Hosted on MSN19d
Zero-day exploits plague Ivanti Connect Secure appliances for second year running
Ivanti said that CVE-2025-0282 is the exploited zero-day, but they just happened to find CVE-2025-0283 during the threat-hunting phase and decided to include it in the advisory. The ...
Hosted on MSN13d
Nominet probes network intrusion linked to Ivanti zero-day exploit
Unauthorized activity detected, but no backdoors found UK domain registry Nominet is investigating a potential intrusion into ...
Bleeping Computer19d
Ivanti zero-day attacks infected devices with custom malware
Hackers exploiting the critical Ivanti Connect Secure zero-day vulnerability disclosed yesterday installed on compromised VPN appliances new malware called ‘Dryhook’ and ‘Phasejam’ that is ...
Infosecurity-magazine.com20d
Critical Ivanti Zero-Day Exploited in the Wild
The UK’s National Cyber Security Centre (NCSC) and its US equivalent have urged Ivanti customers to take immediate action to mitigate two new vulnerabilities, one of which is being actively exploited.
Yahoo Finance16d
Ivanti zero-day has researchers scrambling
Threat hunters are scrambling to determine the scope of damage and potential impact from a critical zero-day vulnerability that impacts a trio of Ivanti products, including Ivanti Connect Secure ...
CSOonline20d
Ivanti zero-day exploited by APT group that previously targeted Connect Secure appliances
This is the same group that has exploited zero-day vulnerabilities in Ivanti Connect Secure appliances back in January 2024 and throughout the year. The latest attacks, exploiting the new CVE-2025 ...
Mozilla4d
Ivanti zero-days chained together in at least 3 attacks, authorities warn
Attackers exploited and chained multiple previously disclosed Ivanti Cloud Service Appliance vulnerabilities together in ...
Network security tool defects are endemic, eroding enterprise defense
When malicious hackers exploit vulnerabilities in firewalls, VPNs and routers, it’s not the vendors that get hit — it’s their ...
Infosecurity-magazine.com14d
UK Registry Nominet Breached Via Ivanti Zero-Day
The zero-day in question was revealed and patched by Ivanti on January 8. Stack-based buffer overflow bug CVE-2025-0282 has a ...
Bleeping Computer20d
Ivanti warns of new Connect Secure flaw used in zero-day attacks
Ivanti is warning that hackers exploited a Connect Secure remote code execution vulnerability tracked as CVE-2025-0282 in zero-day attacks to install malware on appliances. The company says it ...
CSOonline21d
Ivanti warns critical RCE flaw in Connect Secure exploited as zero-day
Ivanti Policy Secure and Ivanti Neurons for ... one of which has already been exploited in the wild as a zero-day to compromise devices. The exploited vulnerability, tracked as CVE-2025-0282 ...
CRN1y
Ivanti Reports Exploitation Of Two Zero-Day VPN Flaws
Ivanti disclosed Wednesday that a pair of high-severity, zero-day vulnerabilities impacting its widely used Connect Secure VPN have seen exploitation by attackers. The vulnerabilities can be used ...