Dark Reading

Sunken Ships: Will Orgs Learn From Ivanti EPMM Attacks?

The zero-day exploitations of Ivanti's MDM platform meant unprecedented pwning of 1000s of orgs by a Chinese APT — and ...
Bleeping Computer

Ivanti warns of new Connect Secure flaw used in zero-day attacks

Ivanti is warning that hackers exploited a Connect Secure remote code execution vulnerability tracked as CVE-2025-0282 in zero-day attacks to install malware on appliances. The company says it became ...
Ars Technica

As if 2 Ivanti vulnerabilities under exploit weren’t bad enough, now there are 3

Mass exploitation began over the weekend for yet another critical vulnerability in widely used VPN software sold by Ivanti, as hackers already targeting two previous vulnerabilities diversified, ...
Hosted on MSN

Ivanti patches two zero-days that could lead to RCE in Endpoint Manager Mobile

Ivanti patched two flaws being chained to mount RCE attacks A "limited number" of companies were allegedly compromised Only on-prem products are affected Ivanti has released a patch for two ...
Computer Weekly

Ivanti vulnerabilities explained: Everything you need to know

At the end of 2023 and into 2024, a series of vulnerabilities in Ivanti Policy Secure network access control (NAC), Ivanti Connect Secure secure socket layer virtual private network (SSL VPN), and ...
VentureBeat

How Ivanti hopes to redefine cybersecurity with AI

Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders. Subscribe Now Widening gaps in cybersecurity tech stacks ...
Ars Technica

Ivanti CEO pledges to “fundamentally transform” its hard-hit security model

Ivanti, the remote-access company whose remote-access products have been battered by severe exploits in recent months, has pledged a “new era,” one that “fundamentally transforms the Ivanti security ...
Bleeping Computer

Critical Ivanti RCE flaw with public exploit now used in attacks

CISA warned today that a critical Ivanti vulnerability that can let threat actors gain remote code execution on vulnerable Endpoint Manager (EPM) appliances is now actively exploited in attacks.
Hackaday

This Week In Security: Glibc, Ivanti, Jenkins, And Runc

There’s a fun buffer overflow problem in the Glibc __vsyslog_internal() function. This one’s a real rollercoaster, because logging vulnerabilities are always scary, but at a first look, it seems ...
Dark Reading

Critical Ivanti vTM Bug Allows Unauthorized Admin Access

Ivanti has patched another major vulnerability, this time affecting its Virtual Traffic Manager (vTM). Ivanti vTM is an application delivery controller (ADC) within its vADC (Virtual Application ...
CRN

CISA: Attackers Are Bypassing Ivanti VPN Bug Mitigations

As Ivanti Connect Secure customers await delayed patches, threat actors have ‘developed workarounds to current mitigations,’ the U.S. cybersecurity agency says. Malicious actors have “recently” ...
TechCrunch

NSA says it’s tracking Ivanti cyberattacks as hackers hit US defense sector

The U.S. National Security Agency has confirmed that hackers exploiting flaws in Ivanti’s widely used enterprise VPN appliance have targeted organizations across the U.S. defense sector. NSA ...