Ongoing attacks on Ivanti VPNs install a ton of sneaky, well-written malware
PHASEJAM is a well-written and multifaceted bash shell script. It first installs a web shell that gives the remote hackers privileged control of devices. It then injects a function into the Connect ...
CISA: Hackers still exploiting older Ivanti bugs to breach networks
CISA and the FBI warned today that attackers are still exploiting Ivanti Cloud Service Appliances (CSA) security flaws ...
CRN24d
Five Latest Updates On The 2025 Ivanti VPN Attacks
While the patches for Connect Secure are available, software fixes for other products impacted by the vulnerabilities are in the works, according to Ivanti. Patches addressing the two ...
TechCrunch28d
Hackers are exploiting a new Ivanti VPN security bug to hack into company networks
Ivanti said a patch is currently available for Connect Secure, but that patches for Policy Secure and ZTA Gateways — neither of which have confirmed exploitability — won’t be released until ...
Direct Marketing News27d
Ivanti warns of new Connect Secure vulnerability
Ivanti stated that a patch for Connect Secure is currently available, while patches for Policy Secure and ZTA Gateway are scheduled for release on January 21. Ivanti Connect Secure users need to ...
Bleeping Computer29d
Ivanti warns of new Connect Secure flaw used in zero-day attacks
Ivanti has rushed out security patches for Ivanti Connect Secure, which are resolved in firmware version 22.7R2.5. However, patches for Ivanti Policy Secure and Ivanti Neurons for ZTA Gateways ...
techzine13d
Lack of patching leads to massive exploitation of Ivanti hardware
CISA, the U.S. cybersecurity agency, and the FBI report that attackers are still exploiting security vulnerabilities in ...
aha.org13d
Advisory details how cyber actors deployed vulnerabilities in attack on Ivanti cloud products
The Cybersecurity and Infrastructure Security Agency and FBI Jan. 22 released an advisory explaining how cyberthreat actors ...
Infosecurity-magazine.com28d
Critical Ivanti Zero-Day Exploited in the Wild
The UK’s National Cyber Security Centre (NCSC) and its US equivalent have urged Ivanti customers to take immediate action to mitigate two new vulnerabilities, one of which is being actively exploited.
TechRadar28d
Ivanti warns another critical security flaw is being attacked
The company urged customers to apply the patch immediately, and provided further details about the threat actors and their tools. In partnership with security researchers at Mandiant, Ivanti ...
CSOonline29d
Ivanti warns critical RCE flaw in Connect Secure exploited as zero-day
The software maker announced that a stack-based buffer overflow flaw in its SSL VPN appliance has been exploited in the wild. Ivanti Policy Secure and Ivanti Neurons for ZTA gateways are also ...
The Register on MSN13dOpinion
One of Salt Typhoon's favorite flaws still wide open on 91% of at-risk Exchange Servers
This echoes an earlier report by Trend Micro that said malware spotted in Salt Typhoon campaigns includes SnappyBee, which is ...