Skip to content
The Nexus
DossierENTITY

Ivanti

Coverage of Ivanti in the Nexus archive.

Earliest in view: Apr 20 · 10:00 UTCMost recent: Jun 12 · 08:26 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJun 12 · 08:26 UTCBLEEPING COMPUTER
    CISA orders feds to patch actively exploited Ivanti flaw by Sunday

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to patch an actively exploited Ivanti Sentry flaw within three days as mandated by the newly issued Binding Operational Directive (BOD) 26-04.

  • SECURITYJun 10 · 06:26 UTCBLEEPING COMPUTER
    Ivanti: Max severity Sentry flaw allows code execution as root

    Ivanti has patched two critical vulnerabilities in its Sentry secure mobile gateway solution, including a maximum-severity flaw that enables remote attackers to execute code with root privileges.

  • SECURITYMay 18 · 10:54 UTCTHE HACKER NEWS
    Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws

    Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code. A critical flaw impacting Ivanti Xtraction could be exploited to achieve information disclosure or client-side attacks. The vulnerabilities affect multiple products from these companies.

  • SECURITYMay 7 · 21:50 UTCCYBERSCOOP
    Ivanti customers confront yet another actively exploited zero-day

    Ivanti customers are being targeted by attackers exploiting a zero-day vulnerability in Ivanti Endpoint Manager Mobile, with limited exploitation reported. The company has released patches for five high-severity vulnerabilities, including the zero-day defect. Ivanti warned customers of the threat and suggested rotating credentials to reduce risk.

  • SECURITYMay 7 · 17:55 UTCTHE HACKER NEWS
    Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access

    Ivanti's Endpoint Manager Mobile has a high-severity vulnerability, CVE-2026-6973, that allows remote code execution with admin-level access. The flaw affects versions before 12.6.1.1, 12.7.0.1, and 12.8.0.1. It is being exploited in limited attacks.

  • SECURITYMay 7 · 15:20 UTCBLEEPING COMPUTER
    Ivanti warns of new EPMM flaw exploited in zero-day attacks

    Ivanti has warned customers about a high-severity remote code execution vulnerability in Endpoint Manager Mobile exploited in zero-day attacks. The company is urging customers to patch the flaw as soon as possible. The vulnerability is being actively exploited by attackers.

  • SECURITYApr 20 · 10:00 UTCCYBERSCOOP
    Network ‘background noise’ may predict the next big edge-device vulnerability

    Research by GreyNoise indicates that spikes in network traffic targeting edge devices can predict upcoming vulnerability disclosures, often up to nine days before public alerts. The study found that 50% of detected activity surges led to vendor disclosures within three weeks, highlighting coordinated attacker behavior against security appliances.

Ivanti · Dossier · The Nexus