Cybersecurity Weekly Update: 26 January - 2 February 2026

1. Two Critical Ivanti EPMM Zero‑Days Exploited in the Wild

Security updates were issued by Ivanti this week after two critical zero‑day vulnerabilities in Endpoint Manager Mobile (EPMM) — tracked as CVE‑2026‑1281 and CVE‑2026‑1340 — were confirmed as being actively exploited in real‑world attacks. Both issues enable unauthenticated remote code execution (RCE) via code‑injection flaws, and one of them (CVE‑2026‑1281) was added to the U.S. CISA Known Exploited Vulnerabilities (KEV) catalog.

(https://www.thehackernews.com/2026/01/two-ivanti-epmm-zero-day-rce-flaws.html)

Why it matters: Ivanti EPMM is widely used for mobile device management. Active exploitation of these flaws could allow attackers to seize control of devices and potentially pivot deeper into corporate networks. Patch immediately and assess exposure.

Action: Apply interim patches, verify isolated network segmentation for EPMM, and plan to upgrade to the permanent fix expected in Q1 2026.

2. Microsoft Office Zero‑Day Lets Malicious Documents Slip Past Security Checks

Microsoft issued an emergency patch this week for a high‑severity zero‑day vulnerability in its Office suite that is actively being exploited in the wild. The flaw, tracked as CVE‑2026‑21509, allows attackers to bypass built‑in document security checks by manipulating how Office handles embedded objects in files such as Word, Excel, and PowerPoint.(https://www.malwarebytes.com/blog/news/2026/01/microsoft-office-zero-day-lets-malicious-documents-slip-past-security-checks)

This security feature bypass flaw abuses Microsoft’s Object Linking and Embedding (OLE) mitigations — which normally block unsafe controls inside documents — allowing malicious attachments to execute embedded code without triggering standard protections. Proof‑of‑concept code is publicly available, increasing the likelihood of exploitation by opportunistic attackers.

Why it matters: Office remains one of the most ubiquitously installed productivity platforms in enterprises across defence, finance, healthcare, and education. A zero‑day that subverts its document protections significantly raises the risk of malware delivery, credential theft, and lateral compromise via phishing or malicious file campaigns.

Action: Apply Microsoft’s emergency patch immediately. For Microsoft 365 and newer Office builds, this may require only restarting Office apps; older versions (Office 2016/2019) should be manually updated and closely monitored for suspicious attachments.

3. FinTech Ransomware Breach Tied to SonicWall Configuration Backups

Marquis, a U.S.‑based fintech service provider for banks and credit unions, confirmed that a ransomware attack resulted in the loss of sensitive customer data and pointed to the compromise of SonicWall firewall configuration backups as part of the attack chain. SonicWall had previously acknowledged a breach of its MySonicWall cloud platform, which stores backup configurations for appliances. (https://www.techradar.com/pro/security/marquis-confirms-data-breach-point-finger-of-blame-at-sonicwall-firewall)

The fintech firm has raised the possibility that this compromised backup data — including firewall rules, admin credentials, and potentially VPN configurations — contributed to the attackers gaining initial access. SonicWall disputes the direct link, but the incident

underscores lingering supply‑chain and configuration‑management risks.

Why it matters: Attackers targeting backup and management systems can undermine core perimeter defences, lateral movement controls, and incident recovery plans.

Action: Rotate and secure backup credentials, enforce MFA, and monitor for anomalous access to management interfaces.

4. Messaging Apps & Malware: WhatsApp Risks and Protections

Security researchers disclosed a vulnerability in WhatsApp that could allow malicious media files in group chats to deliver harmful payloads without explicit user interaction — exploiting automatic media handling.(https://www.malwarebytes.com/blog/news/2026/01/a-whatsapp-bug-lets-malicious-media-files-spread-through-group-chats)

In response, Meta has begun rolling out advanced media protections and privacy enhancements to better detect and block these risky files across WhatsApp and associated platforms. (https://www.malwarebytes.com/blog/news/2026/01/whatsapp-rolls-out-new-protections-against-advanced-exploits-and-spyware)

Why it matters: Messaging platforms remain common malware delivery vectors, requiring proactive user and endpoint controls.

Action: Disable automatic media downloads, enforce strict privacy settings, and update applications promptly.

Key Recommendations

• Patch Immediately: Apply updates for Ivanti EPMM, Microsoft Office, and other actively exploited vulnerabilities without delay.

• Harden Access & Authentication: Enforce multi-factor authentication (MFA) on management platforms, backup systems, and messaging applications.

• Secure Backup and Configuration Systems: Rotate credentials, restrict access, and monitor for unusual activity.

• Protect Endpoints & Mobile Devices: Verify segmentation of managed mobile devices and ensure messaging apps are updated with latest protections.

• Enhance Monitoring and Response: Implement continuous threat monitoring, anomaly detection, and incident response procedures across enterprise networks.

• Review Third-Party Dependencies: Audit external service providers, cloud platforms, and device management tools for potential exposure.