83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure

Blog

Byadmblake February 12, 2026

A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile (EPMM) can be traced back to a single IP address on bulletproof hosting infrastructure offered by PROSPERO. Threat intelligence firm GreyNoise said it recorded 417 exploitation sessions from 8 unique source IP addresses between February 1 and…

A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile (EPMM) can be traced back to a single IP address on bulletproof hosting infrastructure offered by PROSPERO.
Threat intelligence firm GreyNoise said it recorded 417 exploitation sessions from 8 unique source IP addresses between February 1 and 9, 2026. An estimated 346

Blog

China Hijacks Captive Portals to Spy on Asian Diplomats

The Mustang Panda APT is hijacking Google Chrome browsers when they attempt to connect to new networks and redirecting them to phishing sites.

Read More China Hijacks Captive Portals to Spy on Asian Diplomats
Blog

[Webinar] AI Is Already Inside Your SaaS Stack — Learn How to Prevent the Next Silent Breach

Your employees didn’t mean to expose sensitive data. They just wanted to move faster. So they used ChatGPT to summarize a deal. Uploaded a spreadsheet to an AI-enhanced tool. Integrated a chatbot into Salesforce. No big deal—until it is. If this sounds familiar, you’re not alone. Most security teams are already behind in detecting how…

Read More [Webinar] AI Is Already Inside Your SaaS Stack — Learn How to Prevent the Next Silent Breach
Blog

CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud Misconfigs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday revealed that Commvault is monitoring cyber threat activity targeting applications hosted in their Microsoft Azure cloud environment. “Threat actors may have accessed client secrets for Commvault’s (Metallic) Microsoft 365 (M365) backup software-as-a-service (SaaS) solution, hosted in Azure,” the agency said. “This

Read More CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud Misconfigs
Blog

Cybersecurity Gaps Leave Doors Wide Open

Attackers don’t always need to resort to sophisticated gambits to break and enter; organizations often make it easy for them to walk right in.

Read More Cybersecurity Gaps Leave Doors Wide Open
Blog

Advancing Cybersecurity for Microsoft Environments

From certified MDR services to open threat intelligence frameworks, Sophos is delivering the clarity, context, and confidence organizations need to stay ahead of evolving threats.

Read More Advancing Cybersecurity for Microsoft Environments
Blog

AI-Enhanced Malware Sports Super-Stealthy Tactics

With legit sounding names, EvilAI’s “productivity” apps are reviving classic threats like Trojans while adding new evasion capabilities against modern antivirus defenses.

Read More AI-Enhanced Malware Sports Super-Stealthy Tactics

Related