Last updated 1 week ago
The Dutch Data Protection Authority (AP) and the Council for the Judiciary (Rvdr) confirmed their systems were compromised through exploitation of zero-day vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM). The breach was discovered on January 29, 2026, and disclosed to the Dutch parliament on February 15, 2026. The attack exposed employee contact information, though the exact number of affected records was not specified. The incident highlights the risks associated with third-party software vulnerabilities affecting government agencies.
Exploitation of recently disclosed security flaws in Ivanti Endpoint Manager Mobile (EPMM)
Failure in timely patch management and third-party risk assessment for critical software components. Recommendations include implementing more rigorous supply chain security controls, establishing faster vulnerability response procedures for critical infrastructure, and enhancing monitoring for exploitation of known vulnerabilities in third-party products.
Company
Industry
Location
Discovered
Disclosed
Records Affected
Attack Vector