Critical Ivanti Zero-Day Vulnerabilities Exploited Amid Widespread Breaches
Critical Ivanti Zero-Day Vulnerabilities Exploited Amid Widespread Breaches
On January 31, 2026, Ivanti disclosed two critical zero-day vulnerabilities in its Endpoint Manager Mobile (EPMM), identified as CVE-2026-1281 and CVE-2026-1340. These vulnerabilities, which allow unauthenticated remote code execution, have been actively exploited in the wild. With a CVSS score of 9.8, organizations are urged to apply patches immediately to mitigate potential risks. This alarming disclosure comes at a time when the cybersecurity landscape is already strained, highlighted by a significant data breach at TriZetto affecting healthcare providers in multiple states, exposing sensitive patient data. Additionally, the ShinyHunters ransomware group has claimed responsibility for breaching high-profile targets, including Match Group and Panera Bread, further emphasizing the need for vigilance against evolving cyber threats. The recent hack of Trust Wallet, linked to a supply chain attack, exemplifies the growing complexity of threats facing both consumers and businesses today.
Also In Security Today
- TriZetto Data Breach: Ongoing fallout from a breach at TriZetto has affected numerous healthcare providers, compromising sensitive data of thousands of individuals in Oregon. Source
- Ransomware Attacks: The ShinyHunters ransomware group has breached multiple high-profile targets, including Match Group and Panera Bread, exposing tens of millions of records through social engineering tactics. Source
- Trust Wallet Hack: Trust Wallet has reported a supply chain attack that led to the theft of around $8.5 million in cryptocurrency, exploiting compromised developer secrets. Source