Sleeper Shells: How Attackers Are Planting Dormant Backdoors in Ivanti EPMM
Summary
Defused analyzes a campaign against Ivanti EPMM involving a dormant in-memory Java class loader loaded via a 403.jsp path. The article ties exploitation to CVE-2026-1281 and CVE-2026-1340, discusses indicators of compromise and attacker tradecraft, and provides immediate remediation guidance such as patching and log review.