The European Commission is investigating a cyberattack that compromised its mobile device management platform, potentially exposing personal information of some staff members, such as names and phone numbers. Although the Commission has not confirmed any mobile devices were hacked, traces of the attack were detected on January 30. A quick response from the Commission allowed them to contain the incident and clean the system within nine hours. This breach is part of a broader pattern affecting European institutions. Similar attacks have exploited vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM) software, with the Dutch Data Protection Authority and the Council for the Judiciary reporting identical breaches that accessed employee data. The National Cyber Security Center in the Netherlands was informed of vulnerabilities in EPMM on January 29, which are critical enough to allow remote code execution on unpatched devices. Valtori, a Finnish government agency, also reported a breach affecting up to 50,000 users, linked to a zero-day vulnerability in its mobile device management service. Ivanti has warned about two critical vulnerabilities (CVE-2026-1281 and CVE-2026-1340) in their EPMM software that were actively exploited. Internet security watchdog Shadowserver discovered over 50 compromised Ivanti EPMM servers related to these attacks.