Data Security, Security Operations, Critical Infrastructure Security, Vulnerability Management, Patch/Configuration Management

European Commission hit by cyberattack linked to Ivanti software flaws

Today’s columnist, Shahram Mossayebi of Crypto Quantique, says laws like the EU’s Cybersecurity Act will go a long way to break up the logjam with IoT security. (Credit: Getty Images)

As outlined in HackRead, the European Commission has confirmed a cyberattack targeting its central systems, potentially exposing personal details of its staff. The incident, detected on January 30, 2026, involved intrusions into systems managing employee mobile devices.

The attack exploited two critical zero-day vulnerabilities, CVE-2026-1281 and CVE-2026-1340, in Ivanti Endpoint Manager Mobile (EPMM) software. These code injection flaws allowed attackers to remotely control the server without authentication. CERT-EU contained the breach within nine hours, securing and cleaning the affected systems. While names and phone numbers may have been accessed, the Commission stated no compromise of individual mobile devices was detected. This incident follows similar attacks on government bodies in the Netherlands and Finland, with dozens of other servers worldwide likely affected.

Source: HackRead

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds