Ivanti has confirmed actively exploited, pre‑authentication remote code‑execution flaws in its Endpoint Manager Mobile platform, allowing attackers to hijack internet‑facing MDM servers, push malicious device profiles, and exfiltrate sensitive mobile data at enterprise scale
With 2.5bn active devices, Apple commands an AI footprint unmatched by any model laboratory or cloud provider. The company is converting hardware ubiquity into a competitive moat, bypassing the race for ever-larger models to integrate AI into a distribution network already serving billions.
Israeli startup Factify has raised $73 million in a seed round to build a new document standard for the AI era, aiming to replace the static PDF with intelligent, governable records. The funding was led by Valley Capital Partners and backed by prominent figures in technology and finance.
Ivanti has confirmed actively exploited, pre‑authentication remote code‑execution flaws in its Endpoint Manager Mobile platform, allowing attackers to hijack internet‑facing MDM servers, push malicious device profiles, and exfiltrate sensitive mobile data at enterprise scale
Cyber News Centre's cyber update for 2nd February 2026: Ivanti has disclosed two critical zero-day vulnerabilities in its Endpoint Manager Mobile (EPMM) software, which are under active attack.
Ivanti is a US-based IT software company that provides solutions for IT security, service management, and unified endpoint management. Its EPMM platform is a mobile device management (MDM) solution used by enterprises worldwide to secure and manage corporate and user-owned mobile devices.
Update: Ivanti has released emergency patches for two critical zero-day vulnerabilities, CVE-2026-1281 and CVE-2026-1340, affecting its Endpoint Manager Mobile (EPMM) software. Both flaws are code injection vulnerabilities that allow unauthenticated attackers to execute arbitrary code remotely. With a CVSS score of 9.8, the vulnerabilities pose a significant threat to organisations that use EPMM to manage their mobile device fleets.
The company has confirmed that a "very limited number" of customers have been exploited. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-1281 to its Known Exploited Vulnerabilities (KEV) catalog, mandating that U.S. federal agencies patch the flaw by February 1, 2026.
The flaws stem from Ivanti’s In‑House Application Distribution and Android File Transfer Configuration features, where crafted requests can unlock a rich seam of sensitive data; from admin and user credentials to phone numbers, IP addresses and unique device identifiers across the managed fleet.
Once in, attackers are not just reading data but effectively inheriting the keys to the MDM kingdom, with the ability to push configuration changes that can weaken protections or seed malicious profiles across thousands of devices in one hit.
Ivanti has rushed out temporary RPM scripts as a stop‑gap and says a full fix will land in version 12.8.0.0 later in Q1 2026, but the episode adds to a growing rap sheet: as CNC reported in 2024, the same vendor has already weathered major bugs in its Connect Secure and Policy Secure gateways, keeping the spotlight firmly on its hardening story.
Why it Matters: The exploitation of these zero-day vulnerabilities in Ivanti's EPMM software places thousands of organisations globally at immediate risk. As a widely used mobile device management (MDM) platform, EPMM is a gateway to sensitive corporate data and a critical component of enterprise security.
A compromise of the EPMM appliance could lead to widespread data breaches, lateral movement across corporate networks, and the deployment of malware on thousands of mobile devices. The fact that these vulnerabilities are being actively exploited in the wild elevates the threat level, requiring immediate action from all EPMM customers. The short patching deadline set by CISA underscores the severity of the situation.
This incident highlights the inherent risks in the software supply chain and the critical need for robust vulnerability management programs. The potential for attackers to gain access to both corporate and personal data on mobile devices makes this a significant threat to business operations and individual privacy.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
The CL0P ransomware gang has breached Podiatry WA, a key Australian healthcare association, as part of a massive 22-victim global attack wave. The incident highlights the escalating threat of data extortion targeting professional services and healthcare sectors across Australia.
Microsoft has issued an emergency patch for a high-severity zero-day vulnerability (CVE-2026-21509) in Microsoft Office. The flaw, which bypasses key security features, is being actively exploited in targeted attacks, posing a significant risk to organizations globally, including in Australia.
The Everest ransomware group has breached ASRock Rack, a major server hardware vendor, stealing 509GB of sensitive data including firmware, BIOS, and other critical files. The breach creates a significant supply chain risk, potentially allowing attackers to embed vulnerabilities in server hardware.
A newly disclosed vulnerability in Schneider Electric's Foxboro DCS, a widely used industrial control system, could allow attackers to disrupt critical infrastructure operations. The flaw, originally from Intel, affects energy and manufacturing sectors worldwide, including Australia.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
