Ivanti has rolled out security updates to address two security flaws impacting Ivanti Endpoint Manager Mobile (EPMM) that have been exploited in zero-day attacks, one of which has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog.
The critical-severity vulnerabilities are listed below -

CVE-2026-1281 (CVSS score:



Source: TheHackerNews
Source Link: https://thehackernews.com/2026/01/two-ivanti-epmm-zero-day-rce-flaws.html