In this urgent episode of The Cyber Resilience Brief, host Tova Dvorin and SafeBreach’s Adrian Culley analyze the brand-new CISA AR25-261A report detailing malicious listeners in Ivanti Endpoint Manager Mobile (EPMM). We break down how attackers are exploiting CVE-2025-4427 and CVE-2025-4428, using sophisticated base64-encoded payload delivery to evade detection and establish persistent backdoors.

Listeners will learn:

• How state-sponsored threat groups are targeting multiple industries—including finance, healthcare, retail, education, manufacturing, and energy.

• The malware techniques involved, from malicious loaders to reassembled encoded chunks.

• The critical role of Indicators of Compromise (IOCs), YARA rules, and Sigma rules in proactive defense.

• Why upgrading Ivanti EPMM, treating MDM as critical infrastructure, and deploying phishing-resistant MFA are the top recommendations from CISA.

Finally, we share how SafeBreach Labs has already built the attack simulation—available within three hours of CISA’s release—so partners and customers can test, detect, and remediate this threat immediately.

🔒 Stay ahead of attackers. Learn how to protect your organization against one of today’s most pressing Ivanti EPMM threats.