News

Ivanti EPMM Zero-Day RCE Flaws CVE-2026-1281 and CVE-2026-1340 Exploited

Luciano Ferrari

30 Jan 2026 — 2 min read

Friday, January 30, 2026

Top 5 Cybersecurity Stories You Should Know

Ivanti EPMM Zero-Day RCE Flaws CVE-2026-1281 and CVE-2026-1340 Exploited — tl;dr: Ivanti has released security updates for two critical zero-day vulnerabilities, CVE-2026-1281 and CVE-2026-1340, affecting Ivanti Endpoint Manager Mobile (EPMM) versions 12.5.0.0 and prior, 12.6.0.0 and prior, and 12.7.0.0 and prior. Both flaws allow unauthenticated remote code execution and have been actively exploited. Users are advised to apply the updates by February 1, 2026, especially Federal Civilian Executive Branch agencies, and to check for signs of compromise in their systems. A permanent fix will be included in the upcoming EPMM version 12.8.0.0, expected in Q1 2026.
↪ https://thehackernews.com/2026/01/two-ivanti-epmm-zero-day-rce-flaws.html
2025 Sees Record 3,322 Data Breaches, Transparency Declines, Says ITRC — tl;dr: The Identity Theft Resource Center's 2025 Annual Data Breach report reveals a record 3,322 data breaches, a 5% increase from 2024. The financial services sector was the most affected, with 739 breaches, followed by healthcare and professional services. Notably, actionable transparency in breach notifications has plummeted from 93% in 2021 to just 30% in 2025, leaving consumers with less information to protect themselves. Experts advise individuals to take proactive measures such as freezing credit, using multi-factor authentication, and choosing businesses that prioritize data protection.
↪ https://www.wrtv.com/news/wrtv-investigates/report-reveals-record-number-of-data-breaches-in-2025
Data Breach Detection and Prevention Strategies for Organizations — tl;dr: Organizations face increasing threats from data breaches, necessitating robust detection, prevention, and notification strategies. Key areas of focus include implementing advanced security measures such as encryption, multifactor authentication, and continuous monitoring. Companies must also ensure compliance with regulations like GDPR and HIPAA to protect sensitive data. Regular training for employees on recognizing phishing attempts and other cyber threats is crucial. In the event of a breach, timely notification to affected individuals and regulatory bodies is essential to mitigate damage and maintain trust. Staying informed about emerging threats and technologies is vital for effective cybersecurity.
↪ https://www.databreachtoday.com/
Microsoft Office Zero-Day CVE-2026-21509 Exposes Users to Elevated Risks — tl;dr: A critical zero-day vulnerability, CVE-2026-21509, affects multiple Microsoft Office versions, including Office 2016 through 2024 LTSC and Microsoft 365. This flaw allows attackers to exploit OLE security checks, leading to potential code execution and data theft when users open malicious documents, primarily via phishing attacks. Organizations are urged to apply emergency patches immediately, utilize temporary registry mitigations for Office 2016/2019, enable Protected View, and strengthen phishing defenses to mitigate risks until full patches are available.
↪ https://smartermsp.com/cybersecurity-threat-advisory-microsoft-office-zero-day-vulnerability/
US Data Breaches Reach Record High in 2025, Victim Count Drops Significantly — tl;dr: In 2025, the US experienced a record 3,332 data compromises, a 5% increase from 2024, according to the Identity Theft Resource Center (ITRC). However, the number of individual victims plummeted to 279 million, down from 1.4 billion in 2024, primarily due to the absence of major breaches. The financial services sector was the hardest hit, accounting for 22% of incidents. Despite fewer victims, 70% of breach notifications lacked details on the attacks, complicating risk assessment for consumers. Experts recommend businesses adopt transparent security practices and Zero Trust models to enhance protection and mitigate risks.
↪ https://www.infosecurity-magazine.com/news/us-data-breaches-record-high/