The Netherlands’ Dutch Data Safety Authority (AP) and the Council for the Judiciary confirmed each businesses (Rvdr) have disclosed that their techniques had been impacted by cyber assaults that exploited the not too long ago disclosed security flaws in Ivanti Endpoint Supervisor Cellular (EPMM), in keeping with a discover despatched to the nation’s parliament on Friday.
“On January 29, the Nationwide Cyber Safety Heart (NCSC) was knowledgeable by the provider of vulnerabilities in EPMM,” the Dutch authorities mentioned. “EPMM is used to handle cellular gadgets, apps, and content material, together with their security.”
“It’s now recognized that work-related knowledge of AP workers, reminiscent of names, enterprise e-mail addresses, and phone numbers, have been accessed by unauthorized individuals.”
The event comes because the European Fee additionally revealed that its central infrastructure managing cellular gadgets “recognized traces” of a cyber assault which will have resulted in entry to names and cellular numbers of a few of its workers members. The Fee mentioned the incident was contained inside 9 hours, and that no compromise of cellular gadgets was detected.
“The Fee takes critically the security and resilience of its inside techniques and knowledge and can proceed to observe the state of affairs,” it added. “It’s going to take all needed measures to make sure the security of its techniques.”
Though the identify of the seller was specified and no particulars had been shared on how the attackers managed to achieve entry, it is suspected to be linked to malicious exercise exploiting flaws in Ivanti EPMM.
Finland’s state data and communications expertise supplier, Valtori, additionally disclosed a breach that uncovered work-related particulars of as much as 50,000 authorities workers. The incident, recognized on January 30, 2026, focused a zero-day vulnerability within the cellular machine administration service.
The company mentioned it put in the corrective patch on January 29, 2026, the identical day Ivanti launched fixes for CVE-2026-1281 and CVE-2026-1340 (CVSS scores: 9.8), which may very well be exploited by an attacker to realize unauthenticated distant code execution.
Ivanti has acknowledged that the vulnerabilities have been exploited as zero-days, and {that a} “very restricted variety of clients” had been exploited, however it has not supplied an up to date sufferer rely.
The attacker is alleged to have gained entry to data utilized in working the service, together with names, work e-mail addresses, telephone numbers, and machine particulars.
“Investigations have proven that the administration system didn’t completely delete eliminated knowledge however solely marked it as deleted,” it mentioned “In consequence, machine and consumer knowledge belonging to all organizations which have used the service throughout its lifecycle might have been compromised. In sure instances, a single cellular machine might have a number of customers.”
watchTowr CEO Benjamin Harris informed The Hacker Information in an emailed assertion that the assaults are usually not acts of random opportunism, however reasonably the work of a “extremely expert, well-resourced actor executing a precision marketing campaign.”
“Attackers are focusing on your most trusted, deeply embedded enterprise techniques. Something assumed to be ‘inside’ or ‘secure’ ought to now be seen with suspicion,” Harris mentioned.
“Resilience is as essential as prevention, particularly when attackers transfer quick and function with surgical precision. What differentiates minor complications from full-blown crises is pace: how rapidly groups establish anomalies, validate weaknesses, and comprise the harm.”
