TheRegister's platform is a leading technology news website, offering insights into IT industry news, hardware reviews, and software updates. Through articles, analysis, and opinion pieces, TheRegister offers insights into cybersecurity threats, technology trends, and industry developments. Readers can stay updated with the latest news and analysis from the world of technology and IT business.

The Register

Two critical zero-day vulnerabilities (CVE-2026-1281 and CVE-2026-1340) in Ivanti's Endpoint Manager Mobile (EPMM) are being actively exploited, both rated 9.8 CVSS and allowing unauthenticated remote code execution. A limited number of customers have been compromised, with attackers potentially gaining access to admin credentials, device data, and network access. Ivanti recommends checking Apache logs for suspicious activity, looking for web shells and unexpected WAR/JAR files, and restoring from backups rather than attempting to clean compromised systems. Security experts warn that organizations with exposed vulnerable instances should consider themselves compromised and initiate incident response immediately.

Ivanti's January bad luck continues as 0-days hit customers