Ivanti Zero-Days Hit European Governments in Fresh Attack Wave

Two Ivanti vulnerabilities exploited in attacks on EU, Dutch, and Finnish agencies, exposing sensitive data and raising security concerns.

By Content Team

Feb 13, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Two critical zero-day vulnerabilities in Ivanti's Endpoint Manager Mobile solution sparked a fresh wave of cyberattacks targeting European government agencies in late January. CVE-2026-1281 and CVE-2026-1340, both scoring 9.8/10 on the CVSS scale, enabled remote code execution on compromised systems.

The European Commission, Dutch and Finnish government agencies fell victim within days of Ivanti's January 29 disclosure. The EU attack lasted nine hours, exposing staff names and mobile numbers, while Finland's breach affected 50,000 individuals' personal data.

Researchers traced 83% of subsequent attacks to a single IP address that remained active as of February 12. This marks another chapter in Ivanti's troubled security history, raising questions about why critical organizations continue relying on repeatedly compromised infrastructure despite the mounting risks.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Microsoft Kicks Off 2026 With 112 Security Patches, Including Active Zero-Day Attack

Jan 14, 2026

Trellix Source Code Repository Breached in Suspected Supply Chain Attack

May 4, 2026

Adobe Patches Zero-Day Vulnerability Exploited for Months

Apr 14, 2026

Chinese-Linked Hackers Target South Asian Infrastructure with Advanced Malware Arsenal

Jan 11, 2026