Single IP Dominates Exploitation Campaign Attacking Ivanti EPMM with RCE Vulnerability
Mon Feb 16 2026
Monitoring
Vulnerability
cybersecuritynews.com
A critical remote code execution (RCE) flaw in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281, is being heavily exploited. GreyNoise shows that 83% of observed attacks come from a single IP address: 193[.]24[.]123[.]42. This IP is registered to PROSPERO OOO (AS200593) and labeled as “bulletproof” hosting by Censys. Surprisingly, this IP was missing from […] The post Single IP Dominates Exploitation Campaign Attacking Ivanti EPMM with RCE Vulnerability appeared first on Cyber Security News.