Critical Zero-Day Vulnerabilities Uncovered in Ivanti and Microsoft Products

On January 30, 2026, the cybersecurity landscape was shaken by the disclosure of critical zero-day vulnerabilities in products from Ivanti and Microsoft. Ivanti reported two vulnerabilities, CVE-2026-1281 and CVE-2026-1340, in its Endpoint Manager Mobile software, which are actively being exploited to allow unauthenticated remote code execution. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included these vulnerabilities in its Known Exploited Vulnerabilities catalog, stressing the need for immediate remediation to prevent potential system compromise.

Simultaneously, Microsoft issued emergency patches for CVE-2026-21509, a zero-day vulnerability in Microsoft Office that enables attackers to bypass security features within Office documents. This vulnerability requires user interaction, but its exploitation has already been linked to ongoing attacks.

Organizations must prioritize these updates, as failure to do so could lead to significant breaches and data loss. With the ongoing rise in cyber attacks across various sectors, including education and local government, today's vulnerabilities underscore the urgent need for robust cybersecurity measures.