ivanti News Articles
Recent news articles refferecing the vendors vulnerabilities.

DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks
CVE-2025-0282 exploited by Chinese threat actors + DslogdRAT malware installs + 9X ICS scans spike
12 hours ago

September, 2024 - Iron Castle Systems
This post was originally published on this siteOne of the problems I've had since I originally wrote mac-robber.pyĀ [1][2][3] seven years ago is that because of the underlying os.stat python library we...
1 week ago

Ivanti 0-day RCE Vulnerability Exploitation Details Disclosed
A detailed technical analysis has been published regarding CVE-2025-22457, an unauthenticated RCE vulnerability impacting several Ivanti products.
2 weeks ago

5000+ Exposed Ivanti Connect Secure Devices Vulnerable to RCE Attacks
Over 5,113 Ivanti Connect Secure VPN appliances remain unpatched and vulnerable to active exploitation of CVE-2025-22457.
2 weeks ago
Over 5K Ivanti VPNs vulnerable to critical bug under attack
China-linked threat actors last month began exploiting CVE-2025-22457, a critical stack buffer-overflow flaw.
3 weeks ago

Ivanti Vulnerability CVE-2025-22457 Actively Exploited
This active exploitation campaign targeting CVE-2025-22457 is a serious threat to Australian organizations using Ivanti products.
3 weeks ago
CISA adds Ivanti Connect Secure vulnerability to KEV catalog
CVE-2025-22457 is a critical stack buffer-overflow vulnerability that Ivanti had initially assessed as a low-level product bug that could not be exploited remotely.
3 weeks ago

Ivanti Releases Security Updates for Connect Secure, Policy Secure & ZTA Gateways Vulnerability (CVE-2025-22457) | CISA
Ivanti released security updates to address vulnerabilities (CVE-2025-22457) in Ivanti Connect Secure, Policy Secure & ZTA Gateways.Ā A cyber threat actor could exploit CVE-2025-22457 to take control of an...
3 weeks ago

CISA Adds Actively Exploits Ivanti Connect Secure Vulnerability in Known Exploited Catalog
CISA has added CVE-2025-22457, a critical vulnerability in Ivanti Connect Secure, to its Known Exploited Vulnerabilities (KEV) Catalog.
3 weeks ago

Ivanti Connect Secure RCE Vulnerability Actively Exploited in the Wild - Apply Patch Now!
Ivanti has disclosed a critical, actively exploited vulnerability (CVE-2025-22457) affecting Connect Secure.
3 weeks ago

Is The Sofistication In The Room With Us? - X-Forwarded-For and Ivanti Connect Secure (CVE-2025-22457)
What's that Skippy? Another Ivanti Connect Secure vulnerability? At this point, regular readers will know all about Ivanti (and a handful of other vendors of the same class of devices), from our regular analysis. Do you know the fun things about these posts? We can copy text from previous posts
3 weeks ago
Chinese State Hackers Exploiting Newly Disclosed Ivanti Flaw
Mandiant warned that Chinese espionage actor UNC5221 is actively exploiting a critical Ivanti vulnerability, which can lead to remote code execution
3 weeks ago

Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware
Ivanti patches CVE-2025-22457 exploited by UNC5221 in March 2025, risking remote code execution and credential theft.
3 weeks ago

China-backed espionage group hits Ivanti customers again
UNC5221 has a knack for exploiting defects in Ivanti products. The group has exploited at least four vulnerabilities in the vendorās products since 2023, according to Mandiant.
3 weeks ago
China-Linked Threat Group Exploits Ivanti Bug
The vendor had originally assessed the flaw as low risk but now says it is a critical issue that enables remote code execution.
3 weeks ago
Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) - Help Net Security
A suspected Chinese APT group has exploited CVE-2025-22457 - previously thought not to be exploitable - to compromise Ivanti VPN appliances.
3 weeks ago
Ivanti patches Connect Secure zero-day exploited since mid-March
Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025.
3 weeks ago
CISA Warns of 'Resurge' Malware Connected to Ivanti Vuln
Threat actors are exploiting a vulnerability in Ivanti Connect Secure first disclosed by the vendor in January.
4 weeks ago
New Malware Variant RESURGE Exploits Ivanti Vulnerability
CISA recommends immediate action to address malware variant RESURGE exploiting Ivanti vulnerability CVE-2025-0282
4 weeks ago
CISA reveals new malware variant used on compromised Ivanti Connect Secure devices - Help Net Security
CISA has released IOCs and updated mitigation advice for rooting out new malware used on Ivanti Connect Secure VPN appliances.
4 weeks ago
CISA warns new malware targeting Ivanti zero-day vulnerability
CVE-2025-0282, a critical vulnerability that affects Ivantiās Connect Secure, Policy SecureĀ and ZTA Gateway products, was disclosed and patched in January.
4 weeks ago

CISA Adds One Vulnerability to the KEV Catalog | CISA
CISA has added one new vulnerability to itsĀ Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-0282(link is external)Ā Ivanti Connect Secure Vulnerability These types...
4 weeks ago

CISA Releases Malware Analysis Report on RESURGE Malware Associated with Ivanti Connect Secure | CISA
CISA has published a Malware Analysis Report (MAR) with analysis and associated detection signatures on a new malware variant CISA has identified as RESURGE. RESURGE contains capabilities of the...
4 weeks ago

RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features
RESURGE malware exploits Ivanti flaw CVE-2025-0282, adding stealth tools and web shells for persistence.
4 weeks ago
Silk Typhoon targeting IT supply chain | Microsoft Security Blog
Silk Typhoon is a Chinese state actor focused on espionage campaigns targeting a wide range of industries in the US and throughout the world. In recent months, Silk Typhoon has shifted to performing IT supply chain attacks to gain access to targets. In this blog, we provide an overview of the threat...

2850+ Ivanti Connect Secure Devices Vulnerable to Remote Code Execution Attacks
A critical vulnerability, CVE-2025-22467, in Ivanti Connect Secure (ICS) devices has left approximately 2,850 instances worldwide unpatched.

2,850+ Ivanti Connect Secure Devices Exposed to Potential Cyberattacks
2,850+ unpatched Ivanti Connect Secure devicesĀ worldwide, leaving organizations vulnerable to exploitation through the critical flaw designatedĀ CVE-2025-22467.
PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159) - Help Net Security
A proof-of-concept (PoC) exploit for four critical Ivanti Endpoint Manager vulnerabilities has been released; patch if you haven't already.
Ivanti | News & Insights | The Hacker News
Read the latest updates about Ivanti on The Hacker News cybersecurity and information technology publication.
Ivanti fixes 4 critical flaws, including CVSS 9.9 in Connect Secure
The flaws could enable remote code execution or arbitrary file writing and should be patched immediately.

Ivanti Connect Secure Vulnerabilities Let Attackers Execute Code Remotely
Ivanti has disclosed a critical vulnerability, CVE-2025-22467, impacting its Connect Secure (ICS) product.Ā This stack-based buffer overflow vulnerability, rated 9.9 (Critical) on the CVSS v3.1 scale, allows remote authenticated attackers to execute arbitrary code on affected systems.Ā

Ivanti Connect Secure software vulnerability | CVE-2025-0282
Security alert on the Ivanti Connect Secure software suite and Stormshield protection against CVE-2025-0282.
CISA: Hackers still exploiting older Ivanti bugs to breach networks
CISA and the FBI warned today that attackers are still exploiting Ivanti Cloud Service Appliances (CSA) security flaws patched since SeptemberĀ to breach vulnerable networks.
CISA Warn Of Critical Ivanti CSA Vulnerabilities: Patch Now
These four Ivanti CSA Vulnerabilities were exploited in September 2024 by threat actors to compromise victim networks.

New PoC Released For Ivanti Connect Secure RCE Vulnerability (CVE-2025-0282)
Researchers have unveiled a PoC exploit for a critical RCE flaw in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways.
Threat Brief: CVE-2025-0282 and CVE-2025-0283
CVE-2025-0282 and CVE-2025-0283 affect multiple Ivanti products. This threat brief covers attack scope, including details from an incident response case. CVE-2025-0282 and CVE-2025-0283 affect multiple Ivanti products. This threat brief covers attack scope, including details from an incident respons...
UK domain registry Nominet breached via Ivanti zero-day - Help Net Security
The number of internet-facing Ivanti Connect Secure instances vulnerable to attack via CVE-2025-0282 has fallen to 800.
Critical Ivanti Vulnerabilities Addressed With Latest Patch
These Ivanti vulnerabilities, identified as CVE-2025-0282 and CVE-2025-0283, pose serious risks to users of affected versions.

33,542 Ivanti Connect Secure Instances Exposed as Exploitation of CVE-2025-0282 Unfolds
A critical security vulnerability, CVE-2025-0282, has been identified and exploited in the wild, affecting Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways.

Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282)
As we saw in our previous blogpost, we fully analyzed Ivantiās most recent unauthenticated Remote Code Execution vulnerability in their Connect Secure (VPN) appliance. Specifically, we analyzed CVE-2025-0282. Today, weāre going to walk through exploitation. Once again, however, stopping short of pr...

Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure
Ivanti's CVE-2025-0282 flaw, exploited by China-linked actors, enables remote code execution. CISA demands urgent patching by January 15, 2025.
Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast - Help Net Security
Hereās an overview of some of last weekās most interesting news, articles, interviews and videos: Ivanti Connect Secure zero-day exploited by attackers

Do Secure-By-Design Pledges Come With Stickers? - Ivanti Connect Secure RCE (CVE-2025-0282)
Did you have a good break? Have you had a chance to breathe? Wake up. Itās 2025, and the chaos continues. Haha, see what we did? We wrote the exact same thing in 2024 because 2024 was exactly the same. As an industry, we are on GroundHog day -
CVE-2025-0282 and CVE-2025-0283: Ivanti 0days in the Wild | Wiz Blog
Detect and mitigate critical RCE vulnerabilities CVE-2025-0282 and CVE-2025-0283 in Ivanti VPNs. Urgent patching required to protect against 0day exploitation.
Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) - Help Net Security
Ivanti has fixed a zero-day vulnerability (CVE-2025-0282) that is being exploited by attackers to compromise Connect Secure VPN appliances.
Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282) - Help Net Security
The zero-day attacks leveraging the Ivanti Connect Secure vulnerability (CVE-2025-0282) were first spotted in mid-December 2024.
Critical Ivanti Zero-Day Exploited in the Wild
Ivanti customers are urged to patch two new bugs in the security vendor's products, one of which is being actively exploited

Ivanti VPN Zero-Day Vulnerability Actively Exploited in the Wild
Ivanti has disclosed actively exploiting a critical zero-day vulnerability, CVE-2025-0282, in its Connect Secure VPN appliances.
Ivantiās bug-plagued network appliances attacked using fresh exploit
Multiple threat actors have begun exploiting one of four recently discovered flaws afflicting the vendorās VPN and network gateway products.