Ivanti

ESET's APT Activity Report for Q4 2025 and Q1 2026 highlights diverse campaigns by China, Iran, North Korea, and Russia-aligned threat actors, including espionage, supply chain compromise, and destructive attacks.

A local attacker can exploit vulnerabilities in Ivanti Secure Access Client to manipulate files or escalate privileges, potentially gaining elevated access to the system.

Ivanti released security advisories on May 12, 2026, to address vulnerabilities in Xtraction, Endpoint Manager (EPM), Virtual Traffic Manager (vTM), and Secure Access Client (Windows), urging users to apply necessary updates to mitigate potential risks from CVE-2026-8043, CVE-2026-8051, CVE-2026-7431, and CVE-2026-7432.

Multiple vulnerabilities in Ivanti Endpoint Manager Mobile allow an attacker to gain administrator privileges, execute arbitrary code with administrator privileges, bypass security measures, manipulate data, and disclose sensitive information.

CVE-2026-6973, an authenticated remote code execution vulnerability in Ivanti Endpoint Manager Mobile (EPMM), is being actively exploited, potentially leading to data breaches and system compromise.