Fallout from latest Ivanti zero-days spreads to nearly 100 victims
Fallout from latest Ivanti zero-days spreads to nearly 100 victims
https://cyberscoop.com/ivanti-zero-day-vulnerabilities-netherlands-european-commission-shadowserver/
Publish Date: 2026-02-09 17:28:00
Source Domain: cyberscoop.com
Ivanti customers, including major government agencies, face mounting pressure as attackers expand their scope of targets to exploit a pair of vulnerabilities the vendor disclosed last week after in-the-wild attacks already occurred.
The Netherlands’ Dutch Data Protection Authority and the Council for the Judiciary confirmed both agencies were impacted by attacks linked to the Ivanti Endpoint Manager Mobile (EPMM) zero-day vulnerabilities, according to a notice sent to the country’s parliament Friday. The European Commission also said it found evidence of a cyberattack on its “central infrastructure managing mobile devices,” but it did not identify the vendor in a statement Thursday.
The attacks were publicly disclosed as researchers and threat hunters scrambled to assess the fallout and observed consistent waves of attacks linked to the Ivanti defects. As of Monday afternoon, Shadowserver scans identified 86 compromised instances based on artifacts of exploitation, Piotr Kijewski, CEO of the nonprofit, told CyberScoop.
Researchers last week warned that attacks involving the Ivanti zero-days would spread, repeating a common pattern following the vendor’s disclosure and a third party’s release of exploit code. The vulnerabilities — CVE-2026-1281 and CVE-2026-1340 — each carry a CVSS rating of 9.8 and allow unauthenticated users to execute code remotely in Ivanti EPMM.
Ivanti said a “very limited number of customers” were exploited before it disclosed the defects in a Jan. 29 security advisory, but has declined multiple requests to provide an updated victim count.
The company released indicators of compromise and a detection script Friday to help customers hunt for potential impact, and thanked The Netherlands’ National Cyber Security Centre for contributing to the script’s development. “We are collaborating closely with our customers as well as trusted government and security partners,” a spokesperson for…
