INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).

Ivanti Zero-Day Exploit Exposed Employee Contact Data

| 2026-02-10 08:22 CRITICAL HIGH
JSON
Executive Summary AI-generated
The Dutch Data Protection Authority (AP) and the Council for the Judiciary have confirmed that their systems were impacted by cyber attacks exploiting recently disclosed security flaws in Ivanti Endpoint Manager Mobile, a widely used software solution. The breaches exposed work-related details of up to 50,000 government employees, including names, business email addresses, and telephone numbers. This incident is believed to be linked to malicious activity exploiting the same vulnerabilities that were patched on January 29, 2026, just hours after Ivanti released fixes for two critical CVEs (Common Vulnerabilities Exploited). The attacks are suspected of being carried out by a highly skilled and well-resourced actor executing a precision campaign.
Technical Mitigations AI-generated
* Implement a robust patching strategy: Ensure that all affected systems and applications receive the latest security patches as soon as possible, ideally within 24 hours of discovery. This will help prevent exploitation of known vulnerabilities. * Use secure authentication mechanisms: Implement strong authentication protocols, such as multi-factor authentication (MFA), to ensure that only authorized personnel can access sensitive data or systems. * Monitor system logs and network traffic: Continuously monitor system logs and network traffic for suspicious activity, which could indicate a zero-day exploit in Ivanti Endpoint Manager Mobile. This will help identify potential security breaches early on. * Implement a secure data storage solution: Ensure that all stored data is encrypted and stored securely, using industry-standard encryption protocols such as AES-256. This will prevent unauthorized access to sensitive information even if the system or application is compromised. * Regularly update software and firmware: Keep all software and firmware up-to-date with the latest security patches, including those related to Ivanti Endpoint Manager Mobile. Regular updates can help fix known vulnerabilities before they are exploited by attackers.
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
CVE-2026-1340CVE-2026-1340 CVE-2026-1281CVE-2026-1281
Target & Sectors
BENELUX BENELUX NORDICS NORDICS healthhealth governmentgovernment technologytechnology
Incident Timeline
January 29
Threat actors exploited an Ivanti zero-day vulnerability to gain access to the personal data of employees at the AP and Council for the Judiciary.
organisation the Council for the Judiciary (
The attack took place on January 29, the letter confirmed, and affected employees of both the AP and the Council for the Judiciary (RVDR).
source_region Netherlands
"On January 29, the National Cyber Security Center (NCSC) was informed by the supplier of vulnerabilities in EPMM," the Dutch authorities said .
attribution EPMM
"On January 29, the National Cyber Security Center (NCSC) was informed by the supplier of vulnerabilities in EPMM," the Dutch authorities said .
attribution the National Cyber Security Center
"On January 29, the National Cyber Security Center (NCSC) was informed by the supplier of vulnerabilities in EPMM," the Dutch authorities said .
attribution NCSC
"On January 29, the National Cyber Security Center (NCSC) was informed by the supplier of vulnerabilities in EPMM," the Dutch authorities said .
January 29, 2026
Threat actors used Ivanti's zero-day exploit to target Dutch authorities.
vulnerability CVE-2026-1281
The agency said it installed the corrective patch on January 29, 2026, the same day Ivanti released fixes for CVE-2026-1281 and CVE-2026-1340 (CVSS scores: 9.8), which could be exploited by an attacker to achieve unauthenticated remote code execution.
organisation Ivanti
The agency said it installed the corrective patch on January 29, 2026, the same day Ivanti released fixes for CVE-2026-1281 and CVE-2026-1340 (CVSS scores: 9.8), which could be exploited by an attacker to achieve unauthenticated remote code execution.
Ivanti has acknowledged that the vulnerabilities have been exploited as zero-days, and that a "very limited number of customers" were exploited, but it has not provided an updated victim count.
vulnerability CVE-2026-1340
The agency said it installed the corrective patch on January 29, 2026, the same day Ivanti released fixes for CVE-2026-1281 and CVE-2026-1340 (CVSS scores: 9.8), which could be exploited by an attacker to achieve unauthenticated remote code execution.
organisation CVE-2026
The agency said it installed the corrective patch on January 29, 2026, the same day Ivanti released fixes for CVE-2026-1281 and CVE-2026-1340 (CVSS scores: 9.8), which could be exploited by an attacker to achieve unauthenticated remote code execution.
tactic Remote Code Execution
The agency said it installed the corrective patch on January 29, 2026, the same day Ivanti released fixes for CVE-2026-1281 and CVE-2026-1340 (CVSS scores: 9.8), which could be exploited by an attacker to achieve unauthenticated remote code execution.
infrastructure 9.8
The agency said it installed the corrective patch on January 29, 2026, the same day Ivanti released fixes for CVE-2026-1281 and CVE-2026-1340 (CVSS scores: 9.8), which could be exploited by an attacker to achieve unauthenticated remote code execution.
organisation CVSS
The agency said it installed the corrective patch on January 29, 2026, the same day Ivanti released fixes for CVE-2026-1281 and CVE-2026-1340 (CVSS scores: 9.8), which could be exploited by an attacker to achieve unauthenticated remote code execution.
general_metric 9.8 CVSS scores
The agency said it installed the corrective patch on January 29, 2026, the same day Ivanti released fixes for CVE-2026-1281 and CVE-2026-1340 (CVSS scores: 9.8), which could be exploited by an attacker to achieve unauthenticated remote code execution.
organisation The Hacker News
" watchTowr CEO Benjamin Harris told The Hacker News in an emailed statement that the attacks are not acts of random opportunism, but rather the work of a "highly skilled, well-resourced actor executing a precision campaign.
January 30, 2026
Ivanti's mobile device management service was exploited through a zero-day vulnerability on January 30, 2026.
Feb 10, 2026
Threat actors exploited a zero-day flaw in Ivanti EPMM to gain access to work-related data of approximately 50,000 government employees.
infrastructure Ivanti
" Although the name of the vendor was specified and no details were shared on how the attackers managed to gain access, it's suspected to be linked to malicious activity exploiting flaws in Ivanti EPMM.
victims 50,000 government employees
Finland's state information and communications technology provider, Valtori, also disclosed a breach that exposed work-related details of up to 50,000 government employees.
organisation EPMM
"EPMM is used to manage mobile devices, apps, and content, including their security." "It is now known that work-related data of AP employees, such as names, business email addresses, and telephone numbers, have been accessed by unauthorized persons.
organisation AP
"EPMM is used to manage mobile devices, apps, and content, including their security." "It is now known that work-related data of AP employees, such as names, business email addresses, and telephone numbers, have been accessed by unauthorized persons.
organisation the European Commission
" The development comes as the European Commission also revealed that its central infrastructure managing mobile devices "identified traces" of a cyber attack that may have resulted in access to names and mobile numbers of some of its staff members.
organisation Commission
The Commission said the incident was contained within nine hours, and that no compromise of mobile devices was detected.
2026-02-10
Ivanti's security advisory stated that the company is aware of a limited number of customers whose solution has been exploited at the time of disclosure.
infrastructure Ivanti
While those investigations remain ongoing, the country's cybersecurity agency (NCSC-NL) is keeping tabs on the Ivanti EPMM vulnerabilities (CVE-2026-1281 and CVE-2026-1340) and working with partners to understand additional threats the vulnerabilities present.
In its own warning about the Ivanti bugs, the UK's National Health Service (NHS) highlighted that EPMM devices are exposed to the web by design, making them ripe targets for attackers.
Justice secretary Arno Rutte and secretary for kingdom relations Eddie van Marum co-authored a letter to the Dutch parliament, confirming that an attack involving January's Ivanti Endpoint Manager Mobile (EPMM) bugs led to a data breach.
Dutch data watchdog snitches on itself after getting caught in Ivanti zero-day attacks.
The Dutch Data Protection Authority (AP) says it was one of the many organizations popped when attackers raced to exploit recent Ivanti vulnerabilities as zero-days.
Ivanti's security advisory at the time stated: "We are aware of a very limited number of customers whose solution has been exploited at the time of disclosure.
"While patches are available from Ivanti, applying patches will not be enough.
 Ravie Lakshmanan  Feb 10, 2026 Data Breach / Vulnerability The Netherlands' Dutch Data Protection Authority (AP) and the Council for the Judiciary confirmed both agencies (Rvdr) have disclosed that their systems were impacted by cyber attacks that exploited the recently disclosed security flaws in Ivanti Endpoint Manager Mobile (EPMM), according to a notice sent to the country's parliament on Friday.
Dutch Authorities Confirm Ivanti Zero-Day Exploit Exposed Employee Contact Data.
organisation NCSC-NL
While those investigations remain ongoing, the country's cybersecurity agency (NCSC-NL) is keeping tabs on the Ivanti EPMM vulnerabilities (CVE-2026-1281 and CVE-2026-1340) and working with partners to understand additional threats the vulnerabilities present.
organisation CVE-2026
While those investigations remain ongoing, the country's cybersecurity agency (NCSC-NL) is keeping tabs on the Ivanti EPMM vulnerabilities (CVE-2026-1281 and CVE-2026-1340) and working with partners to understand additional threats the vulnerabilities present.
organisation National Health Service
In its own warning about the Ivanti bugs, the UK's National Health Service (NHS) highlighted that EPMM devices are exposed to the web by design, making them ripe targets for attackers.
organisation Justice
Justice secretary Arno Rutte and secretary for kingdom relations Eddie van Marum co-authored a letter to the Dutch parliament, confirming that an attack involving January's Ivanti Endpoint Manager Mobile (EPMM) bugs led to a data breach.
organisation kingdom relations
Justice secretary Arno Rutte and secretary for kingdom relations Eddie van Marum co-authored a letter to the Dutch parliament, confirming that an attack involving January's Ivanti Endpoint Manager Mobile (EPMM) bugs led to a data breach.
organisation Ivanti Endpoint
Justice secretary Arno Rutte and secretary for kingdom relations Eddie van Marum co-authored a letter to the Dutch parliament, confirming that an attack involving January's Ivanti Endpoint Manager Mobile (EPMM) bugs led to a data breach.
organisation EPMM
Justice secretary Arno Rutte and secretary for kingdom relations Eddie van Marum co-authored a letter to the Dutch parliament, confirming that an attack involving January's Ivanti Endpoint Manager Mobile (EPMM) bugs led to a data breach.
organisation The Dutch Data Protection Authority
The Dutch Data Protection Authority (AP) says it was one of the many organizations popped when attackers raced to exploit recent Ivanti vulnerabilities as zero-days.
organisation AP
The Dutch Data Protection Authority (AP) says it was one of the many organizations popped when attackers raced to exploit recent Ivanti vulnerabilities as zero-days.
organisation intel
"The NHS England National CSOC assesses it is highly likely vulnerabilities discovered in edge devices will continue to be exploited as zero-day vulnerabilities, or shortly after vendor disclosure." Benjamin Harris, CEO at watchTowr, also said around the time of the bugs' disclosure that EPMM devices are often used by high-value organizations, according to intel gleaned from the company's own customer base.
Tactical Metrics
Metrics
infrastructure
​Ivanti
Affected Product
In its own warning about the Ivanti bugs, the UK's National Health Service (NHS) highlighted that EPMM devices are exposed to the web by design, making them ripe targets for attackers.
Justice secretary Arno Rutte and secretary for kingdom relations Eddie van Marum co-authored a letter to the Dutch parliament, confirming that an attack involving January's Ivanti Endpoint Manager Mobile (EPMM) bugs led to a data breach.
Dutch data watchdog snitches on itself after getting caught in Ivanti zero-day attacks.
The Dutch Data Protection Authority (AP) says it was one of the many organizations popped when attackers raced to exploit recent Ivanti vulnerabilities as zero-days.
While those investigations remain ongoing, the country's cybersecurity agency (NCSC-NL) is keeping tabs on the Ivanti EPMM vulnerabilities (CVE-2026-1281 and CVE-2026-1340) and working with partners to understand additional threats the vulnerabilities present.
Ivanti's security advisory at the time stated: "We are aware of a very limited number of customers whose solution has been exploited at the time of disclosure.
"While patches are available from Ivanti, applying patches will not be enough.
 Ravie Lakshmanan  Feb 10, 2026 Data Breach / Vulnerability The Netherlands' Dutch Data Protection Authority (AP) and the Council for the Judiciary confirmed both agencies (Rvdr) have disclosed that their systems were impacted by cyber attacks that exploited the recently disclosed security flaws in Ivanti Endpoint Manager Mobile (EPMM), according to a notice sent to the country's parliament on Friday.
Dutch Authorities Confirm Ivanti Zero-Day Exploit Exposed Employee Contact Data.
" Although the name of the vendor was specified and no details were shared on how the attackers managed to gain access, it's suspected to be linked to malicious activity exploiting flaws in Ivanti EPMM.
The agency said it installed the corrective patch on January 29, 2026, the same day Ivanti released fixes for CVE-2026-1281 and CVE-2026-1340 (CVSS scores: 9.8), which could be exploited by an attacker to achieve unauthenticated remote code execution.
Ivanti has acknowledged that the vulnerabilities have been exploited as zero-days, and that a "very limited number of customers" were exploited, but it has not provided an updated victim count.
Metrics
victims
50,000
Government Employees
Finland's state information and communications technology provider, Valtori, also disclosed a breach that exposed work-related details of up to 50,000 government employees.
Metrics
infrastructure
​9.8
Software Version
The agency said it installed the corrective patch on January 29, 2026, the same day Ivanti released fixes for CVE-2026-1281 and CVE-2026-1340 (CVSS scores: 9.8), which could be exploited by an attacker to achieve unauthenticated remote code execution.
Intelligence Sources
The Register - Cybercrime 2026-02-09
The Hacker News 2026-02-10