ivanti News Articles

DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks

CVE-2025-0282 exploited by Chinese threat actors + DslogdRAT malware installs + 9X ICS scans spike

12 hours ago

September, 2024 - Iron Castle Systems

This post was originally published on this siteOne of the problems I've had since I originally wrote mac-robber.py [1][2][3] seven years ago is that because of the underlying os.stat python library we...

1 week ago

Ivanti 0-day RCE Vulnerability Exploitation Details Disclosed

A detailed technical analysis has been published regarding CVE-2025-22457, an unauthenticated RCE vulnerability impacting several Ivanti products.

2 weeks ago

5000+ Exposed Ivanti Connect Secure Devices Vulnerable to RCE Attacks

Over 5,113 Ivanti Connect Secure VPN appliances remain unpatched and vulnerable to active exploitation of CVE-2025-22457.

2 weeks ago

Over 5K Ivanti VPNs vulnerable to critical bug under attack

China-linked threat actors last month began exploiting CVE-2025-22457, a critical stack buffer-overflow flaw.

3 weeks ago

Ivanti Vulnerability CVE-2025-22457 Actively Exploited

This active exploitation campaign targeting CVE-2025-22457 is a serious threat to Australian organizations using Ivanti products.

3 weeks ago

CISA adds Ivanti Connect Secure vulnerability to KEV catalog

CVE-2025-22457 is a critical stack buffer-overflow vulnerability that Ivanti had initially assessed as a low-level product bug that could not be exploited remotely.

3 weeks ago

Ivanti Releases Security Updates for Connect Secure, Policy Secure & ZTA Gateways Vulnerability (CVE-2025-22457) | CISA

Ivanti released security updates to address vulnerabilities (CVE-2025-22457) in Ivanti Connect Secure, Policy Secure & ZTA Gateways. A cyber threat actor could exploit CVE-2025-22457 to take control of an...

3 weeks ago

CISA Adds Actively Exploits Ivanti Connect Secure Vulnerability in Known Exploited Catalog

CISA has added CVE-2025-22457, a critical vulnerability in Ivanti Connect Secure, to its Known Exploited Vulnerabilities (KEV) Catalog.

3 weeks ago

Ivanti Connect Secure RCE Vulnerability Actively Exploited in the Wild - Apply Patch Now!

Ivanti has disclosed a critical, actively exploited vulnerability (CVE-2025-22457) affecting Connect Secure.

3 weeks ago

Is The Sofistication In The Room With Us? - X-Forwarded-For and Ivanti Connect Secure (CVE-2025-22457)

What's that Skippy? Another Ivanti Connect Secure vulnerability? At this point, regular readers will know all about Ivanti (and a handful of other vendors of the same class of devices), from our regular analysis. Do you know the fun things about these posts? We can copy text from previous posts

3 weeks ago

Chinese State Hackers Exploiting Newly Disclosed Ivanti Flaw

Mandiant warned that Chinese espionage actor UNC5221 is actively exploiting a critical Ivanti vulnerability, which can lead to remote code execution

3 weeks ago

Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware

Ivanti patches CVE-2025-22457 exploited by UNC5221 in March 2025, risking remote code execution and credential theft.

3 weeks ago

China-backed espionage group hits Ivanti customers again

UNC5221 has a knack for exploiting defects in Ivanti products. The group has exploited at least four vulnerabilities in the vendor’s products since 2023, according to Mandiant.

3 weeks ago

China-Linked Threat Group Exploits Ivanti Bug

The vendor had originally assessed the flaw as low risk but now says it is a critical issue that enables remote code execution.

3 weeks ago

Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) - Help Net Security

A suspected Chinese APT group has exploited CVE-2025-22457 - previously thought not to be exploitable - to compromise Ivanti VPN appliances.

3 weeks ago

Ivanti patches Connect Secure zero-day exploited since mid-March

Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025.

3 weeks ago

CISA Warns of 'Resurge' Malware Connected to Ivanti Vuln

Threat actors are exploiting a vulnerability in Ivanti Connect Secure first disclosed by the vendor in January.

4 weeks ago

New Malware Variant RESURGE Exploits Ivanti Vulnerability

CISA recommends immediate action to address malware variant RESURGE exploiting Ivanti vulnerability CVE-2025-0282

4 weeks ago

CISA reveals new malware variant used on compromised Ivanti Connect Secure devices - Help Net Security

CISA has released IOCs and updated mitigation advice for rooting out new malware used on Ivanti Connect Secure VPN appliances.

4 weeks ago

CISA warns new malware targeting Ivanti zero-day vulnerability

CVE-2025-0282, a critical vulnerability that affects Ivanti’s Connect Secure, Policy Secure and ZTA Gateway products, was disclosed and patched in January.

4 weeks ago

CISA Adds One Vulnerability to the KEV Catalog | CISA

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-0282(link is external) Ivanti Connect Secure Vulnerability These types...

4 weeks ago

CISA Releases Malware Analysis Report on RESURGE Malware Associated with Ivanti Connect Secure | CISA

CISA has published a Malware Analysis Report (MAR) with analysis and associated detection signatures on a new malware variant CISA has identified as RESURGE. RESURGE contains capabilities of the...

4 weeks ago

RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features

RESURGE malware exploits Ivanti flaw CVE-2025-0282, adding stealth tools and web shells for persistence.

4 weeks ago

Silk Typhoon targeting IT supply chain | Microsoft Security Blog

Silk Typhoon is a Chinese state actor focused on espionage campaigns targeting a wide range of industries in the US and throughout the world. In recent months, Silk Typhoon has shifted to performing IT supply chain attacks to gain access to targets. In this blog, we provide an overview of the threat...

2850+ Ivanti Connect Secure Devices Vulnerable to Remote Code Execution Attacks

A critical vulnerability, CVE-2025-22467, in Ivanti Connect Secure (ICS) devices has left approximately 2,850 instances worldwide unpatched.

2,850+ Ivanti Connect Secure Devices Exposed to Potential Cyberattacks

2,850+ unpatched Ivanti Connect Secure devices worldwide, leaving organizations vulnerable to exploitation through the critical flaw designated CVE-2025-22467.

PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159) - Help Net Security

A proof-of-concept (PoC) exploit for four critical Ivanti Endpoint Manager vulnerabilities has been released; patch if you haven't already.

Ivanti | News & Insights | The Hacker News

Read the latest updates about Ivanti on The Hacker News cybersecurity and information technology publication.

Ivanti fixes 4 critical flaws, including CVSS 9.9 in Connect Secure

The flaws could enable remote code execution or arbitrary file writing and should be patched immediately.

Ivanti Connect Secure Vulnerabilities Let Attackers Execute Code Remotely

Ivanti has disclosed a critical vulnerability, CVE-2025-22467, impacting its Connect Secure (ICS) product.  This stack-based buffer overflow vulnerability, rated 9.9 (Critical) on the CVSS v3.1 scale, allows remote authenticated attackers to execute arbitrary code on affected systems. 

Ivanti Connect Secure software vulnerability | CVE-2025-0282

Security alert on the Ivanti Connect Secure software suite and Stormshield protection against CVE-2025-0282.

CISA: Hackers still exploiting older Ivanti bugs to breach networks

CISA and the FBI warned today that attackers are still exploiting Ivanti Cloud Service Appliances (CSA) security flaws patched since September to breach vulnerable networks.

CISA Warn Of Critical Ivanti CSA Vulnerabilities: Patch Now

These four Ivanti CSA Vulnerabilities were exploited in September 2024 by threat actors to compromise victim networks.

New PoC Released For Ivanti Connect Secure RCE Vulnerability (CVE-2025-0282)

Researchers have unveiled a PoC exploit for a critical RCE flaw in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways.

Threat Brief: CVE-2025-0282 and CVE-2025-0283

CVE-2025-0282 and CVE-2025-0283 affect multiple Ivanti products. This threat brief covers attack scope, including details from an incident response case. CVE-2025-0282 and CVE-2025-0283 affect multiple Ivanti products. This threat brief covers attack scope, including details from an incident respons...

UK domain registry Nominet breached via Ivanti zero-day - Help Net Security

The number of internet-facing Ivanti Connect Secure instances vulnerable to attack via CVE-2025-0282 has fallen to 800.

Critical Ivanti Vulnerabilities Addressed With Latest Patch

These Ivanti vulnerabilities, identified as CVE-2025-0282 and CVE-2025-0283, pose serious risks to users of affected versions.

33,542 Ivanti Connect Secure Instances Exposed as Exploitation of CVE-2025-0282 Unfolds

A critical security vulnerability, CVE-2025-0282, has been identified and exploited in the wild, affecting Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways.

Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282)

As we saw in our previous blogpost, we fully analyzed Ivanti’s most recent unauthenticated Remote Code Execution vulnerability in their Connect Secure (VPN) appliance. Specifically, we analyzed CVE-2025-0282. Today, we’re going to walk through exploitation. Once again, however, stopping short of pr...

Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure

Ivanti's CVE-2025-0282 flaw, exploited by China-linked actors, enables remote code execution. CISA demands urgent patching by January 15, 2025.

Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Ivanti Connect Secure zero-day exploited by attackers

Do Secure-By-Design Pledges Come With Stickers? - Ivanti Connect Secure RCE (CVE-2025-0282)

Did you have a good break? Have you had a chance to breathe? Wake up. It’s 2025, and the chaos continues. Haha, see what we did? We wrote the exact same thing in 2024 because 2024 was exactly the same. As an industry, we are on GroundHog day -

CVE-2025-0282 and CVE-2025-0283: Ivanti 0days in the Wild | Wiz Blog

Detect and mitigate critical RCE vulnerabilities CVE-2025-0282 and CVE-2025-0283 in Ivanti VPNs. Urgent patching required to protect against 0day exploitation.

Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) - Help Net Security

Ivanti has fixed a zero-day vulnerability (CVE-2025-0282) that is being exploited by attackers to compromise Connect Secure VPN appliances.

Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282) - Help Net Security

The zero-day attacks leveraging the Ivanti Connect Secure vulnerability (CVE-2025-0282) were first spotted in mid-December 2024.

Critical Ivanti Zero-Day Exploited in the Wild

Ivanti customers are urged to patch two new bugs in the security vendor's products, one of which is being actively exploited

Ivanti VPN Zero-Day Vulnerability Actively Exploited in the Wild

Ivanti has disclosed actively exploiting a critical zero-day vulnerability, CVE-2025-0282, in its Connect Secure VPN appliances.

Ivanti’s bug-plagued network appliances attacked using fresh exploit

Multiple threat actors have begun exploiting one of four recently discovered flaws afflicting the vendor’s VPN and network gateway products.