Scattered Lapsus ShinyHunters (SLSH) employs phishing and MFA bypass to steal data, then uses harassment, swatting, and media manipulation to extort victims. Experts advise against paying ransom due to the gang's unreliable and aggressive behavior.

CVE-2026-1281 is an unauthenticated code injection vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that allows remote attackers to execute arbitrary code without credentials, gaining control of the EPMM service and access to all managed mobile devices and enterprise infrastructure. CISA has added the flaw to its Known Exploited Vulnerabilities catalog and mandates federal agency patching by February 1, 2026. Organizations should patch immediately, isolate exposed instances, rotate stored credentials, and audit logs for signs of exploitation.

CVE-2026-24858 is an authentication bypass flaw in Fortinet FortiAnalyzer, FortiManager, FortiOS, and FortiProxy that allows any valid FortiCloud account holder to authenticate against devices registered to other FortiCloud accounts when SSO is enabled. Exploitation requires no privileges on the target device and grants direct administrative access, posing severe risk in MSP and multi-tenant environments. CISA mandates federal agency remediation by January 30, 2026; organizations should immediately disable FortiCloud SSO and audit device access logs pending patch availability.