In a notice sent to the nation's parliament on Friday, the Dutch Data Protection Authority (AP) and the Council for the Judiciary confirmed both organizations (Rvdr) had revealed that cyberattacks that took advantage of the recently revealed security vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) had affected their systems This article explores vulnerabilities epmm. . The Dutch authorities stated, "On January 29, the National Cyber Security Center (NCSC) was informed by the supplier of vulnerabilities in EPMM."

"EPMM is used to manage content, apps, and mobile devices, including their security." "It is now known that unauthorized individuals have accessed AP employees' work-related data, including names, business email addresses, and phone numbers." The development coincides with the European Commission's announcement that its central infrastructure for mobile device management "identified traces" of a cyberattack that might have given access to some of its employees' names and mobile numbers.

According to the Commission, no mobile device compromise was found, and the incident was contained in nine hours. It further stated, "The Commission will continue to monitor the situation and takes seriously the security and resilience of its internal systems and data."

"It will take all necessary steps to guarantee the safety of its systems." A breach that exposed up to 50,000 government employees' work-related information was also revealed by Valtori, Finland's state information and communications technology provider. A zero-day vulnerability in the mobile device management service was the focus of the incident, which was discovered on January 30, 2026.

On January 29, 2026, the day Ivanti published fixes for CVE-2026-1281 and CVE-2026-1340 (CVSS scores: 9.8), which an attacker could use to accomplish unauthenticated remote code execution, the agency claimed to have applied the corrective patch. According to Ivanti, the vulnerabilities have been used as zero-day exploits.

According to reports, the attacker obtained device details, phone numbers, work email addresses, and names that were used to run the service. "Investigations have shown that the management system did not permanently delete removed data but only marked it as deleted," it said "As a result, device and user data belonging to all organizations that have used the service during its lifecycle may have been compromised. A single mobile device may occasionally be used by several people.