ivanti News Articles
Recent news articles refferecing the vendors vulnerabilities.
CISA Warns of 'Resurge' Malware Connected to Ivanti Vuln
Threat actors are exploiting a vulnerability in Ivanti Connect Secure first disclosed by the vendor in January.
2 days ago
New Malware Variant RESURGE Exploits Ivanti Vulnerability
CISA recommends immediate action to address malware variant RESURGE exploiting Ivanti vulnerability CVE-2025-0282
2 days ago
CISA reveals new malware variant used on compromised Ivanti Connect Secure devices - Help Net Security
CISA has released IOCs and updated mitigation advice for rooting out new malware used on Ivanti Connect Secure VPN appliances.
2 days ago
CISA warns new malware targeting Ivanti zero-day vulnerability
CVE-2025-0282, a critical vulnerability that affects Ivantiās Connect Secure, Policy SecureĀ and ZTA Gateway products, was disclosed and patched in January.
2 days ago

CISA Adds One Vulnerability to the KEV Catalog | CISA
CISA has added one new vulnerability to itsĀ Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-0282(link is external)Ā Ivanti Connect Secure Vulnerability These types...
3 days ago

CISA Releases Malware Analysis Report on RESURGE Malware Associated with Ivanti Connect Secure | CISA
CISA has published a Malware Analysis Report (MAR) with analysis and associated detection signatures on a new malware variant CISA has identified as RESURGE. RESURGE contains capabilities of the...
3 days ago

RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features
RESURGE malware exploits Ivanti flaw CVE-2025-0282, adding stealth tools and web shells for persistence.
3 days ago
Silk Typhoon targeting IT supply chain | Microsoft Security Blog
Silk Typhoon is a Chinese state actor focused on espionage campaigns targeting a wide range of industries in the US and throughout the world. In recent months, Silk Typhoon has shifted to performing IT supply chain attacks to gain access to targets. In this blog, we provide an overview of the threat...
1 month ago

2850+ Ivanti Connect Secure Devices Vulnerable to Remote Code Execution Attacks
A critical vulnerability, CVE-2025-22467, in Ivanti Connect Secure (ICS) devices has left approximately 2,850 instances worldwide unpatched.

2,850+ Ivanti Connect Secure Devices Exposed to Potential Cyberattacks
2,850+ unpatched Ivanti Connect Secure devicesĀ worldwide, leaving organizations vulnerable to exploitation through the critical flaw designatedĀ CVE-2025-22467.
PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159) - Help Net Security
A proof-of-concept (PoC) exploit for four critical Ivanti Endpoint Manager vulnerabilities has been released; patch if you haven't already.
Ivanti | News & Insights | The Hacker News
Read the latest updates about Ivanti on The Hacker News cybersecurity and information technology publication.
Ivanti fixes 4 critical flaws, including CVSS 9.9 in Connect Secure
The flaws could enable remote code execution or arbitrary file writing and should be patched immediately.

Ivanti Connect Secure Vulnerabilities Let Attackers Execute Code Remotely
Ivanti has disclosed a critical vulnerability, CVE-2025-22467, impacting its Connect Secure (ICS) product.Ā This stack-based buffer overflow vulnerability, rated 9.9 (Critical) on the CVSS v3.1 scale, allows remote authenticated attackers to execute arbitrary code on affected systems.Ā

Ivanti Connect Secure software vulnerability | CVE-2025-0282
Security alert on the Ivanti Connect Secure software suite and Stormshield protection against CVE-2025-0282.
CISA: Hackers still exploiting older Ivanti bugs to breach networks
CISA and the FBI warned today that attackers are still exploiting Ivanti Cloud Service Appliances (CSA) security flaws patched since SeptemberĀ to breach vulnerable networks.
CISA Warn Of Critical Ivanti CSA Vulnerabilities: Patch Now
These four Ivanti CSA Vulnerabilities were exploited in September 2024 by threat actors to compromise victim networks.

New PoC Released For Ivanti Connect Secure RCE Vulnerability (CVE-2025-0282)
Researchers have unveiled a PoC exploit for a critical RCE flaw in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways.
Threat Brief: CVE-2025-0282 and CVE-2025-0283
CVE-2025-0282 and CVE-2025-0283 affect multiple Ivanti products. This threat brief covers attack scope, including details from an incident response case. CVE-2025-0282 and CVE-2025-0283 affect multiple Ivanti products. This threat brief covers attack scope, including details from an incident respons...
Critical Ivanti Vulnerabilities Addressed With Latest Patch
These Ivanti vulnerabilities, identified as CVE-2025-0282 and CVE-2025-0283, pose serious risks to users of affected versions.

33,542 Ivanti Connect Secure Instances Exposed as Exploitation of CVE-2025-0282 Unfolds
A critical security vulnerability, CVE-2025-0282, has been identified and exploited in the wild, affecting Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways.

Exploitation Walkthrough and Techniques - Ivanti Connect Secure RCE (CVE-2025-0282)
As we saw in our previous blogpost, we fully analyzed Ivantiās most recent unauthenticated Remote Code Execution vulnerability in their Connect Secure (VPN) appliance. Specifically, we analyzed CVE-2025-0282. Today, weāre going to walk through exploitation. Once again, however, stopping short of pr...

Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure
Ivanti's CVE-2025-0282 flaw, exploited by China-linked actors, enables remote code execution. CISA demands urgent patching by January 15, 2025.

Do Secure-By-Design Pledges Come With Stickers? - Ivanti Connect Secure RCE (CVE-2025-0282)
Did you have a good break? Have you had a chance to breathe? Wake up. Itās 2025, and the chaos continues. Haha, see what we did? We wrote the exact same thing in 2024 because 2024 was exactly the same. As an industry, we are on GroundHog day -
CVE-2025-0282 and CVE-2025-0283: Ivanti 0days in the Wild | Wiz Blog
Detect and mitigate critical RCE vulnerabilities CVE-2025-0282 and CVE-2025-0283 in Ivanti VPNs. Urgent patching required to protect against 0day exploitation.
Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) - Help Net Security
Ivanti has fixed a zero-day vulnerability (CVE-2025-0282) that is being exploited by attackers to compromise Connect Secure VPN appliances.
Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282) - Help Net Security
The zero-day attacks leveraging the Ivanti Connect Secure vulnerability (CVE-2025-0282) were first spotted in mid-December 2024.

Ivanti VPN Zero-Day Vulnerability Actively Exploited in the Wild
Ivanti has disclosed actively exploiting a critical zero-day vulnerability, CVE-2025-0282, in its Connect Secure VPN appliances.
Ivantiās bug-plagued network appliances attacked using fresh exploit
Multiple threat actors have begun exploiting one of four recently discovered flaws afflicting the vendorās VPN and network gateway products.
Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities
Ivanti releases patches for critical flaws in CSA and Connect Secure, addressing privilege escalation and code execution risks.

Threat Landscape Report 2024 Highlight Cybersecurity Risks
The ANZ Threat Landscape Report 2024 reveals increasing cybersecurity threats in Australia and New Zealand.
How Cloudflareās AI WAF proactively detected the Ivanti Connect Secure critical zero-day vulnerability
Prior to the vulnerabilities' announcement publicly, the WAF Attack Score AI model was able to identify the attack threats and assign scores indicating high maliciousness for the attack examples, particularly for the Remote Code Execution and Path Traversal attack categories. The issuance of Emergen...
3 More Ivanti Cloud Vulns Exploited in the Wild
The security bugs were found susceptible to exploitation in connection to the previously disclosed, critical CVE-2024-8963 vulnerability in the security vendor's Cloud Services Appliance (CSA).
Ivanti zero-day vulnerabilities exploited in chained attack | TechT...
A limited number of Ivanti Cloud Service Application customers have been attacked in exploit chains containing zero-day vulnerabilities.
Ivanti: Three CSA Zero-Days Are Being Exploited in Attacks
Ivantiās Cloud Services Appliance is being targeted by threat actors exploiting three zero-day bugs
Ivanti warns critical flaws in Endpoint Manager exploited in the wild
Ivanti is advising administrators to get up to date on their patches following a new spell of exploits against Endpoint Manager (EPM).
Three new Ivanti CSA zero-day actively exploited in attacks
Software company Ivanti released security patches for three new CSA zero-day vulnerabilities actively exploited in attacks.
Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited
Ivanti warns of active exploitation of three new CSA vulnerabilities, enabling hackers to bypass security measures.
Ivanti, Critical Security Vulnerability CVE-2024-29824 SQL Injection - ZAM
On October 2, 2024, CISA issued an advisory regarding active exploitation of CVE-2024-29824, affecting Ivanti Endpoint Manager.

Critical Ivanti Vulnerability CVE-2024-29824 Under Attack
CISA warns of active exploitation of an Ivanti vulnerability, CVE-2024-29824. Patching required by October 23, 2024, to protect systems.
Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824) - Help Net Security
CVE-2024-29824, an unauthenticated SQL Injection vulnerability in Ivanti Endpoint Manager (EPM) appliances, is being exploited by attackers.

Hackers Now Exploit Ivanti Endpoint Manager Vulnerability to Launch Cyber Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new vulnerability to its Known Exploited Vulnerabilities Catalog.

Ivanti Endpoint Manager Vulnerability Public Exploit is Now Used in Cyber Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new vulnerability to its Known Exploited Vulnerabilities Catalog, highlighting the ongoing threat landscape faced by federal and private entities alike.

Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch
Critical Ivanti Endpoint Manager flaw CVE-2024-29824 actively exploited. CISA urges immediate updates to secure networks
Ivanti EPM Vulnerability Exploited in the Wild
An Ivanti EPM SQL injection vulnerability tracked as CVE-2024-29824 has been exploited to target some of the companyās customers.
Critical Ivanti RCE flaw with public exploit now used in attacks
CISA warned today that a critical Ivanti vulnerability that can let threat actors gain remote code execution onĀ vulnerable Endpoint Manager (EPM) appliances is now actively exploited in attacks.
More Ivanti vulnerabilities exploited in the wild | TechTarget
Three Ivanti vulnerabilities have been exploited in the wild this month, though details about the attacks are scarce.
Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593) - Help Net Security
CVE-2024-7593, a critical auth bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM) appliances, is actively exploited.

CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns
CISA adds Ivanti vTM flaw CVE-2024-7593 to Known Exploited Vulnerabilities list, urging swift remediation.
Ivanti's Cloud Service Attacked via Second Vuln
The critical bug, CVE-2024-8963, can be used in conjunction with the prior known flaw to achieve remote code execution (RCE).