CP
cyberpings
VulnerabilitiesHIGH

Exploited Flaws in Ivanti EPM and Cisco SD-WAN Raise Alarms

CSCSO Online
CVE-2026-1603IvantiCiscoCISAvulnerabilities
🎯

Basically, hackers are using serious security holes in Ivanti and Cisco software to break in and steal data.

Quick Summary

CISA has issued a warning about exploited flaws in Ivanti and Cisco software. Organizations using these systems are at risk of data breaches. Immediate action is required to patch vulnerabilities and protect sensitive information.

What Happened

A serious alert has been issued by the US Cybersecurity and Infrastructure Security Agency (CISA). An authentication bypass vulnerability in Ivanti Endpoint Manager (EPM) is being actively exploited by attackers. This vulnerability, tracked as CVE-2026-1603?, affects versions of EPM prior to 2024 SU5 and allows unauthorized users to leak sensitive credential data.

This warning comes just after Ivanti patched the vulnerability on February 9. At that time, they believed no customers were affected. However, CISA has now added this flaw to its Known Exploited Vulnerabilities (KEV)? catalog, indicating that the situation has changed. Alongside this, CISA has also updated its directive regarding two critical flaws in Cisco’s SD-WAN software, which were exploited in zero-day attacks?.

Why Should You Care

This isn't just a technical issue; it affects you directly. If your organization uses Ivanti EPM or Cisco SD-WAN, you could be at risk of data breaches. Imagine leaving your front door unlocked, thinking no one would notice. That's what using vulnerable software feels like right now. Hackers can sneak in and access sensitive information, potentially leading to identity theft or financial loss.

The key takeaway is that these vulnerabilities are not just theoretical; they are being actively exploited. If you or your company are using these systems, you need to act quickly to protect your data and your reputation.

What's Being Done

CISA is taking action by urging federal agencies? to identify affected systems and patch these vulnerabilities immediately. They have also updated their emergency directive, which now requires agencies to report collected logs from their SD-WAN deployments by March 26. Here’s what you should do right now:

  • Identify if your systems are using Ivanti EPM or Cisco SD-WAN.
  • Apply the latest patches released by Ivanti and Cisco.
  • Monitor your systems for any signs of compromise.

Experts are closely watching how these vulnerabilities evolve and whether more attacks will follow. Stay vigilant and keep your systems updated to minimize risks.

💡 Tap dotted terms for explanations

🔒 Pro insight: The rapid exploitation of CVE-2026-1603 mirrors previous patterns, indicating a coordinated effort among threat actors to target widely used enterprise tools.

Original article from

CSO Online

Read Full Article

Share

Related Pings

HIGHVulnerabilities

Windows 11 Bug Locks Users Out of System Drive C

A critical bug in Windows 11 is locking users out of their system drives. Affected Samsung devices are unable to access essential applications. Microsoft is investigating the issue and advises users to wait for a patch.

Cyber Security News·
HIGHVulnerabilities

Critical Coruna Flaw Fixed for Older iPhones and iPads

Apple has issued critical updates for older iPhones and iPads to fix the Coruna flaw. This vulnerability could expose sensitive data, making it essential for users to update their devices. Protect yourself by ensuring your device is up to date.

SC Media·
HIGHVulnerabilities

Cisco Catalyst SD-WAN Vulnerability Under Active Exploitation

CISA warns of a critical vulnerability in Cisco Catalyst SD-WAN systems. Federal agencies must act quickly to secure their networks. This flaw poses serious risks to sensitive data and operations.

SC Media·
MEDIUMVulnerabilities

Windows Autopatch to Default to Hotpatch Security Updates

Microsoft will soon enable hotpatch security updates by default for Windows Autopatch users. This change affects devices running Windows 11 version 24H2 or later. It aims to speed up security updates without requiring reboots, enhancing user experience and security.

SC Media·
HIGHVulnerabilities

Google Chrome Flaws Added to CISA's Exploited Vulnerabilities List

CISA has added two high-severity Google Chrome vulnerabilities to its Known Exploited Vulnerabilities catalog. Millions of users are at risk, as these flaws have already been exploited in the wild. Immediate updates and awareness are crucial to protect against potential attacks.

Security Affairs·
HIGHVulnerabilities

Old Industrial Controllers Spark Bidding War on eBay

A bidding war on eBay for 30-year-old industrial controllers raises cybersecurity concerns. These outdated systems pose risks to critical infrastructure. Immediate action is needed to secure them.

Dark Reading·