Latest Product Updates and Feature Enhancements on Ivanti Xtraction
Ivanti Neurons ITSM Vulnerabilities Could Allow Session Persistence
Ivanti disclosed vulnerabilities in its Neurons for ITSM platform, identified as CVE-2026-4913 and CVE-2026-4914. These flaws could allow attackers to maintain unauthorized access or inject malicious... scripts. Ivanti has released version 2025.4 to address these issues, with automatic updates for cloud users and manual updates required for on-premises systems.
Ivanti Launches Sovereign Cloud Solution to Support European Data Sovereignty and Compliance
Ivanti has launched the Ivanti Neurons for MDM Sovereign Edition EU, a cloud-based solution designed to meet stringent European data sovereignty and compliance requirements. This offering aligns wi...th the EU Cloud Sovereignty Framework, providing centralized endpoint management for regulated sectors such as financial services, energy, and healthcare. Key features include certified European security assurance and compliance with SEAL-2 and SEAL-3 classifications.
CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday
Ivanti's Endpoint Manager Mobile (EPMM) is under scrutiny as CISA mandates U.S. federal agencies to patch a critical vulnerability (CVE-2026-1340) by April 11. This flaw, exploited since January, all...ows remote code execution on unpatched systems. Ivanti had previously released updates to address this and another vulnerability, urging immediate action to prevent exploitation.
Ivanti Announces New Product Integration with Google Cloud
Ivanti has launched a new integration with Google Cloud, supporting Context Aware Access policies to enhance security for Google Workspace and Cloud applications. This collaboration enables organizat...ions to adopt a zero-trust approach, ensuring secure access from iOS and Android devices without traditional VPNs. Ivanti's solution allows conditional access based on device status and IP address, enhancing security for remote work environments.
Ivanti Debuts New Ivanti Connect Secure Version 25.X with Modern OS and SELinux Advances that Set New Standard for VPN Security
Ivanti has launched Ivanti Connect Secure (ICS) version 25.X, featuring a major architectural overhaul with an enterprise-grade Oracle Linux OS and SELinux enforcement. This release enhances VPN secu...rity by minimizing vulnerabilities and improving operational resilience. Key features include a modern web server, Secure Boot, and disk encryption, aligning with Ivanti's Secure by Design principles to bolster enterprise security.
Ivanti Powers Cloud-First Supply Chains with Velocity Platform Expansion
Ivanti has expanded its Velocity platform to include Velocity Forms, a cloud-based solution designed to modernize supply chain operations by replacing paper processes with digital forms. This update ...aims to reduce errors, prevent chargebacks, and streamline workflows through seamless integration with existing systems, enhancing operational efficiency and cost-effectiveness.
Ivanti Product Enhancements Drive Stronger Security and Streamlined User Experience for Modern Enterprises
Ivanti has announced significant enhancements to its product suite, focusing on security and user experience improvements. Key updates include the release of Ivanti Connect Secure (ICS) version 25.X,... which features a new enterprise-grade Oracle Linux OS and enhanced security measures. Ivanti Neurons for Patch Management now offers streamlined deployment capabilities, and new AI-powered diagnostics in Ivanti Neurons Workspace improve device issue detection. These updates aim to support scalable growth and modernize IT operations for enterprises.
Ivanti Releases New Ivanti Connect Secure Version 22.8 with Secure by Default Features and Enhancements
Ivanti has launched Ivanti Connect Secure version 22.8, featuring Secure by Default enhancements. This release optimizes VPN performance, enhances security with features like a built-in Web Applicati...on Firewall, and supports modern security frameworks such as SASE and Zero Trust. The update aims to improve operational efficiency and secure network access for distributed workforces.
Tech Disruptions Cost Companies Millions of Dollars in Lost Productivity Annually, According to Research from Ivanti
Ivanti's 2025 Digital Employee Experience (DEX) Report reveals that tech disruptions cost companies millions annually in lost productivity. The report highlights a disconnect between perceived digita...l maturity and real-world tech challenges, with only 21% of workers seeing AI productivity gains. Ivanti's CEO emphasizes the role of DEX solutions in enhancing AI initiatives and improving employee experience.
Ivanti Unveils Enhancements to its IT and Security Solutions, Empowering Teams with Greater Efficiency and Improving User Experience
Ivanti has announced enhancements to its IT and security solutions, focusing on improving efficiency and user experience. Key updates include support for Windows 11 on Snapdragon devices, automated m...igration, and enhanced integration capabilities. These updates aim to help IT and security teams manage and protect their operations more effectively.
Ivanti Report Reveals Only One in Three Organizations Have Implemented Zero Trust Network Access for Remote Workers
Ivanti's latest report highlights that only one-third of organizations have adopted zero trust network access for remote workers, despite increasing cybersecurity threats. The report underscores the ...need for robust access controls and highlights vulnerabilities due to unmanaged devices and BYOD practices. Ivanti emphasizes a zero-trust strategy to enhance enterprise security.
Ivanti Unveils AI-Driven Innovations to the Neurons Platform to Power the Future of IT and Security
Ivanti has introduced AI-driven enhancements to its Neurons platform, including agentic AI for ITSM, autonomous endpoint management, and improved asset visibility. These innovations aim to streamline... IT operations, enhance security, and provide real-time insights, with customer previews starting in Q1 2026 and general availability later in the year.
CISA warns of actively exploited Ivanti EPM and Cisco SD-WAN flaws
CISA has identified an authentication bypass vulnerability in Ivanti Endpoint Manager (EPM), tracked as CVE-2026-1603, as being actively exploited. This flaw, patched in February 2026, allows remote ...attackers to access stored credential data. Ivanti had initially reported no known exploitations but the situation has changed, prompting CISA to add it to its Known Exploited Vulnerabilities catalog.
CISA: Recently patched Ivanti EPM flaw now actively exploited
Ivanti's Endpoint Manager (EPM) software has a high-severity vulnerability, CVE-2026-1603, now actively exploited, prompting CISA to mandate U.S. federal agencies to patch systems by March 23. The fl...aw allows remote attackers to bypass authentication and steal credentials. Ivanti had patched this vulnerability in EPM 2024 SU5, addressing other security issues. Despite no reports of exploitation, CISA added it to its Known Exploited Vulnerabilities Catalog.
Ivanti Desktop and Server Management Vulnerability Allows Attackers to ...
Ivanti has released a security update for its Desktop and Server Management (DSM) software to address a high-severity vulnerability (CVE-2026-3483) that allows local attackers to escalate privileges.... The flaw affects all DSM versions up to 2026.1 and has been resolved in version 2026.1.1. Organizations are urged to update immediately to prevent potential exploitation.
CISA shortens patch deadline for critical Ivanti, SolarWinds bugs
The Cybersecurity and Infrastructure Security Agency (CISA) has shortened the patch deadline for a critical vulnerability (CVE-2026-1603) affecting Ivanti products. This vulnerability has been exploi...ted by cybercriminals and nation-state actors, with reports indicating repeated targeting by Chinese attackers throughout 2025. Federal agencies must patch this vulnerability within two weeks to prevent further exploitation.
U.S. CISA adds Ivanti EPM, SolarWinds, and Omnissa Workspace One flaws to its Known ...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical authentication bypass vulnerability in Ivanti Endpoint Manager (EPM), tracked as CVE-2026-1603, to its Known Expl...oited Vulnerabilities catalog. Ivanti released patches in February to address this flaw, which allows remote attackers to access sensitive login information without credentials. Federal agencies are required to fix this vulnerability by March 23, 2026.
CISA Details RESURGE Malware Exploiting Ivanti Connect Secure Zero?Day ...
CISA has detailed the RESURGE malware exploiting a zero-day vulnerability in Ivanti Connect Secure VPN gateways (CVE-2025-0282). The malware, linked to a China-associated threat, uses rootkit and boo...tkit techniques for stealthy persistence. Organizations using Ivanti Connect Secure should apply security updates, monitor TLS traffic, and validate firmware to mitigate risks.
CISA Alerts On RESURGE Malware Targeting Ivanti Connect Secure ...
CISA has issued a warning about the RESURGE malware targeting vulnerabilities in Ivanti's Connect Secure, Policy Secure, and ZTA Gateways. The malware exploits a stack-based buffer overflow (CVE-2025...-0282) to execute arbitrary code, posing significant security risks. Ivanti provides recovery steps, and CISA recommends immediate mitigation actions, including factory resets and credential updates, to protect affected systems.
RESURGE Malware Remains Active On Ivanti Devices
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an updated report on the RESURGE malware, which can remain dormant on Ivanti Connect Secure devices. This malware exploits the C...VE-2025-0282 vulnerability, using advanced encryption and forged certificates to evade detection. CISA emphasizes the need for proactive patching and threat hunting to mitigate risks associated with this persistent threat.
Critical Vulnerabilities in Ivanti EPMM Exploited
Two critical zero-day vulnerabilities, CVE-2026-1281 and CVE-2026-1340, have been identified in Ivanti Endpoint Manager Mobile (EPMM), allowing remote code execution. These vulnerabilities are active...ly exploited, affecting sectors like government and healthcare. Ivanti has issued a security advisory recommending immediate patch application to mitigate risks.
Multiple Endpoint Manager bugs patched by Ivanti, including remote auth ...
Ivanti has patched multiple vulnerabilities in its Endpoint Manager, including a high-severity authentication bypass (CVE-2026-1603) and a medium-severity SQL injection (CVE-2026-1602). These updates..., part of EPM 2024 SU5, address critical security issues that could allow remote attackers to steal credentials and execute arbitrary code. The company confirmed no known exploits of these vulnerabilities before their public disclosure.
Multiple Vulnerabilities in Ivanti Endpoint Manager Could Allow for ...
Multiple vulnerabilities in Ivanti Endpoint Manager, including an authentication bypass and SQL injection, could allow unauthorized access to credential data. Ivanti recommends immediate updates to m...itigate these risks.
Fallout from latest Ivanti zero-days spreads to nearly 100 victims
Ivanti disclosed two critical zero-day vulnerabilities in its Endpoint Manager Mobile (EPMM) software, leading to widespread exploitation affecting nearly 100 entities, including major government age...ncies. The vulnerabilities, CVE-2026-1281 and CVE-2026-1340, enable remote code execution. Ivanti has released a detection script and is working with security partners to mitigate the impact. The Cybersecurity and Infrastructure Security Agency has identified multiple Ivanti vulnerabilities as exploited since 2021.
EU, Dutch government announce hacks following Ivanti zero-days
Ivanti's Endpoint Manager Mobile (EPMM) faced critical vulnerabilities, CVE-2026-1281 and CVE-2026-1340, leading to cyberattacks on the Dutch government and European Commission. Ivanti issued patches..., but some customers were compromised. Global security agencies have issued alerts, emphasizing the high risk of unpatched systems.
Hackers Exploiting Ivanti EPMM Devices to Deploy Dormant Backdoors
Hackers are exploiting Ivanti's Endpoint Manager Mobile (EPMM) devices using two critical vulnerabilities, CVE-2026-1281 and CVE-2026-1340, to plant dormant backdoors. Ivanti has issued mitigation gu...idance, but exploitation continues. The attack involves a Base64-encoded Java class file that remains inactive until triggered, posing a significant security threat. Ivanti urges immediate patching and server restarts to remove in-memory implants.
Ivanti Issues Urgent Fix for Critical Zero-Day Flaws Under Active Attack - IT Security News
Ivanti has released urgent patches for two critical remote code execution vulnerabilities (CVE-2026-1281 & CVE-2026-1340) in its EPMM software. These zero-day flaws are currently under active attack,... prompting immediate action to secure affected systems.
Someone Knows Bash Far Too Well, And We Love It (Ivanti EPMM Pre-Auth RCEs CVE-2026-1281 & CVE-2026-1340) - watchTowr Labs
Ivanti disclosed CVE-2026-1281 and CVE-2026-1340, critical pre-auth remote command execution vulnerabilities in its Endpoint Manager Mobile (EPMM) solution. These vulnerabilities were actively exploi...ted, highlighting security challenges in the software. The disclosure aims to inform and protect users against potential threats.
Ivanti Unveils AI-Driven Innovations to the Neurons Platform to Power the Future of IT and Security - PR Newswire
Ivanti Unveils AI-Driven Innovations to the Neurons Platform to Power the Future of IT and Security - PR Newswire
New "SOAPwn" .NET Vulnerabilities Expose Barracuda, Ivanti and Microsoft Appliances to ...
Ivanti Endpoint Manager is vulnerable to the "SOAPwn" .NET vulnerabilities, which can be exploited for remote code execution (RCE) through malicious WSDL files. This vulnerability, identified as CVE-...2025-13659, involves namespace payload injection, allowing attackers to execute arbitrary code by manipulating SOAP requests.
Fortinet, Ivanti, Nvidia Release Security Updates
Ivanti released security updates addressing multiple high- and medium-severity vulnerabilities in its products, including Endpoint Manager, Connect Secure, Policy Secure, ZTA Gateways, and Neurons fo...r Secure Access. The updates fix issues like insufficient filename validation and missing authorization, which could lead to code execution and unauthorized actions.
Fortinet, Ivanti Release August 2025 Security Patches
Ivanti released August 2025 security patches addressing vulnerabilities in Ivanti Avalanche, Ivanti Virtual Application Delivery Control, and Ivanti Connect Secure. These updates fix high-severity re...mote code execution and denial-of-service vulnerabilities. Ivanti advises customers to apply patches promptly to prevent potential exploitation.
Ivanti Zero-Days Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks
Ivanti's Connect Secure appliances were targeted by cyberattacks exploiting vulnerabilities CVE-2025-0282 and CVE-2025-22457, leading to the deployment of MDifyLoader and in-memory Cobalt Strike atta...cks. These flaws, patched by Ivanti in early 2025, allowed unauthorized remote code execution and arbitrary code execution. Ivanti emphasizes the importance of staying updated to protect against such threats.
Ivanti Endpoint Mobile Manager customers exploited via chained vulnerabilities
Ivanti has confirmed that hackers exploited vulnerabilities CVE-2025-4427 and CVE-2025-4428 in its Endpoint Mobile Manager (EPMM) software, enabling remote code execution. Ivanti urges all customers ...to upgrade to the latest fixed version. The flaws stem from issues in integrated open-source libraries, raising broader security concerns for enterprise mobile device management.
Ivanti Endpoint Mobile Manager customers exploited via chained vulnerabilities - Yahoo Finance
Ivanti has released urgent security updates for its Endpoint Manager Mobile (EPMM) platform after a critical zero-day vulnerability was discovered and actively exploited by attackers. The flaw allowe...d unauthorized access to sensitive data and system controls. Governments and enterprises are rapidly deploying the patch to protect mobile device management infrastructure and prevent further breaches.
Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers
Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers
Ivanti Patches EPMM Vulnerabilities Exploited for Remote Code Execution in Limited Attacks
Ivanti released security patches for Endpoint Manager Mobile (EPMM) to address two actively exploited vulnerabilities: CVE-2025-4427 (authentication bypass) and CVE-2025-4428 (remote code execution).... Attackers could chain these flaws for unauthenticated code execution. Updates are available for versions 11.12.0.5, 12.3.0.2, 12.4.0.2, and 12.5.0.1. Ivanti credited CERT-EU for discovery and confirmed limited exploitation.
Strategic Partnerships and Integrations of Ivanti Xtraction
Ivanti Partners with Project Hosts to Accelerate FedRAMP High and DoD IL5 Compliance Journey
Ivanti has partnered with Project Hosts to enhance its FedRAMP High and DoD IL5 compliance efforts. This strategic collaboration aims to strengthen Ivanti's cloud services for federal government clie...nts, leveraging Project Hosts' expertise in security compliance. The partnership will focus on achieving necessary certifications to meet stringent federal standards, expanding Ivanti's market reach within the government sector.
Ivanti in the Process of Achieving a FedRAMP High Designation through Partnership with Project Hosts
Ivanti is working with Project Hosts to achieve FedRAMP High designation for its Neurons Platform and Neurons for MDM with Access. This collaboration aims to enhance security and compliance for U.S. ...federal agencies, enabling them to leverage Ivanti's cloud solutions for improved data protection and operational efficiency. The FedRAMP High authorization will ensure adherence to stringent cybersecurity standards, supporting federal agencies' mobility management needs.
Ivanti Selects Bpod to Accelerate LATAM Expansion
Ivanti has partnered with Bpod to enhance its presence in the Latin American market, focusing on Brazil and other key regions. This collaboration will leverage Bpod's regional expertise to expand Iva...nti's market share, strengthen partnerships, and deliver tailored IT and security solutions. The partnership aims to drive growth through modern demand-generation strategies and deepen relationships with partners and customers.
Westcon-Comstor signs distribution agreement with security company Ivanti - CRN Australia
Westcon-Comstor has signed a distribution agreement with Ivanti to distribute its entire portfolio, including network security, endpoint management, and enterprise service management solutions in Aus...tralia. This partnership aims to empower partners with comprehensive security and automation offerings, addressing the growing demand for integrated cybersecurity solutions driven by evolving threats and hybrid work environments.
Leadership and Executive Team Updates at Ivanti Xtraction
Ivanti Appoints Jai Sahney as Senior Vice President, Asia Pacific & Japan
Ivanti has appointed Jai Sahney as Senior Vice President for Asia Pacific & Japan. Sahney will focus on driving growth, enhancing customer and partner engagement, and building a high-performance team... in the region. With extensive experience in enterprise software and SaaS, Sahney aims to strengthen Ivanti's position as a leader in IT and security solutions across APJ.
Seasoned Tech Leader Karl Triebes Joins Ivanti as Chief Product Officer
Ivanti has appointed Karl Triebes as Chief Product Officer to drive innovation and enhance customer satisfaction. With over 30 years of experience in tech leadership at companies like F5 and Amazon, ...Triebes will align Ivanti's product strategy with long-term goals, ensuring high-quality technology solutions and sustained business growth.
Corporate News and Organizational Updates on Ivanti Xtraction
Ivanti Brand Refresh Empowers Innovation at Work and Elevate Human Potential
Ivanti has announced a brand refresh to align with its mission of managing, protecting, and automating technology to foster continuous innovation. This rebranding emphasizes Ivanti's commitment to em...powering organizations by integrating IT and security, enhancing productivity, and driving innovation through its AI-powered Ivanti Neurons platform.
Mass exploitation of CVE-2026-1281 and CVE-2026-1340 in Ivanti EPMM
Ivanti disclosed two critical vulnerabilities, CVE-2026-1281 and CVE-2026-1340, in its Endpoint Manager Mobile (EPMM), allowing unauthenticated remote code execution. These vulnerabilities have been ...actively exploited, leading to significant security incidents across various sectors. Ivanti provided emergency mitigation guidance, while the German Federal Office for Information Security issued warnings about widespread exploitation.
CISA Warns of RESURGE Malware Exploiting 0-Days to Breach Ivanti Connect Secure Devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about the RESURGE malware exploiting a zero-day vulnerability (CVE-2025-0282) in Ivanti Connect Secure devices. T...his malware, which includes components like SPAWNSLOTH and dsmain, can survive reboots, steal credentials, and maintain control over compromised systems. CISA advises affected organizations to perform factory resets and reset all account credentials to mitigate the threat.
CISA warns that RESURGE malware can be dormant on Ivanti devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about the RESURGE malware, which can remain dormant on Ivanti Connect Secure devices. This malware exploits a cri...tical vulnerability, CVE-2025-0282, and employs sophisticated evasion techniques to avoid detection. It uses a fake Ivanti certificate for authentication, allowing attackers to establish secure remote access. CISA advises administrators to use updated indicators of compromise to detect and remove infections.
Ivanti Zero-Day Exploits Surge: July 2025 Attacks Confirmed
Security researchers have identified a surge in zero-day exploits targeting Ivanti's enterprise products since July 2025. These attacks involve malware delivery, web shell deployment, and reconnaissa...nce activities, posing significant risks to organizations using Ivanti solutions. Enterprises are advised to apply security patches, monitor for unusual activities, and enhance network segmentation to mitigate threats.
Dutch Authorities Confirm Ivanti Zero-Day Exploit Exposed Employee ...
Ivanti's Endpoint Manager Mobile (EPMM) was exploited in a cyber attack affecting Dutch and European government systems. The breach exposed employee data due to vulnerabilities CVE-2026-1281 and CVE-...2026-1340, which Ivanti patched on January 29, 2026. The attack involved a sophisticated campaign targeting EPMM, highlighting the need for resilience and rapid response to such threats.
Dutch agencies hit by Ivanti EPMM exploit exposing employee contact data
Dutch agencies, including the Data Protection Authority and the Council for the Judiciary, experienced cyberattacks exploiting vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM). These attacks ...exposed employee contact data, prompting immediate action and ongoing monitoring by the National Cyber Security Center. The European Commission also detected a similar attack on its mobile device management system, highlighting the need for enhanced cybersecurity measures.