BREAKING: Critical Cyber Threat Alert - February 1, 2026

⚠️ IMMEDIATE ACTION REQUIRED: 10+ Critical Vulnerabilities with Active Exploitation

Executive Summary

CISA has added 7 new critical vulnerabilities to the Known Exploited Vulnerabilities (KEV) catalog in the past week, including actively exploited zero-days affecting Microsoft Office and VMware vCenter. With additional threats targeting Ivanti, Fortinet, and Chrome browser, CISOs face an unprecedented concentration of critical risks requiring immediate attention.

🎯 ACTIVELY EXPLOITED (PATCH IMMEDIATELY)

CVE-2026-21509 - Microsoft Office Zero-Day - **Threat:** Security feature bypass vulnerability - **Impact:** Remote code execution via malicious Office files - **Status:** **Confirmed active exploitation in the wild** - **Affected:** Office 2016, 2019, LTSC 2021/2024, Microsoft 365 Apps - **Action:** Apply emergency patch released January 26, 2026 - **CVSS:** 7.8 (High) - **Due Date:** February 16, 2026

CVE-2024-37079 - VMware vCenter RCE - **Threat:** Out-of-bounds write in DCERPC protocol - **Impact:** Unauthenticated remote code execution - **Status:** **Now actively exploited** (CISA confirmation) - **Affected:** VMware vCenter Server - **Action:** Apply patches immediately - no workarounds available - **Due Date:** February 13, 2026

🚨 CRITICAL KEV ADDITIONS (Last 7 Days)

CVE-2026-1281 - Ivanti EPMM Code Injection - **Threat:** Unauthenticated remote code execution - **Impact:** Full system compromise - **Added to KEV:** January 29, 2026 - **Due Date:** February 1, 2026 (TODAY)

CVE-2026-24858 - Fortinet Authentication Bypass - **Threat:** FortiCloud SSO bypass affecting multiple products - **Impact:** Unauthorized access to registered devices - **Affected:** FortiAnalyzer, FortiManager, FortiOS, FortiProxy - **Added to KEV:** January 27, 2026 - **Due Date:** January 30, 2026 (OVERDUE)

CVE-2026-23760 - SmarterMail Admin Takeover - **Threat:** Password reset API bypass - **Impact:** Full administrative compromise - **Attack Vector:** Unauthenticated requests to force-reset-password - **Added to KEV:** January 26, 2026 - **Due Date:** February 16, 2026

CVE-2025-52691 - SmarterMail File Upload RCE - **Threat:** Unrestricted file upload - **Impact:** Remote code execution via arbitrary file placement - **Added to KEV:** January 26, 2026 - **Due Date:** February 16, 2026

CVE-2018-14634 - Linux Kernel Privilege Escalation - **Threat:** Integer overflow in create_elf_tables() - **Impact:** Local privilege escalation via SUID binaries - **Added to KEV:** January 26, 2026 - **Due Date:** February 16, 2026

🌐 WIDESPREAD CONSUMER IMPACT

CVE-2026-0628 - Google Chrome WebView Vulnerability - **Threat:** Insufficient policy enforcement in WebView tag - **Impact:** Security bypass affecting **3 billion users** - **Status:** Patch available in Chrome 143 - **Action:** Update Chrome immediately

🇨🇳 NATION-STATE ACTIVITY

Chinese APT Escalation:

Volt Typhoon and APT41 targeting critical infrastructure

Focus on power grids, telecommunications, federal systems

Researchers note shift to ransomware tactics by state actors

💡 CISO ACTION PLAN

IMMEDIATE (Next 24 Hours) 1. **Microsoft Office:** Deploy emergency patch organization-wide 2. **VMware vCenter:** Execute emergency patching - no alternatives 3. **Ivanti EPMM:** Patch immediately (compliance deadline TODAY) 4. **Chrome:** Force browser updates across all endpoints

THIS WEEK 1. **Fortinet Products:** Complete patching (already overdue) 2. **SmarterMail:** Apply updates or discontinue use 3. **Linux Systems:** Prioritize kernel updates for SUID-enabled systems

STRATEGIC 1. **Threat Intelligence:** Enhance monitoring for nation-state indicators 2. **Incident Response:** Pre-position teams for potential exploitation 3. **Communication:** Prepare executive briefings on exposure levels

📊 THREAT LANDSCAPE ANALYSIS

This concentration of critical vulnerabilities represents the highest risk period observed since 2024. Key patterns:

Zero-day exploitation acceleration - attackers moving faster from disclosure to exploitation

Supply chain targeting - Ivanti, VMware, SmarterMail affecting enterprise infrastructure

Consumer-enterprise crossover - Chrome vulnerabilities affecting both segments

Nation-state convergence - State actors adopting criminal tactics

🔗 REFERENCE LINKS

[CISA KEV Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)

[Microsoft Security Advisory CVE-2026-21509](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509)

[VMware Security Advisory VMSA-2024-0011](https://www.vmware.com/security/advisories/VMSA-2024-0011.html)

[Chrome Security Update](https://chromereleases.googleblog.com/)

---

Next Update: Monitoring for additional threat intelligence and exploitation indicators. CISOs should prepare for potential escalation across multiple attack vectors.

CISO Intelligence | February 1, 2026 | Emergency Threat Advisory