Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On January 29, 2026, Ivanti released fixes for two critical zero-day code injection vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM). The vulnerabilities, tracked as CVE-2026-1281 and CVE-2026-1340, impact the In-House Application Distribution and Android File Transfer Configuration features and allow unauthenticated remote threat actors to achieve remote code execution.

On January 28, 2026, SolarWinds released fixes for multiple vulnerabilities impacting Web Help Desk (WHD). WHD is an IT service management platform that may contain sensitive information, making it a valuable target for threat actors if compromised. Among the vulnerabilities addressed, four were rated as critical: At the time of writing, Arctic Wolf has not observed exploitation of these vulnerabilities in the wild, nor identified a publicly available proof-of-concept exploit.

On January 27, 2026, Fortinet released an advisory detailing a critical authentication bypass vulnerability affecting FortiOS, FortiAnalyzer, FortiManager, and FortiProxy products. Designated CVE-2026-24858, the vulnerability allows an unauthenticated threat actor with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.

On January 20, 2026, Oracle patched a maximum‑severity vulnerability in its Fusion Middleware suite affecting Oracle HTTP Server and the WebLogic Server Proxy Plug‑in, tracked as CVE‑2026‑21962. An unauthenticated remote threat actor can exploit this flaw to gain unauthorized creation, deletion, or modification access to critical data. The issue stems from improper handling of incoming requests by the WebLogic Server Proxy Plug‑ins for Apache HTTP Server and Microsoft IIS.

On January 21, 2026, Cisco released fixes for a high-severity vulnerability impacting Cisco Unified Communications products that is under active exploitation, tracked as CVE-2026-20045. The flaw arises from improper input validation of user-supplied data in HTTP requests to the web-based management interface of affected devices.

Starting on January 15, 2026, Arctic Wolf began observing a new cluster of automated malicious activity involving unauthorized firewall configuration changes on FortiGate devices. This activity involved the creation of generic accounts intended for persistence, configuration changes granting VPN access to those accounts, as well as exfiltration of firewall configurations.

At Arctic Wolf, we believe the future of cybersecurity is built on AI guided by human expertise. Staying at the forefront of security operations means not just adopting new technology but deeply understanding how and where it should be applied.