Security Check-in Quick Hits: Ivanti EPMM Exploits, Nike Data Breach, Fortinet Auth Bypass, eScan Supply Chain Attack, MoltBot AI Risks, 149M Credential Leak, VMware vCenter Flaw, Microsoft Office
For February 1, 2026
Welcome to today’s security roundup, where we dive into the most pressing cybersecurity issues making waves in the last 24 hours. From active exploits to massive data leaks, these stories highlight the ever-evolving threat landscape. Each section below serves as a mini-blog post unpacking one key issue, complete with details, impacts, and actionable advice. Stay vigilant!
Ivanti EPMM Zero-Day Exploits Rock Mobile Device Management
In a concerning development, Ivanti’s Endpoint Manager Mobile (EPMM) is under fire from two critical remote code execution vulnerabilities that have already seen limited exploitation. Attackers are targeting mobile device management systems, embedding bash scripts in payloads to achieve post-exploitation goals like persistence and data theft. Observed exploit IPs include those from Cloudflare, The Constant Company, and others across Asia, signaling a coordinated effort.
The impact? Compromised EPMM instances could lead to widespread mobile device breaches, exposing corporate data and enabling lateral movement in networks. Organizations using Ivanti products face risks of unauthorized access and malware deployment.
To mitigate, apply Ivanti’s emergency patches immediately, restrict internet exposure of management consoles, and monitor for suspicious activity using tools like intrusion detection systems. If you’re running vulnerable versions, assume compromise and conduct a full audit.
Nike Hit by Massive 1.4TB Data Breach from WorldLeaks
Sportswear giant Nike is investigating a staggering 1.4TB data theft claimed by the WorldLeaks ransomware group, including source code, employee details, and customer information. This breach ties into a broader retail sector assault, with similar incidents hitting brands like Panera Bread and Under Armour.
Victims include Nike’s employees and customers, potentially facing phishing, identity theft, and fraud from exposed emails and personal data. The retail industry as a whole is on alert, as such leaks can erode trust and lead to financial losses.
Consumers should monitor accounts closely, enable MFA everywhere, and be wary of unsolicited communications. For Nike and similar firms, bolstering incident response, encrypting sensitive data, and adopting zero-trust models are crucial. Regular supply-chain audits can prevent future extortion attempts.
Fortinet Patches Critical Auth Bypass Amid Active Exploitation
Fortinet has rushed out fixes for CVE-2026-24858, a high-severity authentication bypass in FortiOS SSO linked to FortiCloud, which attackers have exploited to create admin accounts and exfiltrate configs. Affecting products like FortiManager and FortiAnalyzer, this flaw (CVSS 9.4) allows unauthorized logins if SSO is enabled.
Organizations with internet-facing Fortinet gear are prime targets, risking persistent access, VPN breaches, and data leaks. CISA has added it to its Known Exploited Vulnerabilities list, mandating federal patches by late January 2026.
Upgrade to the latest firmware pronto, restore clean configurations, audit logs for changes, and rotate all credentials. Disabling FortiCloud SSO temporarily could buy time, but long-term, implement network segmentation and EDR monitoring.
eScan Antivirus Falls Victim to Sophisticated Supply Chain Attack
MicroWorld Technologies’ eScan antivirus suffered a supply chain compromise, where attackers trojanized update packages to deploy malware, disabling updates and establishing persistence via deceptive tasks and registry tweaks. The attack, detected around January 20, 2026, used valid digital signatures to evade detection.
Impacted are eScan users worldwide, with infected systems left defenseless against further threats. While contained to a specific region, it highlights risks in update mechanisms, potentially leading to broader compromises if not addressed.
Scan for IOCs like specific file hashes and C2 domains, block suspicious traffic, and apply eScan’s manual remediation patch. Verify hosts files and registries, and consider isolating affected machines. This underscores the need for verifying update integrity and using layered security.
MoltBot AI Agent Poses Serious Misconfiguration Risks
The open-source AI agent MoltBot (aka OpenClaw) is riddled with vulnerabilities from public exposures and plaintext credential storage, allowing attackers to steal API keys, run malicious commands, and poison skills. Thousands of instances are vulnerable due to lacking authentication.
Users integrating MoltBot with apps like WhatsApp or Slack risk data exfiltration, account takeovers, and enterprise-wide scams. It’s a stark reminder of shadow IT dangers in AI tools.
Run with minimal permissions, enforce strong auth, and avoid public exposure. Regularly audit data and treat AI agents with the same caution as any privileged software—no patches yet, as issues are design-related.
149 Million Credentials Exposed in Massive Infostealer Dump
A 96GB unprotected dataset leaked 149 million credentials from infostealer ops, including millions from Gmail, Facebook, and crypto platforms like Binance. This trove fuels phishing and fraud on a grand scale.
Affected are individual users and potentially corporations via .gov domains, leading to identity theft, financial hits, and espionage.
Enable MFA, use password managers for unique creds, run antivirus scans, and monitor for odd activity. Change passwords if exposed, and avoid shady apps.
VMware vCenter Under Active Exploitation from Critical Bug
CVE-2024-37079 in VMware vCenter Server (CVSS 9.8) enables unauthenticated RCE, patched last June but now actively exploited and in CISA’s KEV catalog.
Orgs with exposed vCenter face virtualization-layer compromises, malware drops, and operational disruptions. Federal agencies must patch by mid-February.
Apply patches ASAP, limit network access, and use IDS. Segment networks and automate vulnerability management.
Microsoft Office Zero-Day Enables Malware Delivery
A zero-day in Microsoft Office (CVE-2026-21509) allows RCE via malicious OLE objects in docs, bypassing protections for phishing-delivered malware.
Users opening untrusted files risk data theft and ransomware. Businesses are hit hard via email campaigns.
Patch via Windows Update, enable Protected View, use behavioral AV, and train on phishing. Disable OLE if possible.