Dutch Data Protection Authority Breached in Ivanti Zero-Day Exploitation

Dutch Data Protection Authority Breached in Ivanti Zero-Day Exploitation

First seen 9 Feb 2026, 20:21 UTC TheregisterInfosecurity-MagazineSecurityaffairs.Co 90% similarity 66.4

Article Content

Browse articles
ThreatCluster

The Dutch Data Protection Authority (AP) confirmed it was compromised during a wave of attacks exploiting Ivanti vulnerabilities. The attack, which occurred on January 29, involved the Ivanti Endpoint Manager Mobile (EPMM) bugs, leading to a data breach affecting AP employees. This incident was part of a broader exploitation of zero-day vulnerabilities in Ivanti products.

ThreatCluster AI

Timeline

2026-01-29
Attack on Dutch Data Protection Authority occurred
2026-01-29
CVE-2026-1340 published
2026-01-29
CVE-2026-1281 published and added to CISA KEV
2026-02-01
First public PoC for CVE-2026-1281 released
2026-02-09
AP confirms breach in letter to Dutch parliament

Community

Browse all →