Overview
Description
Statistics
- 29 Posts
- 5 Interactions
Fediverse
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
#ivanti #cybersecurity #vulnerabilitymanagement #vulnerability
Latest News (Jan 29-30, 2026):
Tech: Apple plans "Apple Intelligence" with Google Gemini integration, coinciding with Google's Chrome "auto browse" launch. China approved Nvidia H200 chip sales to its tech giants.
Cybersecurity: The FBI launched "Operation Winter SHIELD" to protect critical infrastructure. A major ShinyHunters phishing campaign targets Okta SSO accounts, and Ivanti EPMM (CVE-2026-1281) is a newly exploited vulnerability.
⚠️ Alerte CERT-FR ⚠️
Les vulnérabilités critiques CVE-2026-1281 et CVE-2026-1340 affectant Ivanti Endpoint Manager Mobile sont activement exploitées dans le cadre d'attaques ciblées.
https://www.cert.ssi.gouv.fr/alerte/CERTFR-2026-ALE-001/
‼️ CVE-2026-1281 & CVE-2026-1340: A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
Zero-Day: Yes
CVSS: Both 9.8
CVE Published: January 29th, 2026
KEV Catalog: January 29th, 2026
Affected Vendor: Ivanti
Vulnerability Type: Remote Code Execution (RCE)
#Ivanti: Two Ivanti EPMM #ZeroDay Unauthenticated #RCE Vulnerabilities CVE-2026-1281 & CVE-2026-1340 Actively Exploited, Patch Now!
👇
https://thehackernews.com/2026/01/two-ivanti-epmm-zero-day-rce-flaws.html
Ivanti warns of two EPMM flaws exploited in zero-day attacks
https://www.bleepingcomputer.com/news/security/ivanti-warns-of-two-epmm-flaws-exploited-in-zero-day-attacks/
Ivanti has disclosed two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, that have been exploited in zero-day attacks. Both are unauthenticated remote code execution flaws with a CVSS score of 9.8.
Ivanti confirmed a limited number of customers were impacted at the time of disclosure.
Successful exploitation could allow attackers to execute arbitrary code on vulnerable EPMM appliances and potentially access sensitive administrative, user and device data.
Mitigations are available via RPM scripts:
• RPM 12.x.0.x for EPMM 12.5.0.x, 12.6.0.x and 12.7.0.x
• RPM 12.x.1.x for EPMM 12.5.1.0 and 12.6.1.0
Ivanti states the updates require no downtime and have no functional impact. Organizations should apply the mitigations immediately.
CISA has added CVE-2026-1281 to its Known Exploited Vulnerabilities catalogue, reinforcing the urgency of remediation.
Ivanti Provides Temporary Patches for Actively Exploited EPMM Zero-Day
https://www.helpnetsecurity.com/2026/01/30/ivanti-epmm-cve-2026-1281-cve-2026-1340/
Ivanti issued provisional patches for two critical EPMM vulnerabilities (including one exploited in the wild). Security teams should apply these immediately and plan for permanent updates in upcoming releases.
Ivanti confirms active exploitation of EPMM zero-day RCE flaws (CVE-2026-1281, CVE-2026-1340).
Emergency patches released—apply immediately.
📰 CRITICAL: Ivanti Patches Two Actively Exploited RCE Zero-Days in EPMM
🚨 CRITICAL UPDATE: Ivanti patches two actively exploited zero-day RCEs (CVE-2026-1281, CVE-2026-1340) in EPMM. Both are CVSS 9.8. Unauthenticated attackers can gain full control. Patch immediately! #Ivanti #ZeroDay #CyberSecurity #RCE
Bluesky
Overview
- Ivanti
- Endpoint Manager Mobile
Description
Statistics
- 25 Posts
- 4 Interactions
Fediverse
⚠️ Alerte CERT-FR ⚠️
Les vulnérabilités critiques CVE-2026-1281 et CVE-2026-1340 affectant Ivanti Endpoint Manager Mobile sont activement exploitées dans le cadre d'attaques ciblées.
https://www.cert.ssi.gouv.fr/alerte/CERTFR-2026-ALE-001/
‼️ CVE-2026-1281 & CVE-2026-1340: A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
Zero-Day: Yes
CVSS: Both 9.8
CVE Published: January 29th, 2026
KEV Catalog: January 29th, 2026
Affected Vendor: Ivanti
Vulnerability Type: Remote Code Execution (RCE)
#Ivanti: Two Ivanti EPMM #ZeroDay Unauthenticated #RCE Vulnerabilities CVE-2026-1281 & CVE-2026-1340 Actively Exploited, Patch Now!
👇
https://thehackernews.com/2026/01/two-ivanti-epmm-zero-day-rce-flaws.html
Ivanti warns of two EPMM flaws exploited in zero-day attacks
https://www.bleepingcomputer.com/news/security/ivanti-warns-of-two-epmm-flaws-exploited-in-zero-day-attacks/
Ivanti has disclosed two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, that have been exploited in zero-day attacks. Both are unauthenticated remote code execution flaws with a CVSS score of 9.8.
Ivanti confirmed a limited number of customers were impacted at the time of disclosure.
Successful exploitation could allow attackers to execute arbitrary code on vulnerable EPMM appliances and potentially access sensitive administrative, user and device data.
Mitigations are available via RPM scripts:
• RPM 12.x.0.x for EPMM 12.5.0.x, 12.6.0.x and 12.7.0.x
• RPM 12.x.1.x for EPMM 12.5.1.0 and 12.6.1.0
Ivanti states the updates require no downtime and have no functional impact. Organizations should apply the mitigations immediately.
CISA has added CVE-2026-1281 to its Known Exploited Vulnerabilities catalogue, reinforcing the urgency of remediation.
Ivanti Provides Temporary Patches for Actively Exploited EPMM Zero-Day
https://www.helpnetsecurity.com/2026/01/30/ivanti-epmm-cve-2026-1281-cve-2026-1340/
Ivanti issued provisional patches for two critical EPMM vulnerabilities (including one exploited in the wild). Security teams should apply these immediately and plan for permanent updates in upcoming releases.
Ivanti confirms active exploitation of EPMM zero-day RCE flaws (CVE-2026-1281, CVE-2026-1340).
Emergency patches released—apply immediately.
📰 CRITICAL: Ivanti Patches Two Actively Exploited RCE Zero-Days in EPMM
🚨 CRITICAL UPDATE: Ivanti patches two actively exploited zero-day RCEs (CVE-2026-1281, CVE-2026-1340) in EPMM. Both are CVSS 9.8. Unauthenticated attackers can gain full control. Patch immediately! #Ivanti #ZeroDay #CyberSecurity #RCE
Bluesky
Overview
Description
Statistics
- 4 Posts
- 11 Interactions
Fediverse
Sicherheitsloch in WinRAR wird reichlich ausgenutzt
Da Windows früher nicht mit komprimierten Dateien umgehen konnte, musste man sich mit zusätzlichen Tools helfen. Eines von denen war und ist WinRAR. Das dürfte immer noch als Altlast auf vielen Windows-Rechnern herumliegen. Das ist gefährlich, wenn es nicht aktualisiert wurde. Im Juli 2025 wurde ein Update (auf Version 7.13) veröffentlicht, mit dem eine kritische Sicherheitslücke (CVE-2025-8088) geschlossen wird. Diese Sicherheitslücke wird allerseits für Angriffe ausgenutzt, vom kommerziell interessierten Cybergangster bis zu staatlichen Hackern. Für einen Angriff reicht es aus, WinRAR ein speziell präpariertes Archiv (komprimierte Datei) unterzuschieben. Ist es
Bluesky
Overview
Description
Statistics
- 2 Posts
- 1 Interaction
Fediverse
New #synology #DSM Version: 7.3.2-86009 Update 1 is out.
This is a security patch:
Fixed Issues
- Fixed a security vulnerability regarding telnetd (CVE-2026-24061).
Overview
Description
Statistics
- 3 Posts
- 1 Interaction
Bluesky
Overview
Description
Statistics
- 2 Posts
Bluesky
Overview
- Gemini MCP Tool
- gemini-mcp-tool
Description
Statistics
- 1 Post
- 4 Interactions
Overview
Description
Statistics
- 1 Post
- 4 Interactions
Fediverse
@Weld When I was at Rapid7, we were firm that we wouldn't sign anything preventing us from disclosing. Sometimes that made it real difficult to talk to the company
Sadly the link to the disclosure is dead now, but this was my favourite: https://attackerkb.com/topics/92AeLOE1M1/cve-2022-37393/rapid7-analysis
Overview
Description
Statistics
- 1 Post
Fediverse
@TeddyTheBest Yes it is open source but it is a little tough to claim the moral high ground here when 7-Zip also frequently has security issues and like WinRAR offers no autoupdate
Overview
- Totolink
- A3600R
Description
Statistics
- 2 Posts
Fediverse
🟠 CVE-2026-1686 - High (8.8)
A security flaw has been discovered in Totolink A3600R 5.9c.4959. This issue affects the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. Performing a manipulation of the argument apcliSsid results in buffer overflow. It is...
🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-1686/
#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack