Another sobering reminder of the success hackers have been having with edge devices in general, a new round of serious flaws in an Ivanti product has allowed hackers to compromise a few European government agencies in recent weeks This article explores cvss scale cybersecurity. . Ivanti revealed two serious flaws in its Endpoint Manager Mobile (EPMM) software on January 29.

Known as CVE-2026-1281 and CVE-2026-1340, they were similar in that they both permitted remote code execution (RCE) and received scores of 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS) scale.

The Cybersecurity and Infrastructure Security Agency (CISA) then added CVE-2026-1281 to its running list of Known Exploited Vulnerabilities (KEV) after the company acknowledged to "a very limited number of customers whose solution has been exploited at the time of disclosure" in a security advisory. 6. Two Dutch government agencies also admitted to their own violations and were more willing to point the finger at Ivanti EPMM.

Related: As unconfirmed AI-generated data increases, Gartner projects that 50% of organizations will implement zero-trust data governance by 2028. Shadowserver monitored a second, larger wave of attempted attacks that seemed to be concentrated around February 9 after what seemed to be a coordinated campaign against European governments.

Greynoise researchers discovered that 83% of this increase in exploitation was linked to a single IP address from a bulletproof hosting service rather than any indicators of compromise (IOCs) released by Ivanti itself. According to what Greynoise told ZeroOwl at the time of publication, Feb.