Malware & Threats
A Chinese espionage group has been chaining two recent Ivanti EPMM vulnerabilities in attacks against organizations in multiple critical sectors.
Hi, what are you looking for?
SecurityWeek
All posts tagged "Ivanti"
Vulnerabilities
Wiz warns that threat actors are chaining two recent Ivanti vulnerabilities to achieve unauthenticated remote code execution.
Vulnerabilities
Ivanti has released patches for two EPMM vulnerabilities that have been chained in the wild for remote code execution.
Data Breaches
The latest Verizon DBIR landed this week with a startling statistic about the security posture of VPNs and network edge devices.
Incident Response
The CVE-2025-22457 has already been exploited by a China-nexus hacking gang notorious for breaking into edge network devices.
Vulnerabilities
Ivanti, VMware, and Zoom released fixes for dozens of vulnerabilities in their products on April 2025 Patch Tuesday.
Vulnerabilities
More than 5,000 Ivanti Connect Secure appliances are vulnerable to attacks exploiting CVE-2025-22457, which has been used by Chinese hackers.
Malware & Threats
Ivanti misdiagnoses a remote code execution vulnerability and Mandiant reports that Chinese hackers are launching in-the-wild exploits.
Malware & Threats
CISA has published its analysis of Resurge, a SpawnChimera malware variant used in attacks targeting a recent Ivanti Connect Secure zero-day.
Vulnerabilities
CISA has added three critical-severity flaws in Ivanti EPM to its Known Exploited Vulnerabilities catalog.
Vulnerabilities
Proof-of-concept (PoC) code and technical details on four critical-severity Ivanti EPM vulnerabilities are now available.
Vulnerabilities
Ivanti and Fortinet on Tuesday released patches for multiple critical- and high-severity vulnerabilities in their products.
Malware & Threats
The US government shared exploit chains, IOCs and post-incident forensics data to help network defenders hunt for signs of Chinese hacking gangs.
Vulnerabilities
Ivanti has released patches for multiple vulnerabilities in Endpoint Manager (EPM), including four critical-severity flaws.
Vulnerabilities
Many Ivanti VPNs are still exposed to attacks exploiting a recent vulnerability tracked as CVE-2025-0282 and Nominet has been named as a victim.
Malware & Threats
Google Cloud’s Mandiant has linked the exploitation of CVE-2025-0282, a new Ivanti VPN zero-day, to Chinese cyberspies.
Malware & Threats
Ivanti confirms zero-day exploitation of a remotely exploitable code execution flaw in its Connect Security product line.
Vulnerabilities
Ivanti has released patches for critical vulnerabilities in Cloud Services Application, Connect Secure, and Policy Secure.
Vulnerabilities
Ivanti has released fixes for dozens of vulnerabilities in Endpoint Manager, Avalanche, Connect Secure, Policy Secure, and Secure Access Client.
Nation-State
Fortinet believes state-sponsored threat actors are behind the recent attacks involving exploitation of Ivanti CSA zero-days.
Malware & Threats
The DanaBot botnet ensnared over 300,000 devices and caused more than $50 million in damages before being disrupted.
Incident Response
Vulnerabilities
Incident Response
Data Protection
Signal said the privacy feature is on by default for every Windows 11 user to block Microsoft from taking screenshots for Windows Recall.
Management & Strategy
Threat Intelligence
Cybercrime
Malware & Threats