
Sign up to save your podcasts
Or


Attackers exploited two critical Ivanti Endpoint Manager Mobile (EPMM) zero-days — CVE-2026-1281 and CVE-2026-1340, both CVSS 9.8 unauthenticated RCE — in a campaign hitting the European Commission, the Dutch government and other European entities. CERT-EU detected the Commission intrusion on 30 January 2026; it may have exposed some staff names and mobile numbers but was contained and the system cleaned within about nine hours, with no mobile devices compromised. We cover why internet-facing mobile-device-management servers are prime edge-device targets and the value of fast detection and patching.
Running edge devices or MDM in your environment? Visit www.kinsoft.com.au to talk through your security and IT needs.
Sources: Help Net Security; The Record (Recorded Future News).
By Steven KinnasAttackers exploited two critical Ivanti Endpoint Manager Mobile (EPMM) zero-days — CVE-2026-1281 and CVE-2026-1340, both CVSS 9.8 unauthenticated RCE — in a campaign hitting the European Commission, the Dutch government and other European entities. CERT-EU detected the Commission intrusion on 30 January 2026; it may have exposed some staff names and mobile numbers but was contained and the system cleaned within about nine hours, with no mobile devices compromised. We cover why internet-facing mobile-device-management servers are prime edge-device targets and the value of fast detection and patching.
Running edge devices or MDM in your environment? Visit www.kinsoft.com.au to talk through your security and IT needs.
Sources: Help Net Security; The Record (Recorded Future News).