Podcast: Malicious Listeners in Ivanti EPMM: Breaking Down CISA’s AR25-261 Report

In this urgent episode of The Cyber Resilience Brief, host Tova Dvorin and SafeBreach’s Adrian Culley unpack CISA’s brand-new AR25-261A report on malicious listeners targeting Ivanti Endpoint Manager Mobile (EPMM). Learn how attackers exploit CVE-2025-4427 and CVE-2025-4428 with sophisticated Base64-encoded payloads to evade detection and establish persistent backdoors.

Key takeaways include:

• How state-sponsored groups are targeting industries like finance, healthcare, retail, education, manufacturing, and energy.
• Malware techniques, from malicious loaders to chunked, reassembled payloads.
• The importance of IOCs, YARA rules, and Sigma rules for proactive defense.
• CISA’s top recommendations: upgrade Ivanti EPMM, treat MDM as critical infrastructure, and deploy phishing-resistant MFA.
• SafeBreach Labs’ attack simulation, live within three hours of the report, enabling partners and customers to test, detect, and remediate immediately.

Stay ahead of attackers—learn how to defend against today’s critical Ivanti EPMM threat.