Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

CISA KEV listing and FCEB patch order for Ivanti EPMM

Public Sector Action
First reported
Last updated
Happening score
H score 53
1 unique sources, 1 articles

Summary

Hide ▲

CISA added CVE-2026-1340 to the KEV Catalog and ordered FCEB agencies to patch Ivanti Endpoint Manager Mobile (EPMM) by Saturday midnight, April 11, forcing federal remediation of an exploited flaw that can enable unauthenticated remote code execution. The directive is tied to BOD 22-01 and raises the urgency for exposed federal systems running the vulnerable software. CISA also warned defenders that the issue is a frequent attack vector and advised rapid mitigation or discontinuation if mitigations are unavailable.

Related Happenings

CERT-In 12-hour KEV remediation guidance

Advisory/Mitigation
First: 26.05.2026 13:30 Last: 26.05.2026 13:30 Sources 1

About this happening: CERT-In set a **12-hour** expectation for containing or remediating **known exploited vulnerabilities** on **internet-facing and crown-jewel systems**, sharply shortening response...

Open Happening

CERT-In issues 12-hour patch guidance for Indian organizations

Public Sector Action
First: 26.05.2026 13:30 Last: 26.05.2026 13:30 Sources 1

About this happening: **CERT-In** published new guidance on **May 25** urging Indian organizations to patch **actively exploited internet-facing vulnerabilities** within **12 hours**, tightening respon...

Open Happening

CISA orders FCEB patching for CVE-2026-9082

Public Sector Action
First: 26.05.2026 11:46 Last: 26.05.2026 11:46 Sources 1

About this happening: **CISA** added **CVE-2026-9082** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Drupal** by **May 27**, turning an actively exploited flaw into a mandatory federa...

Open Happening

Congress demands CISA answers on GitHub credential leak

Public Sector Action
First: 22.05.2026 19:34 Last: 22.05.2026 19:34 Sources 1

About this happening: **Lawmakers in both houses of Congress** demanded answers from **CISA** after a contractor exposed **AWS GovCloud keys** and other secrets on **public GitHub**. The letters presse...

Open Happening

CISA emergency patch deadline for Ivanti EPMM

Public Sector Action
First: 08.05.2026 15:16 Last: 08.05.2026 15:16 Sources 1

About this happening: CISA ordered **U.S. federal agencies** to patch **Ivanti EPMM** by **midnight Sunday, May 10** after adding **CVE-2026-6973** to its list of vulnerabilities exploited in attacks....

Open Happening

Timeline

  1. 08.04.2026 21:15 1 articles · 1mo ago

    Ivanti patches EPMM zero-day abuse

    Mitigation Patch Update

    Ivanti releases security updates for Ivanti Endpoint Manager Mobile (EPMM) to patch CVE-2026-1340 and CVE-2026-1281 after confirming both bugs were abused in zero-day attacks, and says a very limited number of customers had been exploited at the time of disclosure.

    Show sources
    Open in new tab
  2. 08.04.2026 21:15 2 articles · 1mo ago

    CISA adds CVE-2026-1340 to KEV and orders federal patching

    Legal Policy Action Update

    CISA adds CVE-2026-1340 to the Known Exploited Vulnerabilities (KEV) Catalog and orders Federal Civilian Executive Branch (FCEB) agencies to patch Ivanti Endpoint Manager Mobile (EPMM) systems by Saturday midnight, April 11, under Binding Operational Directive (BOD) 22-01, while urging all defenders to prioritize patches or discontinue use if mitigations are unavailable.

    Show sources
    Open in new tab