Apple has addressed a serious zero-day vulnerability, identified as CVE-2026-20700, which was used in targeted attacks last year. This flaw, a memory corruption issue in the dyld component of Apple's operating systems, could allow attackers to execute arbitrary code on affected devices. Specifically, the vulnerability impacts versions of iOS prior to iOS 26 and was reportedly exploited in sophisticated attacks against select individuals. Users of these older versions should update their devices to protect against potential exploitation.
Microsoft has recently patched six zero-day vulnerabilities, which are serious security flaws that attackers can exploit to gain unauthorized access. Users are typically urged to update their systems immediately to protect against such threats. However, some experts are advising caution, suggesting that these patches might cause issues or conflicts with existing software. This situation leaves many users in a challenging position as they weigh the risks of applying the updates against the potential vulnerabilities. It's important for individuals and organizations to assess their specific environments before proceeding with the updates to ensure they don't inadvertently create new problems.
In February 2026, Microsoft addressed over 50 security vulnerabilities during its Patch Tuesday update, including six zero-day flaws that were actively exploited by attackers. Notably, three of these zero-days involve security feature bypasses. One of the vulnerabilities, identified as CVE-2026-21513, impacts the MSHTML/Trident browser engine used in Internet Explorer on Windows, while CVE-2026-21514 affects Microsoft Word. Attackers can exploit these vulnerabilities by tricking users into opening malicious files or links. As these security holes are actively being exploited, users and organizations must apply the updates promptly to protect their systems from potential breaches.
The European Commission recently experienced a cyberattack that took advantage of two critical zero-day vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software, identified as CVE-2026-1281 and CVE-2026-1340. These vulnerabilities allowed attackers to potentially compromise sensitive information and systems within the Commission. As a key institution in the EU, any breach could have significant implications for data security and operational integrity. The exploitation of these flaws underscores the urgent need for organizations using Ivanti EPMM to assess their security measures and apply necessary updates promptly. This incident serves as a reminder of the ongoing risks associated with unpatched software vulnerabilities.
A Chinese cyber group known as UNC3886 has targeted Singapore's four major telecom providers using advanced techniques, including rootkits and a zero-day exploit. Fortunately, the attack did not disrupt services or compromise customer data. This incident raises concerns about the security of essential infrastructure, as telecom providers play a critical role in national communication systems. While no direct impact on users was reported, the use of sophisticated methods by attackers emphasizes the need for ongoing vigilance and robust security measures within the telecommunications sector. Companies must remain alert to such threats and ensure their defenses are up to date.
Recent zero-day attacks have breached the European Commission and government agencies in Finland and the Netherlands, targeting vulnerabilities in Ivanti software. These incidents appear to be linked, raising concerns about the security of sensitive governmental information. Ivanti is known for providing IT management solutions, and the exploitation of these vulnerabilities can lead to unauthorized access to critical data. This situation emphasizes the need for government agencies to enhance their cybersecurity measures and stay updated with software patches to prevent future breaches. The ongoing exploitation underscores a serious risk to national security and personal data protection across Europe.
The Dutch Data Protection Authority and the Council for the Judiciary have confirmed that their systems were compromised due to a zero-day exploit of Ivanti Endpoint Manager Mobile (EPMM). This vulnerability, recently disclosed, allowed attackers to access sensitive employee contact information. The breach was reported to parliament on January 29, indicating that it poses a significant risk to the privacy of individuals whose data was exposed. The incident underscores the importance of timely patching and system security, as organizations are urged to address these vulnerabilities to protect against future attacks.
In February 2026, a significant security update was released that addressed 59 Common Vulnerabilities and Exposures (CVEs), including six zero-day vulnerabilities. These vulnerabilities could allow attackers to gain unauthorized access or execute malicious code on affected systems. Various products from multiple vendors are impacted, which means a wide range of users, including businesses and individual consumers, could be at risk. The presence of zero-day vulnerabilities indicates that attackers could exploit these weaknesses before users have the chance to apply the necessary patches. Companies and users are urged to update their systems promptly to mitigate potential risks associated with these vulnerabilities. Ignoring these updates could expose them to serious security breaches.
In December 2025, vulnerabilities in SolarWinds Web Help Desk instances were exploited, allowing attackers to gain initial access to compromised systems. This incident raises concerns for organizations using SolarWinds products, as it indicates that these flaws may have been leveraged as zero-day exploits. Such vulnerabilities can lead to unauthorized access and potential data breaches, making it crucial for affected companies to address these security gaps promptly. Users should be vigilant and monitor their systems for unusual activity while applying any available patches or updates. The incident serves as a reminder of the ongoing risks associated with third-party software vulnerabilities.
BeyondTrust has addressed a serious remote code execution vulnerability, identified as CVE-2026-1731, which affects its Remote Support (RS) and Privileged Remote Access (PRA) solutions. This vulnerability can be exploited without authentication, making it particularly dangerous for self-hosted customers. BeyondTrust is urging users to apply the patch immediately to protect their systems. Unlike a previous zero-day vulnerability exploited by threat actors linked to China, this issue was discovered by a security researcher and disclosed privately. The prompt action by BeyondTrust highlights the necessity for timely vulnerability management in remote access tools, which are critical for many organizations.
CISA has reported that ransomware gangs are now exploiting a serious vulnerability in VMware ESXi, which allows attackers to escape sandboxes and gain unauthorized access to systems. This vulnerability, which had previously been used in zero-day attacks, poses a significant risk to organizations using affected VMware products. Companies relying on VMware ESXi for virtualization need to be particularly vigilant, as attackers are actively targeting this flaw. The exploitation of such vulnerabilities can lead to severe data breaches and financial losses. Organizations should prioritize patching their systems to mitigate this risk and protect sensitive data from potential ransomware attacks.
Ivanti's Endpoint Manager Mobile (EPMM) is currently facing serious security threats due to two newly discovered zero-day vulnerabilities. Initial limited attacks were reported before Ivanti made its findings public, but since then, numerous threat groups have exploited these weaknesses, leading to a surge in attacks. More than 1,400 instances of EPMM remain exposed, putting organizations at risk of unauthorized access and data breaches. This situation is alarming as it highlights the vulnerabilities in widely used software, prompting urgent action from affected users to protect their systems. Companies using EPMM should prioritize patching and securing their environments to mitigate the risks associated with these vulnerabilities.
Hackread – Cybersecurity News, Data Breaches, AI, and More
Actively Exploited
Ivanti has reported two serious vulnerabilities in its Endpoint Manager Mobile (EPMM) software, identified as CVE-2026-1281 and CVE-2026-1340. These flaws allow remote code execution, meaning attackers could potentially take control of affected systems without needing physical access. The company warns that these vulnerabilities are currently being actively exploited, putting users at risk. Organizations using EPMM should prioritize applying the necessary security updates to safeguard their systems. Failure to address these vulnerabilities could lead to significant security breaches, affecting both the integrity of user data and the overall security posture of the organization.
Last week, Microsoft addressed a serious vulnerability in its Office software, which was being actively exploited by attackers. This zero-day flaw could allow unauthorized access to user systems, putting sensitive information at risk. Users of Microsoft Office should ensure they install the latest updates to protect themselves from potential attacks. Additionally, Fortinet released patches for a flaw in its FortiCloud single sign-on (SSO) service, which could have allowed unauthorized access to user accounts. Organizations using FortiCloud should prioritize applying these updates to safeguard their systems from exploitation.
Ivanti has revealed two serious vulnerabilities in its Endpoint Manager Mobile (EPMM) software, identified as CVE-2026-1281 and CVE-2026-1340. These vulnerabilities are currently being exploited in zero-day attacks, meaning attackers have already taken advantage of them before any fix was made available. Organizations using EPMM are at risk, as these flaws could allow unauthorized access to sensitive mobile device management functions. The situation is urgent, as the vulnerabilities are actively being exploited in the wild, which could lead to data breaches or unauthorized control over managed devices. Users and companies are advised to monitor for updates and take immediate action to secure their systems.