It's time to phase out the "patch and pray" approach, eliminate needless public interfaces, and enforce authentication controls, one expert says.

DR (DZone Research) offers insights into software development trends, industry surveys, and technology adoption patterns, providing reports, whitepapers, and analyst insights to help businesses make informed decisions and stay competitive in the ever-evolving tech landscape. By exploring DR's curated content, developers can gain insights into emerging technologies, developer preferences, and industry best practices for building innovative and market-leading software solutions. Whether you're a startup founder, product manager, or tech executive, DR offers resources to guide your strategic planning and drive business success.

Dark Reading

Two critical RCE vulnerabilities (CVE-2026-1281 and CVE-2026-1340, both CVSS 9.8) in Ivanti's Endpoint Manager Mobile (EPMM) were disclosed on Jan. 29, with active exploitation already underway. Within days, the European Commission, Finland's Valtori, and two Dutch government agencies were breached. A public proof-of-concept exploit accelerated attack activity, with Greynoise tracing 83% of a subsequent exploitation spike to a single bulletproof hosting IP. Security experts urge organizations to move beyond 'patch and pray,' minimize public interfaces, enforce pre-authentication controls, and treat perimeter systems as Tier-0 critical infrastructure. Despite Ivanti's repeated vulnerability history, its deep enterprise entrenchment makes replacement difficult, and competitors offer little better track record.

Ivanti EPMM Zero-Day Bugs Spark Exploit Frenzy — Again

Ivanti Bugs Spark Fresh Wave of Cyberattacks