ivanti News Articles

CISA Warns of 'Resurge' Malware Connected to Ivanti Vuln

Threat actors are exploiting a vulnerability in Ivanti Connect Secure first disclosed by the vendor in January.

2 days ago

New Malware Variant RESURGE Exploits Ivanti Vulnerability

CISA recommends immediate action to address malware variant RESURGE exploiting Ivanti vulnerability CVE-2025-0282

2 days ago

CISA reveals new malware variant used on compromised Ivanti Connect Secure devices - Help Net Security

CISA has released IOCs and updated mitigation advice for rooting out new malware used on Ivanti Connect Secure VPN appliances.

2 days ago

CISA warns new malware targeting Ivanti zero-day vulnerability

CVE-2025-0282, a critical vulnerability that affects Ivanti’s Connect Secure, Policy Secure and ZTA Gateway products, was disclosed and patched in January.

2 days ago

CISA Adds One Vulnerability to the KEV Catalog | CISA

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-0282(link is external) Ivanti Connect Secure Vulnerability These types...

3 days ago

CISA Releases Malware Analysis Report on RESURGE Malware Associated with Ivanti Connect Secure | CISA

CISA has published a Malware Analysis Report (MAR) with analysis and associated detection signatures on a new malware variant CISA has identified as RESURGE. RESURGE contains capabilities of the...

3 days ago

RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features

RESURGE malware exploits Ivanti flaw CVE-2025-0282, adding stealth tools and web shells for persistence.

3 days ago

Silk Typhoon targeting IT supply chain | Microsoft Security Blog

Silk Typhoon is a Chinese state actor focused on espionage campaigns targeting a wide range of industries in the US and throughout the world. In recent months, Silk Typhoon has shifted to performing IT supply chain attacks to gain access to targets. In this blog, we provide an overview of the threat...

1 month ago

2850+ Ivanti Connect Secure Devices Vulnerable to Remote Code Execution Attacks

A critical vulnerability, CVE-2025-22467, in Ivanti Connect Secure (ICS) devices has left approximately 2,850 instances worldwide unpatched.

2,850+ Ivanti Connect Secure Devices Exposed to Potential Cyberattacks

2,850+ unpatched Ivanti Connect Secure devices worldwide, leaving organizations vulnerable to exploitation through the critical flaw designated CVE-2025-22467.

PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159) - Help Net Security

A proof-of-concept (PoC) exploit for four critical Ivanti Endpoint Manager vulnerabilities has been released; patch if you haven't already.

Ivanti | News & Insights | The Hacker News

Read the latest updates about Ivanti on The Hacker News cybersecurity and information technology publication.

Ivanti fixes 4 critical flaws, including CVSS 9.9 in Connect Secure

The flaws could enable remote code execution or arbitrary file writing and should be patched immediately.

Ivanti Connect Secure Vulnerabilities Let Attackers Execute Code Remotely

Ivanti has disclosed a critical vulnerability, CVE-2025-22467, impacting its Connect Secure (ICS) product.  This stack-based buffer overflow vulnerability, rated 9.9 (Critical) on the CVSS v3.1 scale, allows remote authenticated attackers to execute arbitrary code on affected systems. 

Ivanti Connect Secure software vulnerability | CVE-2025-0282

Security alert on the Ivanti Connect Secure software suite and Stormshield protection against CVE-2025-0282.

CISA: Hackers still exploiting older Ivanti bugs to breach networks

CISA and the FBI warned today that attackers are still exploiting Ivanti Cloud Service Appliances (CSA) security flaws patched since September to breach vulnerable networks.

CISA Warn Of Critical Ivanti CSA Vulnerabilities: Patch Now

These four Ivanti CSA Vulnerabilities were exploited in September 2024 by threat actors to compromise victim networks.

New PoC Released For Ivanti Connect Secure RCE Vulnerability (CVE-2025-0282)

Researchers have unveiled a PoC exploit for a critical RCE flaw in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways.

Threat Brief: CVE-2025-0282 and CVE-2025-0283

CVE-2025-0282 and CVE-2025-0283 affect multiple Ivanti products. This threat brief covers attack scope, including details from an incident response case. CVE-2025-0282 and CVE-2025-0283 affect multiple Ivanti products. This threat brief covers attack scope, including details from an incident respons...

Critical Ivanti Vulnerabilities Addressed With Latest Patch

These Ivanti vulnerabilities, identified as CVE-2025-0282 and CVE-2025-0283, pose serious risks to users of affected versions.

33,542 Ivanti Connect Secure Instances Exposed as Exploitation of CVE-2025-0282 Unfolds

A critical security vulnerability, CVE-2025-0282, has been identified and exploited in the wild, affecting Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways.

Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282)

As we saw in our previous blogpost, we fully analyzed Ivanti’s most recent unauthenticated Remote Code Execution vulnerability in their Connect Secure (VPN) appliance. Specifically, we analyzed CVE-2025-0282. Today, we’re going to walk through exploitation. Once again, however, stopping short of pr...

Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure

Ivanti's CVE-2025-0282 flaw, exploited by China-linked actors, enables remote code execution. CISA demands urgent patching by January 15, 2025.

Do Secure-By-Design Pledges Come With Stickers? - Ivanti Connect Secure RCE (CVE-2025-0282)

Did you have a good break? Have you had a chance to breathe? Wake up. It’s 2025, and the chaos continues. Haha, see what we did? We wrote the exact same thing in 2024 because 2024 was exactly the same. As an industry, we are on GroundHog day -

CVE-2025-0282 and CVE-2025-0283: Ivanti 0days in the Wild | Wiz Blog

Detect and mitigate critical RCE vulnerabilities CVE-2025-0282 and CVE-2025-0283 in Ivanti VPNs. Urgent patching required to protect against 0day exploitation.

Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) - Help Net Security

Ivanti has fixed a zero-day vulnerability (CVE-2025-0282) that is being exploited by attackers to compromise Connect Secure VPN appliances.

Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282) - Help Net Security

The zero-day attacks leveraging the Ivanti Connect Secure vulnerability (CVE-2025-0282) were first spotted in mid-December 2024.

Ivanti VPN Zero-Day Vulnerability Actively Exploited in the Wild

Ivanti has disclosed actively exploiting a critical zero-day vulnerability, CVE-2025-0282, in its Connect Secure VPN appliances.

Ivanti’s bug-plagued network appliances attacked using fresh exploit

Multiple threat actors have begun exploiting one of four recently discovered flaws afflicting the vendor’s VPN and network gateway products.

Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities

Ivanti releases patches for critical flaws in CSA and Connect Secure, addressing privilege escalation and code execution risks.

Threat Landscape Report 2024 Highlight Cybersecurity Risks

The ANZ Threat Landscape Report 2024 reveals increasing cybersecurity threats in Australia and New Zealand.

How Cloudflare’s AI WAF proactively detected the Ivanti Connect Secure critical zero-day vulnerability

Prior to the vulnerabilities' announcement publicly, the WAF Attack Score AI model was able to identify the attack threats and assign scores indicating high maliciousness for the attack examples, particularly for the Remote Code Execution and Path Traversal attack categories. The issuance of Emergen...

3 More Ivanti Cloud Vulns Exploited in the Wild

The security bugs were found susceptible to exploitation in connection to the previously disclosed, critical CVE-2024-8963 vulnerability in the security vendor's Cloud Services Appliance (CSA).

Ivanti zero-day vulnerabilities exploited in chained attack | TechT...

A limited number of Ivanti Cloud Service Application customers have been attacked in exploit chains containing zero-day vulnerabilities.

Ivanti: Three CSA Zero-Days Are Being Exploited in Attacks

Ivanti’s Cloud Services Appliance is being targeted by threat actors exploiting three zero-day bugs

Ivanti warns critical flaws in Endpoint Manager exploited in the wild

Ivanti is advising administrators to get up to date on their patches following a new spell of exploits against Endpoint Manager (EPM).

Three new Ivanti CSA zero-day actively exploited in attacks

Software company Ivanti released security patches for three new CSA zero-day vulnerabilities actively exploited in attacks.

Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited

Ivanti warns of active exploitation of three new CSA vulnerabilities, enabling hackers to bypass security measures.

Ivanti, Critical Security Vulnerability CVE-2024-29824 SQL Injection - ZAM

On October 2, 2024, CISA issued an advisory regarding active exploitation of CVE-2024-29824, affecting Ivanti Endpoint Manager.

Critical Ivanti Vulnerability CVE-2024-29824 Under Attack

CISA warns of active exploitation of an Ivanti vulnerability, CVE-2024-29824. Patching required by October 23, 2024, to protect systems.

Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824) - Help Net Security

CVE-2024-29824, an unauthenticated SQL Injection vulnerability in Ivanti Endpoint Manager (EPM) appliances, is being exploited by attackers.

Hackers Now Exploit Ivanti Endpoint Manager Vulnerability to Launch Cyber Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new vulnerability to its Known Exploited Vulnerabilities Catalog.

Ivanti Endpoint Manager Vulnerability Public Exploit is Now Used in Cyber Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new vulnerability to its Known Exploited Vulnerabilities Catalog, highlighting the ongoing threat landscape faced by federal and private entities alike.

Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch

Critical Ivanti Endpoint Manager flaw CVE-2024-29824 actively exploited. CISA urges immediate updates to secure networks

Ivanti EPM Vulnerability Exploited in the Wild

An Ivanti EPM SQL injection vulnerability tracked as CVE-2024-29824 has been exploited to target some of the company’s customers.

Critical Ivanti RCE flaw with public exploit now used in attacks

CISA warned today that a critical Ivanti vulnerability that can let threat actors gain remote code execution on vulnerable Endpoint Manager (EPM) appliances is now actively exploited in attacks.

More Ivanti vulnerabilities exploited in the wild | TechTarget

Three Ivanti vulnerabilities have been exploited in the wild this month, though details about the attacks are scarce.

Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593) - Help Net Security

CVE-2024-7593, a critical auth bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM) appliances, is actively exploited.

CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns

CISA adds Ivanti vTM flaw CVE-2024-7593 to Known Exploited Vulnerabilities list, urging swift remediation.

Ivanti's Cloud Service Attacked via Second Vuln

The critical bug, CVE-2024-8963, can be used in conjunction with the prior known flaw to achieve remote code execution (RCE).