🚨 CRITICAL ALERT: Active Zero-Day Exploits

Urgent: Attackers are actively exploiting critical zero-day vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), including CVE-2026-1340 (CVSS 9.8), enabling unauthenticated remote code execution (RCE) on enterprise mobile device management servers. CISA has added it to KEV due to confirmed in-the-wild attacks—patch immediately to prevent full network compromise.

Critical Vulnerabilities (CVSS >= 8.0)

• CVE-2026-1340 (CVSS: 9.8): Code injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM) allowing unauthenticated attackers to remotely execute arbitrary code via crafted HTTP requests to endpoints like /mifs/c/aftstore/fob/, leading to system compromise, data theft, and lateral movement. Actively exploited as zero-day.View NVD | CISA KEV

⚡ Immediate Actions Required

Apply Ivanti patches NOW for all EPMM instances, especially those exposed to the internet. Isolate affected systems, scan for IOCs like web shells or cryptominers, and monitor for suspicious HTTP GET requests to /mifs/c/aftstore/fob/ endpoints. Limit EPMM exposure, enable logging, and check CISA KEV for updates—exploitation grants full control over MDM infrastructure.