A critical-severity vulnerability in Ivanti Endpoint Manager Mobile has been exploited by attackers since January, prompting the Cybersecurity and Infrastructure Security Agency to issue a directive to US government agencies to patch the flaw by the upcoming Sunday. The affected systems are required to be secured within a four-day timeframe to prevent further exploitation. The vulnerability, which affects Ivanti EPMM, poses a significant risk to the security of government systems. CISA's directive underscores the urgency of addressing the vulnerability, given its exploitation in recent attacks1. The agency's order highlights the need for swift action to mitigate potential threats. This vulnerability poses a significant risk to the security of government systems, and its exploitation could have severe consequences. The swift patching of this vulnerability is crucial for preventing attackers from gaining unauthorized access to sensitive information, so patching this flaw is essential for maintaining the security and integrity of government systems.
CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday
⚠️ Critical Alert
Why This Matters
Security developments involving CISA add to the evolving threat landscape — assess relevance to your environment.
References
- BleepingComputer. (2026, April 8). CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday. *BleepingComputer*. https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-exploited-ivanti-epmm-flaw-by-sunday/
Original Source
BleepingComputer
Read original →