Majority of Ivanti EPMM Exploits Linked to Bulletproof Hosting Provider

Between February 1 and 9, 2026, threat intelligence company GreyNoise recorded 417 exploitation sessions from 8 unique IP addresses targeting a recently disclosed security vulnerability in Ivanti Endpoint Manager Mobile (EPMM). Of these attempts, 346 can be attributed to a single IP address hosted on PROSPERO's infrastructure, known for providing bulletproof hosting services.