top of page
ALL POSTS
U.S. CISA Adds Critical Enterprise Software Vulnerabilities to Known Exploited Vulnerabilities Catalog
Key Findings CISA added Oracle PeopleSoft Enterprise PeopleTools vulnerability CVE-2026-35273 (CVSS 9.8) to its Known Exploited Vulnerabilities catalog following active exploitation by ShinyHunters CISA added Ivanti Sentry vulnerability CVE-2026-10520 (CVSS 10.0) to its Known Exploited Vulnerabilities catalog with a mandatory federal agency patching deadline of June 14, 2026 The Oracle flaw was exploited as a zero-day for nearly two weeks before vendor disclosure, affecting o
Jun 133 min read
High-Severity Infrastructure Vulnerabilities Expose Critical Systems and Live Surveillance Feeds
Key Findings Ivanti ITSM vulnerability CVE-2026-9614 carries CVSS score of 8.8 and allows authenticated privilege escalation to administrator access KMW CCTV vulnerability CVE-2026-5386 has critical CVSS score of 9.1 and enables unauthenticated password reset on camera systems SaaS Ivanti deployments already patched automatically; on-premises versions 2025.4 and prior require immediate manual updates KM-IP521 and KM-IP421 camera models affected; vendor patches available but K
Jun 22 min read
Ivanti EPMM CVE-2026-6973 RCE Actively Exploited to Grant Admin-Level Access
Key Findings Ivanti Endpoint Manager Mobile (EPMM) vulnerability CVE-2026-6973 is under active exploitation in limited attacks, requiring administrative authentication for RCE Five additional vulnerabilities patched in EPMM range from CVSS 7.0 to 8.9, with multiple allowing unauthenticated access and privilege escalation CISA added CVE-2026-6973 to Known Exploited Vulnerabilities catalog, mandating Federal agencies patch by May 10, 2026 Palo Alto Networks PAN-OS critical buff
May 73 min read
CVE-2026-1604: Remote Unauthenticated Attacker Can Steal Ivanti EPM Secrets (Updated)
Key Findings Ivanti released security patches for its Endpoint Manager (EPM) product, addressing two critical vulnerabilities. The most severe flaw, CVE-2026-1603, is a high-severity authentication bypass (CVSS 8.6) that allows remote unauthenticated attackers to access stored credentials. The second vulnerability, CVE-2026-1602, is a medium-severity SQL injection flaw (CVSS 6.5) that could enable data theft by authenticated attackers. There is no evidence of these vulnerabil
Feb 122 min read
Dutch Agencies Targeted by Ivanti Zero-Day Vulnerability, Exposing Employee Data
Key Findings Dutch Data Protection Authority (AP) and Council for the Judiciary (Rvdr) confirmed cyber attacks exploiting Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities Attacks exposed employee contact information, including names, work emails, and phone numbers European Commission also detected a cyberattack on its mobile device management platform, exposing some staff names and phone numbers Ivanti acknowledged vulnerabilities (CVE-2026-1281 and CVE-2026-1340) have b
Feb 102 min read
European Commission Responds to Mobile Device Cyberattack
Key Findings The European Commission detected a cyber attack on its central mobile device management infrastructure on January 30, 2026. The attack may have exposed the personal details, including names and phone numbers, of some Commission staff members. However, the Commission's swift response contained the breach within 9 hours and ensured that no mobile devices were compromised. The attack is linked to critical vulnerabilities (CVE-2026-1281 and CVE-2026-1340) in Ivanti's
Feb 92 min read
bottom of page
