Security researchers have identified that a single sophisticated threat actor is responsible for the majority of Ivanti EPMM exploitation. Meanwhile, Microsoft zero-days continue to see mass exploitation and BeyondTrust attacks persist.
A single threat actor is behind 83% of all Ivanti Endpoint Manager Mobile (EPMM) attacks observed in the wild. The actor is using a combination of CVE-2023-35078 and newer vulnerabilities to gain initial access to enterprise networks.
Action: Audit Ivanti EPMM logs immediately and apply all available patches.
All six Microsoft zero-days from Patch Tuesday continue to see active exploitation:
| CVE | Component | Exploitation Level |
|---|---|---|
| CVE-2026-21391 | Windows Kernel | Mass exploitation |
| CVE-2026-21418 | SmartScreen | Targeted attacks |
| CVE-2026-21387 | MSHTML | Widespread |
| CVE-2026-21377 | Windows Installer | Increasing |
| CVE-2026-21402 | Exchange Server | Targeted |
| CVE-2026-21356 | Print Spooler | Mass exploitation |
If you haven't patched, assume compromise and investigate.
The BeyondTrust Privileged Remote Access RCE (exploited within 24h of PoC) continues to see scanning and exploitation attempts.
Apple's description of the iOS zero-day as "extremely sophisticated" suggests nation-state involvement. The attack targeted specific individuals, likely for surveillance purposes.
All Apple users should update, but high-risk individuals (journalists, activists, executives) should treat this as urgent.
| Organization | Records | Data Type |
|---|---|---|
| Odido (Netherlands) | 6.2M | Telecom customer data |
| ApolloMD | 400K | Patient medical records |
| Retail Chain | 200K | Payment cards |
| Total | 6.8M+ |
The 2M-device Kimwolf botnet continues DDoS attacks against I2P network infrastructure. Researchers believe the botnet is being used to de-anonymize I2P users through traffic analysis.
✅ Ivanti EPMM Detection — Identify vulnerable instances and IOCs
✅ Real-time CVE Monitoring — All Microsoft zero-days indexed and tracked
✅ BeyondTrust Scanning — Find vulnerable PRA deployments
✅ Breach Intelligence — Stay informed on credential exposures affecting your domain
AI-powered vulnerability management with 332,000+ CVEs indexed.
Start Free TrialStay secure. Stay vigilant.
🗡️ KENSAI Security Team