #homelab

‼️ CVE-2026-0755: Reported Zero-Day in Gemini MCP Tool Could Allow Remote Code Execution

Zero-Day: Yes
CVSS: 9.8
CVE Published: January 23rd, 2026

Affected Vendor: Gemini MCP Tool
Vulnerability Type: Remote Code Execution (RCE)

Advisory: https://github.com/advisories/GHSA-28qq-5f47-r5x2

@Weld When I was at Rapid7, we were firm that we wouldn't sign anything preventing us from disclosing. Sometimes that made it real difficult to talk to the company

Sadly the link to the disclosure is dead now, but this was my favourite: https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis

@TeddyTheBest Yes it is open source but it is a little tough to claim the moral high ground here when 7-Zip also frequently has security issues and like WinRAR offers no autoupdate

https://nvd.nist.gov/vuln/detail/CVE-2025-11001

🟠 CVE-2026-1686 - High (8.8)

A security flaw has been discovered in Totolink A3600R 5.9c.4959. This issue affects the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. Performing a manipulation of the argument apcliSsid results in buffer overflow. It is...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1686/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack