The AI race in 2026 has shifted from "who has the smartest model" to "who can afford the power and capital to run them at scale." When Google issues century bonds and Musk eyes orbital data centres, the $700 billion question is whether anyone can sustain this pace.
The $700 Billion Reckoning: Why Tech Titans Are Betting the Future on AI—And Borrowing Like Sovereigns to Do It
Dutch telecom Odido confirms major cyberattack breached 6.2 million customers' personal data including names, addresses, bank account numbers details sparking serious identity theft concerns across the Netherlands
Ivanti has confirmed actively exploited, pre‑authentication remote code‑execution flaws in its Endpoint Manager Mobile platform, allowing attackers to hijack internet‑facing MDM servers, push malicious device profiles, and exfiltrate sensitive mobile data at enterprise scale
Cyber News Centre's cyber update for 2nd February 2026: Ivanti has disclosed two critical zero-day vulnerabilities in its Endpoint Manager Mobile (EPMM) software, which are under active attack.
Ivanti is a US-based IT software company that provides solutions for IT security, service management, and unified endpoint management. Its EPMM platform is a mobile device management (MDM) solution used by enterprises worldwide to secure and manage corporate and user-owned mobile devices.
Update: Ivanti has released emergency patches for two critical zero-day vulnerabilities, CVE-2026-1281 and CVE-2026-1340, affecting its Endpoint Manager Mobile (EPMM) software. Both flaws are code injection vulnerabilities that allow unauthenticated attackers to execute arbitrary code remotely. With a CVSS score of 9.8, the vulnerabilities pose a significant threat to organisations that use EPMM to manage their mobile device fleets.
The company has confirmed that a "very limited number" of customers have been exploited. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-1281 to its Known Exploited Vulnerabilities (KEV) catalog, mandating that U.S. federal agencies patch the flaw by February 1, 2026.
The flaws stem from Ivanti’s In‑House Application Distribution and Android File Transfer Configuration features, where crafted requests can unlock a rich seam of sensitive data; from admin and user credentials to phone numbers, IP addresses and unique device identifiers across the managed fleet.
Once in, attackers are not just reading data but effectively inheriting the keys to the MDM kingdom, with the ability to push configuration changes that can weaken protections or seed malicious profiles across thousands of devices in one hit.
Ivanti has rushed out temporary RPM scripts as a stop‑gap and says a full fix will land in version 12.8.0.0 later in Q1 2026, but the episode adds to a growing rap sheet: as CNC reported in 2024, the same vendor has already weathered major bugs in its Connect Secure and Policy Secure gateways, keeping the spotlight firmly on its hardening story.
Why it Matters: The exploitation of these zero-day vulnerabilities in Ivanti's EPMM software places thousands of organisations globally at immediate risk. As a widely used mobile device management (MDM) platform, EPMM is a gateway to sensitive corporate data and a critical component of enterprise security.
A compromise of the EPMM appliance could lead to widespread data breaches, lateral movement across corporate networks, and the deployment of malware on thousands of mobile devices. The fact that these vulnerabilities are being actively exploited in the wild elevates the threat level, requiring immediate action from all EPMM customers. The short patching deadline set by CISA underscores the severity of the situation.
This incident highlights the inherent risks in the software supply chain and the critical need for robust vulnerability management programs. The potential for attackers to gain access to both corporate and personal data on mobile devices makes this a significant threat to business operations and individual privacy.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Dutch telecom Odido confirms major cyberattack breached 6.2 million customers' personal data including names, addresses, bank account numbers details sparking serious identity theft concerns across the Netherlands
Australian firm FIIG Securities has been ordered to pay a $2.5 million penalty by the Federal Court following ASIC action over significant cybersecurity failures that led to a major data breach in 2023. The landmark case sets a new precedent for cyber resilience obligations for AFS licensees.
Victoria's largest not-for-profit private hospital group, Epworth HealthCare, has been targeted by a fake ransomware group known as 0APT. The group claims to have stolen 920GB of patient data, but evidence suggests it is a bluff designed to extort money through psychological warfare.
A critical 9.8‑rated flaw (CVE-2025-40551) in SolarWinds Web Help Desk is under active exploitation, letting unauthenticated attackers execute remote code and prompting urgent patch orders for government and enterprise users worldwide.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
