frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Sleeper Shells: Attackers Are Planting Dormant Backdoors in Ivanti EPMM

https://defusedcyber.com/ivanti-epmm-sleeper-shells-403jsp
73•waihtis•2h ago

Comments

mmsc•2h ago
Every single Ivanti product (including their SSL-VPN) should be considered a critical threat. The fact that this company is allowed to continue to sell their malware dressed-up as "security solutions" is a disaster. How they haven't been sued into bankruptcy is something I'll never understand.
waihtis•1h ago
Well, next week there will be a similar vulnerability Fortinet and everyone will momentarily forget about Ivanti again :-)
mmsc•1h ago
Yes. These companies should be shut down in the name of national security, seriously.
yoyohello13•1h ago
If crowdstrike is any indicator, expect Ivanti stock to go up now. Seems to be the mo for security companies. Fuck up, get paid.
Ekaros•1h ago
There is no bad publicity? I take few had heard of them before so this is free marketing putting the name in public. Or then there is some broken LLM based sentiment analysis bot that automatically buy companies in news...
Nextgrid•1h ago
> How they haven't been sued into bankruptcy is something I'll never understand.

Isn't most off-the-shelf software effectively always supplied without any kind of warranty? What grounds would the lawsuit have?

mmsc•58m ago
Suing for negligence and friends is how car companies -- when it is found out they've built something highly unsafe/dangerously broken -- happens. I don't see the difference.
Nextgrid•1h ago
The purpose of cybersecurity products and companies is not to sell security. It's to sell the illusion of security to (often incompetent) execs - which is perfectly fine because the market doesn't actually punish security breaches so an illusion is all that's needed. It is an insanely lucrative industry selling luxury-grade snake oil.

Actual cybersecurity isn't something you can just buy off-the-shelf and requires skill and making every single person in the org to give a shit about it, which is already hard to achieve, and even more so when you've tried for years to pay them as little as you can get away with.

cortesoft•59m ago
It's also selling box checks for various certifications.
bootsmann•6m ago
Actually there is a significant push to more effective products coming from the reinsurance companies that underwrite cyber risks. Most of them come with a checklist of things you need to have before they sign you at any reasonable price. The more we get government regulation for fines in cases of breaches etc. the more this trend will accelerate.
sebstefan•1h ago
I didn't see that exploit showing up on Hackernews so here it is

https://hub.ivanti.com/s/article/Security-Advisory-Ivanti-En...

Ivanti doesn't explain how this happened or what mistake led to this exploit being created.

rezhaze88•1h ago
There is some dark amusement about an MDM and general enterprise management and security systems being used as the attack vector. Ivanti in particular has proven itself to be swiss cheese as of late, and would be bankrupt if people cared about security rather than it being a compliance/insurance checkbox that truly _nobody_ cares about in practice.

Semi-related: with the recent much-touted cybersecurity improvements of AI models (as well as the general recent increase in tensions and conflicts worldwide) I wonder just how much the pace of attacks will increase, and whether it’ll prove to be a benefit or a disadvantage over time. Government sponsored teams were already combing through every random weekend project and library that somehow ended in node or became moderately popular, but soon any dick and tom will be able to do it at scale for a few bucks. On the other hand, what’s being exploited tends to get patched in time - but this can take quite a while, especially when the target is some random side project on github last updated 4 years ago.

My gut feeling is that there will be a lot more exploitation everywhere, and not much upside for the end consumer (who didn’t care about state level actors anyway). Probably a good idea to firewall aggressively and minimize the surface area that can be attacked in the first place. The era of running any random vscode extension and trust-me-bro chrome extension is likely at an end. I’m also looking forward to being pwned by wifi enabled will-never-be-updated smart appliances that seem to multiply by the year.

chillax•1h ago
Related: Someone Knows Bash Far Too Well, And We Love It (Ivanti EPMM Pre-Auth RCEs CVE-2026-1281 & CVE-2026-1340) https://labs.watchtowr.com/someone-knows-bash-far-too-well-a...
ddtaylor•1h ago
I think there is an easier substitution attack since there is shell expansion occuring. I will toy with it later today.
pixl97•1h ago
>We are aware of a very limited number of customers whose solution has been exploited at the time of disclosure.

“We are aware” and “very limited” are likely (in our opinion, this is probably not fact, etc, etc) to be doing a significant amount of lifting.

For avoidance of doubt, the following versions of Ivanti EPMM are patched:

None

----

Ah, this company is a security joke as most software security companies are.

javcasas•1h ago
"We are aware" can mean "we are taking this very seriously and have seen very little so far" or it can mean "after covering our eyes and plugging our ears we are seeing and hearing very little of this problem".
moepstar•1h ago
If you're aware of the sheer number of exploits that can work around or without authentication against anything Ivanti, it has to be the latter.
pipo234•51m ago
And "a very limited number" may mean "though we pretend to be a big company, we have a limited number of customers and while they all pay licence fees, most are not actually using the product in production."
ghostly_s•26m ago
It seems you forgot to note this comment is a quote from [1].

1. https://labs.watchtowr.com/someone-knows-bash-far-too-well-a...

goopypoop•53m ago
thank god they're dormant eh
m000•9m ago
Can't help but notice the weird choice of illustration in TFA.

Ivanti is a US company. But if you have never heard of them, the dragon-resembling creature in the illustration (representing the dormant backdoor?) makes it look like the incident is somehow related to China.

Converting a $3.88 analog clock from Walmart into a ESP8266-based Wi-Fi clock

https://github.com/jim11662418/ESP8266_WiFi_Analog_Clock
99•tokyobreakfast•1h ago•35 comments

Sleeper Shells: Attackers Are Planting Dormant Backdoors in Ivanti EPMM

https://defusedcyber.com/ivanti-epmm-sleeper-shells-403jsp
77•waihtis•2h ago•21 comments

Why Is the Sky Blue?

https://explainers.blog/posts/why-is-the-sky-blue/
76•udit99•2h ago•25 comments

Hard-braking events as indicators of road segment crash risk

https://research.google/blog/hard-braking-events-as-indicators-of-road-segment-crash-risk/
16•aleyan•33m ago•1 comments

Thoughts on Generating C

https://wingolog.org/archives/2026/02/09/six-thoughts-on-generating-c
116•ingve•3h ago•20 comments

UEFI Bindings for JavaScript

https://codeberg.org/smnx/promethee
123•ananas-dev•3h ago•69 comments

Show HN: Algorithmically Finding the Longest Line of Sight on Earth

https://alltheviews.world
271•tombh•7h ago•111 comments

It's not you; GitHub is down again

https://www.githubstatus.com/incidents/54hndjxft5bx
195•MattIPv4•1h ago•111 comments

The Traffic Mimes of Bogotá

https://www.atlasobscura.com/articles/traffic-mimes-of-colombia
22•IgorPartola•4d ago•0 comments

Medieval Monks Wrote over Ancient Star Catalog – Particle Accel Reveals Original

https://www.smithsonianmag.com/smart-news/medieval-monks-wrote-over-a-copy-of-an-ancient-star-cat...
37•bookofjoe•5d ago•5 comments

Long-Sought Proof Tames Some of Math's Unruliest Equations

https://www.quantamagazine.org/long-sought-proof-tames-some-of-maths-unruliest-equations-20260206/
41•ibobev•3h ago•7 comments

AT&T, Verizon blocking release of Salt Typhoon security assessment reports

https://www.reuters.com/business/media-telecom/senator-says-att-verizon-blocking-release-salt-typ...
140•redman25•3h ago•35 comments

Art of Roads in Games

https://sandboxspirit.com/blog/art-of-roads-in-games/
528•linolevan•20h ago•165 comments

Like Game-of-Life, but on Growing Graphs, with WASM and WebGL

https://znah.net/graphs/
76•znah•1d ago•12 comments

Vouch

https://github.com/mitchellh/vouch
1015•chwtutha•1d ago•437 comments

Humans peak in midlife: A combined cognitive and personality trait perspective

https://www.sciencedirect.com/science/article/pii/S0160289625000649
84•Brajeshwar•3h ago•26 comments

Why is Singapore no longer "cool"?

https://marginalrevolution.com/marginalrevolution/2026/02/why-is-singapore-no-longer-cool.html
27•paulpauper•1h ago•28 comments

Nobody knows how the whole system works

https://surfingcomplexity.blog/2026/02/08/nobody-knows-how-the-whole-system-works/
175•azhenley•12h ago•134 comments

Roman industrial hub discovered on banks of River Wear

https://www.durham.ac.uk/news-events/latest-news/2026/01/roman-industrial-hub-discovered-on-banks...
52•andsoitis•4d ago•10 comments

Show HN: Printable Classics – Free printable classic books for hobby bookbinders

https://printableclassics.com
38•bookman10•5h ago•17 comments

Irish man detained by ICE for 5 months

https://www.rte.ie/news/ireland/2026/0209/1557514-seamus-culleton/
41•cauliflower99•53m ago•5 comments

Show HN: Browse Internet Infrastructure

https://www.wirewiki.com
97•pul•5h ago•15 comments

Offpunk 3.0

https://ploum.net/2026-02-09-offpunk3.html
142•todsacerdoti•7h ago•29 comments

Matrix messaging gaining ground in government IT

https://www.theregister.com/2026/02/09/matrix_element_secure_chat/
173•rbanffy•5h ago•134 comments

GitHub Is Down

https://github.com/
247•albelfio•1h ago•148 comments

LispE: Lisp Interpreter with Pattern Programming and Lazy Evaluation

https://github.com/naver/lispe
92•PaulHoule•4d ago•16 comments

Every book recommended on the Odd Lots Discord

https://odd-lots-books.netlify.app/
163•muggermuch•18h ago•62 comments

Show HN: A custom font that displays Cistercian numerals using ligatures

https://bobbiec.github.io/cistercian-font.html
146•bobbiechen•19h ago•36 comments

Experts Have World Models. LLMs Have Word Models

https://www.latent.space/p/adversarial-reasoning
195•aaronng91•23h ago•187 comments

Show HN: Minimal NIST/OWASP-compliant auth implementation for Cloudflare Workers

https://github.com/vhscom/private-landing
28•vhsdev•6h ago•8 comments