China-linked APT UNC5221 started exploiting Ivanti EPMM flaws shortly after their disclosure

China-linked APT group UNC5221 exploited two Ivanti EPMM flaws, CVE-2025-4427 and CVE-2025-4428, to target critical sectors across Europe, North America, and Asia-Pacific. The group used the vulnerabilities to steal PII and credentials, enabling lateral movement and deploying malware like KrustyLoader. Ivanti released patches for the vulnerabilities, urging users to update immediately.