Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (Cyborg)
  • No Skin
Collapse
Brand Logo

CIRCLE WITH A DOT
  1. Home
  2. Uncategorized
  3. 83% of observed Ivanti EPMM exploitation (CVE-2026-1281) traces to one bulletproof IP that isn't on any published IOC list.

83% of observed Ivanti EPMM exploitation (CVE-2026-1281) traces to one bulletproof IP that isn't on any published IOC list.

Scheduled Pinned Locked Moved Uncategorized
ivantithreatintelcve20261281infosec
2 Posts 2 Posters 0 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • greynoise@infosec.exchangeG This user is from outside of this forum
    greynoise@infosec.exchangeG This user is from outside of this forum
    greynoise@infosec.exchange
    wrote last edited by
    #1

    83% of observed Ivanti EPMM exploitation (CVE-2026-1281) traces to one bulletproof IP that isn't on any published IOC list. The IPs that are? VPN exits with zero Ivanti activity. We broke down who's actually doing this ⬇️ https://www.greynoise.io/blog/active-ivanti-exploitation

    #Ivanti #ThreatIntel #CVE20261281 #InfoSec

    jtk@infosec.exchangeJ 1 Reply Last reply
    0
    • greynoise@infosec.exchangeG greynoise@infosec.exchange

      83% of observed Ivanti EPMM exploitation (CVE-2026-1281) traces to one bulletproof IP that isn't on any published IOC list. The IPs that are? VPN exits with zero Ivanti activity. We broke down who's actually doing this ⬇️ https://www.greynoise.io/blog/active-ivanti-exploitation

      #Ivanti #ThreatIntel #CVE20261281 #InfoSec

      jtk@infosec.exchangeJ This user is from outside of this forum
      jtk@infosec.exchangeJ This user is from outside of this forum
      jtk@infosec.exchange
      wrote last edited by
      #2

      @greynoise fwiw, that ASN has been on the @spamhaus ASN drop list for over a year

      1 Reply Last reply
      1
      0
      • R relay@relay.infosec.exchange shared this topic
      Reply
      • Reply as topic
      Log in to reply
      • Oldest to Newest
      • Newest to Oldest
      • Most Votes

      • Login
      • Login or register to search.
      • First post
        Last post
      0
      • Categories
      • Recent
      • Tags
      • Popular
      • World
      • Users
      • Groups