Neura Robotics raises $1.4B backed by NVIDIA and Amazon to scale physical AI and humanoids to millions of units by 2030, as autonomous robot teams make their tactical debut at Eurosatory 2026.
AI agents are no longer side experiments. They are becoming live attack surface, carrying access to data, code and identity. For Australian businesses, the message is clear: adoption must be matched with control.
OpenAI's $3.7bn quarterly burn is not a crisis. It is a down payment on sovereignty. After the SpaceX earthquake and the grounding of Anthropic's models, its coming IPO will not read as a graduation but as a treaty: the state installed as permanent shareholder in the architecture of intelligence.
Ivanti has confirmed actively exploited, pre‑authentication remote code‑execution flaws in its Endpoint Manager Mobile platform, allowing attackers to hijack internet‑facing MDM servers, push malicious device profiles, and exfiltrate sensitive mobile data at enterprise scale
Cyber News Centre's cyber update for 2nd February 2026: Ivanti has disclosed two critical zero-day vulnerabilities in its Endpoint Manager Mobile (EPMM) software, which are under active attack.
Ivanti is a US-based IT software company that provides solutions for IT security, service management, and unified endpoint management. Its EPMM platform is a mobile device management (MDM) solution used by enterprises worldwide to secure and manage corporate and user-owned mobile devices.
Update: Ivanti has released emergency patches for two critical zero-day vulnerabilities, CVE-2026-1281 and CVE-2026-1340, affecting its Endpoint Manager Mobile (EPMM) software. Both flaws are code injection vulnerabilities that allow unauthenticated attackers to execute arbitrary code remotely. With a CVSS score of 9.8, the vulnerabilities pose a significant threat to organisations that use EPMM to manage their mobile device fleets.
The company has confirmed that a "very limited number" of customers have been exploited. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-1281 to its Known Exploited Vulnerabilities (KEV) catalog, mandating that U.S. federal agencies patch the flaw by February 1, 2026.
The flaws stem from Ivanti’s In‑House Application Distribution and Android File Transfer Configuration features, where crafted requests can unlock a rich seam of sensitive data; from admin and user credentials to phone numbers, IP addresses and unique device identifiers across the managed fleet.
Once in, attackers are not just reading data but effectively inheriting the keys to the MDM kingdom, with the ability to push configuration changes that can weaken protections or seed malicious profiles across thousands of devices in one hit.
Ivanti has rushed out temporary RPM scripts as a stop‑gap and says a full fix will land in version 12.8.0.0 later in Q1 2026, but the episode adds to a growing rap sheet: as CNC reported in 2024, the same vendor has already weathered major bugs in its Connect Secure and Policy Secure gateways, keeping the spotlight firmly on its hardening story.
Why it Matters: The exploitation of these zero-day vulnerabilities in Ivanti's EPMM software places thousands of organisations globally at immediate risk. As a widely used mobile device management (MDM) platform, EPMM is a gateway to sensitive corporate data and a critical component of enterprise security.
A compromise of the EPMM appliance could lead to widespread data breaches, lateral movement across corporate networks, and the deployment of malware on thousands of mobile devices. The fact that these vulnerabilities are being actively exploited in the wild elevates the threat level, requiring immediate action from all EPMM customers. The short patching deadline set by CISA underscores the severity of the situation.
This incident highlights the inherent risks in the software supply chain and the critical need for robust vulnerability management programs. The potential for attackers to gain access to both corporate and personal data on mobile devices makes this a significant threat to business operations and individual privacy.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
AI agents are no longer side experiments. They are becoming live attack surface, carrying access to data, code and identity. For Australian businesses, the message is clear: adoption must be matched with control.
Tenet Security says a fake Sentry error can push AI coding agents into running attacker controlled code, putting developer trust under fresh scrutiny.
Cyera’s reported $300 million raise at a $12 billion valuation shows how quickly enterprise data security is being repriced as AI adoption accelerates. The figures should be framed carefully, because Cyera has disputed the reported numbers.
CISA has added an actively exploited LiteSpeed cPanel Plugin flaw to its KEV catalogue, with hosting providers urged to patch or remove the vulnerable user-end plugin.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
