Patrick Terlisten

Nice... sitting in a customer meeting and hunting IOCs. If you are using #Ivanti EPMM, you might want to take a look at this:

Mass exploitation of #CVE-2026-1281 and #CVE-2026-1340 in Ivanti EPMM

https://github.security.telekom.com/2026/03/ivanti-CVE-2026-1281-exploitation.html

#ivanti_backdoors

Mass exploitation of CVE-2026-1281 and CVE-2026-1340 in Ivanti EPMM

In early 2026, two critical zero-day vulnerabilities in Ivanti’s mobile device management platform - CVE-2026-1281 and CVE-2026-1340 - emerged as significant...

Telekom Security
Mar 9 at 9:53amWeb
Show threadPatrick TerlistenMar 9
Aaaaannnd we found web shells. So this box is cooked. Patching the appliance after being compromised will not fix the underlaying issue. So you haver to restore an uncompromised version of the appliance.