Ivanti Zero-Day Vulnerabilities Exploited in Global Cyberattacks, Dutch Government Breached, Possibly European Commission
Published
Key Takeaways
- Critical Flaws Exposed: Two zero-day vulnerabilities (CVE-2026-1281 and CVE-2026-1340) in Ivanti Endpoint Manager Mobile (EPMM) allow attackers to hijack devices without authentication.
- Government Systems Hacked: The Dutch government and European Commission confirmed breaches involving unauthorized access to employee contact details.
- Urgent Patching Required: Security agencies worldwide, including CISA and Canada’s CSE, are warning organizations to patch systems immediately due to active exploitation.
A wave of high-profile cyberattacks is currently exploiting two critical Ivanti zero-day vulnerabilities found in the company's Endpoint Manager Mobile (EPMM) product. These security flaws carry a severity score of 9.8 out of 10. The Data Protection Authority and Judicial Council in the Netherlands confirmed that they were hacked, and the European Commission (EC) detected a cyberattack on mobile management systems.
Critical EPMM Security Flaws Under Active Attack
Identified as CVE-2026-1281 and CVE-2026-1340, these allow threat actors to bypass authentication and execute arbitrary code, effectively giving them control over managed mobile devices. The impact of these vulnerabilities is already being felt at the highest levels of government.
In the Netherlands, the Data Protection Authority and Judicial Council confirmed that they were hacked on an unspecified date, resulting in the unauthorized viewing of employee names, emails, and phone numbers.
Similarly, the EC detected a cyberattack on mobile management systems that targeted its central infrastructure, but did not explicitly identify Ivanti EPMM as the service targeted. EC stated that the incident was contained within nine hours, and no mobile devices were compromised.
Global Cybersecurity Alerts and Mitigation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added one of the flaws to its Known Exploited Vulnerabilities (KEV) catalog, signaling confirmed abuse in the wild. Security agencies are issuing global cybersecurity alerts urging immediate action.
Authorities in Canada, Singapore, and the U.K. have issued similar warnings, noting that healthcare networks are also detecting suspicious activity. NHS Digital’s National Cyber Security Operations Centre (CSOC) assesses that edge devices like EPMM will continue to be primary targets for zero-day exploitation.
Organizations using Ivanti EPMM must apply the released patches immediately. Ivanti telemetry last month indicated that attackers are already incorporating these zero-day RCEs into their attack chains, impacting “a very limited” number of customers.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular