CISA gives feds four days to patch Ivanti flaw exploited as zero-day

Friday, May 8, 2026 at 12:16 PM UTC·Source: BleepingComputer

Updated: Friday, May 8, 2026 at 01:00 PM UTC

Executive Summary

CISA has given U.S. federal agencies four days to secure their networks against a high-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) exploited in zero-day attacks. [...]

Analysis

CISA has given U.S. federal agencies four days to secure their networks against a high-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) exploited in zero-day attacks. [...]

Source Attribution

Originally published by BleepingComputer on May 8, 2026.

Related Threats

CRITICALZero Day

AI security is repeating endpoint security’s biggest mistake

The security industry is experiencing déjà vu, and most teams haven’t recognized it yet. If you were in the trenches during the early 2000s, you remember the antivirus arms race. IT teams buried under signature updates. Configuration baselines checked obsessively. Patch cycles treated as the primary defense. Meanwhile, attackers pivoted. They wrote malware that matched no known signature and walke

1h agoCSO Online

CRITICALZero Day

New Linux 'Dirty Frag' zero-day gives root on all major distros

A new Linux zero-day vulnerability, named Dirty Frag, allows local attackers to gain root privileges on most major Linux distributions with a single command. [...]

3d agoBleepingComputer

CRITICALZero Day

Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks

CVE-2026-6973 is a high-severity vulnerability that allows an attacker who has admin privileges to execute arbitrary code. The post Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks appeared first on SecurityWeek .

CVE-2026-6973

3d agoSecurityWeek