Security alert: Critical unauthenticated RCE vulnerabilities in Ivanti EPMM

**Executive summary:** Two critical unauthenticated command-injection zero-days in Ivanti EPMM (CVE-2026-1281, CVE-2026-1340; CVSS 9.8) are being actively exploited to deploy webshells and persistent reverse shells, enabling full system compromise and potential lateral movement; apply the vendor RPMs immediately, rebuild or restore compromised instances prior to first IoC, and rotate credentials. The report provides targeted URIs and a 404-based regex for triage and warns that attackers clear local logs, so external SIEM logs are critical for forensics.