GreyNoise @greynoise@infosec.exchange
Public

83% of observed Ivanti EPMM exploitation (CVE-2026-1281) traces to one bulletproof IP that isn't on any published IOC list. The IPs that are? VPN exits with zero Ivanti activity. We broke down who's actually doing this ⬇️ greynoise.io/blog/active-ivant

Active Ivanti Exploitation Traced to Single Bulletproof IP—Published IOC Lists Point Elsewhere

The GreyNoise Global Observation Grid observed active exploitation of two critical Ivanti Endpoint Manager Mobile vulnerabilities, and 83% of that exploitation traces to a single IP address on bulletproof hosting infrastructure that does not appear on widely circulated IOC lists.

www.greynoise.io

0
0
1

If you have a fediverse account, you can quote this note from your own instance. Search https://infosec.exchange/users/greynoise/statuses/116047942661766828 on your instance and quote it. (Note that quoting is not supported in Mastodon.)

0
0
0