Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Ivanti EPMM mobile-data theft campaign targeting European governments

Campaign
First reported
Last updated
Happening score
H score 62
2 unique sources, 2 articles

Summary

Hide ▲

A coordinated Ivanti EPMM campaign is now linked to breaches at multiple European government bodies, raising concern that staff and mobile-user data were exposed across several institutions. The activity reached the European Commission, the Finnish government, and at least two Dutch agencies during January 29-February 6, 2026. The exposure matters because compromised mobile-management data can enable follow-on spearphishing and impersonation against government users.

Cases

Ivanti Endpoint Manager Mobile zero-day exploitation, European government breaches, and concentrated attack wave (5) Ivanti Endpoint Manager Mobile zero-day exploitation, European government breaches, and concentrated attack wave (5)

Related Happenings

AFC Ajax hit by network compromise

Incident
First: 26.03.2026 22:37 Last: 26.03.2026 22:37 Sources 1

About this happening: **AFC Ajax** disclosed a **systems compromise** that exposed fan data and created **ticketing-integrity risk** for **a few hundred people**. The club said a hacker in the Netherla...

Latest development: 27.05.2026 12:09

Dutch National Police arrested a 35-year-old man from the municipality of Buren on Tuesday, May 26, 2026 for computer trespassing at AFC Ajax after he was suspected of repeatedly gaining unauthorized access to the club's computer systems. The arrest followed an investigation into exploitation of vulnerabilities in AFC Ajax systems that exposed data belonging to a few hundred individuals and enabled changes to stadium bans and ticket transfers.

Open Happening

Dutch Ministry of Finance hit by network compromise

Incident
First: 24.03.2026 14:03 Last: 24.03.2026 14:03 Sources 1

About this happening: The **Dutch Ministry of Finance** confirmed a **cyberattack breach** that affected **some employees** after unauthorized access was found in internal systems. The ministry said it...

Latest development: 31.03.2026 10:52

The Dutch Ministry of Finance shut down some systems on March 23 for security reasons, including the digital portal for treasury banking, leaving approximately 1,600 public institutions unable to view treasury balances online or use portal functions for loans, deposits, credit, intraday limit changes, and report generation, while regular banking channels and full access to funds continued.

Open Happening

Ireland DPC opens GDPR investigation into X Grok sexual image generation

Regulatory/Legal Action
First: 17.02.2026 12:02 Last: 17.02.2026 12:02 Sources 1

About this happening: Ireland's **Data Protection Commission (DPC)** opened a formal investigation into **X** over **Grok** being used to generate **non-consensual sexual images** of real people, inclu...

Open Happening

Innovation Agency Lithuania rolls out Safe and Inclusive E-Society mission

Public Sector Action
First: 16.02.2026 13:55 Last: 16.02.2026 13:55 Sources 1

About this happening: Lithuania's **Innovation Agency Lithuania** has rolled out a **government-funded national initiative** to strengthen **e-security** and **digital resilience**, expanding cyber pro...

Open Happening

Odido hit by network compromise

Incident
First: 12.02.2026 20:18 Last: 12.02.2026 20:18 Sources 1

About this happening: **Odido** said a **cyberattack** exposed personal data from its **customer contact system**, affecting **6.2 million customers** after unauthorized access was detected on the week...

Latest development: 24.02.2026 13:40

ShinyHunters claimed responsibility for breaching Dutch telecommunications provider Odido, added the company to its dark web leak site, and said it had stolen nearly 21 million records. The gang also claimed the stolen material includes internal corporate data and plaintext passwords, while Odido denied that passwords, call details, social security numbers, or billing data are involved.

Open Happening

Timeline

  1. 13.02.2026 00:05 1 articles · 3mo ago

    Ivanti EPMM campaign sees Feb. 9 attack spike against European governments

    Campaign Scope Update

    Shadowserver tracked another more voluminous wave of attempted attacks against European government targets around Feb. 9, 2026, and Greynoise said 83% of the exploitation spike came from a single IP address on a bulletproof hosting service rather than the IOCs Ivanti published.

    Show sources
    Open in new tab
  2. 10.02.2026 11:45 1 articles · 3mo ago

    Ivanti discloses EPMM zero-days and patches

    Initial Disclosure

    Ivanti released patches for two critical CVSS 9.8 zero-day code-injection flaws in Ivanti Endpoint Manager Mobile (EPMM), identified as CVE-2026-1281 and CVE-2026-1340, and warned that a very limited number of customers had already seen exploitation at the time of disclosure.

    Show sources
    Open in new tab
  3. 10.02.2026 11:45 1 articles · 3mo ago

    European and Finnish mobile-management breaches are discovered

    Detection Ioc Update

    On January 30, the European Commission's central infrastructure managing mobile devices discovered signs of a breach, and Finnish government ICT centre Valtori discovered a breach affecting its mobile device management service, exposing data such as staff names, mobile numbers, work email addresses, phone numbers, and device details.

    Show sources
    Open in new tab
  4. 06.02.2026 02:00 1 articles · 3mo ago

    Victims disclose access scope and containment details

    Victim Impact Update

    On February 6, the European Commission, the Dutch justice and security secretary, and Finnish government ICT centre Valtori publicly disclosed the breaches, saying access may have exposed staff names, mobile numbers, business email addresses, telephone numbers, and device details; the European Commission said its system was contained and cleaned within nine hours, and Valtori said as many as 50,000 government workers may have had their details exposed.

    Show sources
    Open in new tab