Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Critical MacSync Stealer Delivered via Google Ads and Claude AI Chats
July 15, 2026
GPT-5.6 Sol Ultra AI Creates Full Chrome Exploit Chain from Patches
July 15, 2026
Critical Cursor RCE: CVE-2024-XXXXX lets Git repos auto-execute code
July 15, 2026
Home/CyberSecurity News/Critical Ivanti EPMM CVE-2023-35078 0-Day Actively Exploited
CyberSecurity News

Critical Ivanti EPMM CVE-2023-35078 0-Day Actively Exploited

Key Takeaways Ivanti has released an urgent security advisory for its Endpoint Manager Mobile (EPMM) product, specifically for on-premises deployments. The advisory addresses multiple actively...

Marcus Rodriguez
Marcus Rodriguez
May 7, 2026 3 Min Read
56 0

Key Takeaways

  • Ivanti has released an urgent security advisory for its Endpoint Manager Mobile (EPMM) product, specifically for on-premises deployments.
  • The advisory addresses multiple actively exploited vulnerabilities, including CVE-2026-6973, which requires administrative authentication.
  • Only on-premises EPMM installations are affected; cloud-based solutions like Ivanti Neurons for MDM are not vulnerable.
  • Patches are available and should be applied immediately, with Ivanti noting they are quick to install and cause no downtime.

Ivanti EPMM Under Attack: Critical Vulnerabilities Actively Exploited

Ivanti has issued a critical security advisory urging all customers using its on-premises Endpoint Manager Mobile (EPMM) solution to apply immediate patches. The advisory confirms that multiple vulnerabilities, most notably CVE-2026-6973, are being actively exploited in the wild.

Table Of Content

  • Key Takeaways
  • Ivanti EPMM Under Attack: Critical Vulnerabilities Actively Exploited
  • Targeted Product and Scope
  • AI Integration in Vulnerability Management
  • EPMM: A Persistent Target for Threat Actors
  • What You Should Do

While exploitation activity for CVE-2026-6973, which necessitates administrative authentication, was described as “very limited” at the time of public disclosure, Ivanti emphasized the rapidly shrinking window for remediation. The company highlighted that advanced AI models have drastically accelerated the time-to-exploit for newly disclosed vulnerabilities, reducing it from days to mere hours.

Targeted Product and Scope

The vulnerabilities exclusively impact on-premises versions of Ivanti EPMM. Crucially, Ivanti confirmed that its cloud-based unified endpoint management solution, Ivanti Neurons for MDM, along with Ivanti EPM, Ivanti Sentry, and other Ivanti products, remain unaffected by these specific flaws.

AI Integration in Vulnerability Management

In a significant strategic shift, Ivanti revealed its integration of advanced large language model (LLM) AI systems into its product security and engineering red team processes. This innovative approach has empowered internal security teams to detect and mitigate vulnerabilities that often elude traditional static application security testing (SAST) and dynamic application security testing (DAST) tools.

Ivanti acknowledged that some of the vulnerabilities detailed in its latest advisory were directly uncovered through this AI-assisted methodology. The company maintains a “human in the loop” policy, ensuring all automated or agentic findings are verified by human experts to uphold responsible AI usage within its security program.

EPMM: A Persistent Target for Threat Actors

Ivanti EPMM has consistently been a high-value target for sophisticated threat actors. The CISA Known Exploited Vulnerabilities (KEV) catalog lists at least 31 Ivanti defects since late 2021, with at least 19 vulnerabilities across various Ivanti products exploited within the last two years alone. Previous zero-day campaigns against EPMM include CVE-2025-4427 and CVE-2025-4428 in May 2025, and CVE-2023-35078 and CVE-2023-35082 in 2023, with some attacks attributed to state-sponsored groups, notably from China.

This sustained targeting underscores EPMM’s critical role in enterprise mobile device management infrastructures, making it an attractive entry point for adversaries.

The vulnerabilities detailed in Ivanti’s May 2026 security advisory specifically impact on-premises EPMM installations. Cloud-based Ivanti Neurons for MDM users are not affected. Ivanti has released comprehensive remediation instructions via its official Security Advisory, providing patch packages that the company states can be applied in seconds without causing any downtime.

What You Should Do

  • Apply Patches Immediately: All administrators of on-premises Ivanti EPMM instances must apply the available security patches without delay.
  • Monitor Logs: Regularly inspect Apache access logs at /var/log/httpd/https-access_log for any indicators of attempted or successful exploitation.
  • Enhance Network Segmentation: Implement robust network segmentation to restrict access to EPMM administrative interfaces exclusively to trusted and isolated networks.
  • Review MDM Policies: Conduct a thorough review and harden mobile device management policies to minimize the overall attack surface.
  • Stay Informed: Subscribe to Ivanti’s Security Blog and the Ivanti Innovators Hub for real-time alerts and updates on new vulnerabilities.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitPatchSecurityThreatVulnerabilityzero-day

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

Previous Post

Cisco ASA, FTD Software Critical DoS Vulnerability CVE-2024-20353

Next Post

Vercel Patches Critical Next.js, React Server Component Vulnerabilities

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Dell PowerProtect flaws let attackers gain full system access
July 15, 2026
Microsoft Confirms Dell Laptop Overheating, Shutdowns After July Windows Update
July 15, 2026
FaceTime Call Impersonation Fraud Hijacks Bank Accounts
July 15, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Emy Elsamnoudy
Emy Elsamnoudy
Jennifer sherman
Jennifer sherman
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us