Malware & Threats Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins The recently disclosed Ivanti VPN zero-days have been exploited to hack at least 1,700 devices, including government, telecoms, defense, and tech. Eduard KovacsJanuary 16, 2024
Malware & Threats Malware Used in Ivanti Zero-Day Attacks Shows Hackers Preparing for Patch Rollout Ivanti zero-day vulnerabilities dubbed ConnectAround could impact thousands of systems and Chinese cyberspies are preparing for patch release. Eduard KovacsJanuary 12, 2024
Nation-State Volexity Catches Chinese Hackers Exploiting Ivanti VPN Zero-Days Ivanti confirms active zero-day exploits, ships pre-patch mitigations, but says comprehensive fixes won't be available until January 22. Ryan NaraineJanuary 10, 2024
Vulnerabilities Ivanti Patches Critical Vulnerability in Endpoint Manager CVE-2023-39336, a critical vulnerability in Ivanti EPM, may lead to device takeover and code execution on the server. Ionut ArghireJanuary 5, 2024
Vulnerabilities Ivanti Patches Dozen Critical Vulnerabilities in Avalanche MDM Product Ivanti has patched 20 vulnerabilities in its Avalanche MDM product, including a dozen remote code execution flaws rated critical. Eduard KovacsDecember 21, 2023
Vulnerabilities Exploitation of Ivanti Sentry Zero-Day Confirmed While initially it was unclear if the Ivanti Sentry vulnerability CVE-2023-38035 has been exploited, the vendor and CISA have now confirmed it. Eduard KovacsAugust 23, 2023
Vulnerabilities Ivanti Patches Critical Vulnerability in Avalanche Enterprise MDM Solution Ivanti has patched critical- and high-severity vulnerabilities with the latest release of Avalanche, its enterprise mobile device management solution. Ionut ArghireAugust 16, 2023
Vulnerabilities Exploitation of Ivanti EPMM Flaw Picking Up as New Vulnerability Is Disclosed Exploitation of the Ivanti EPMM flaw CVE-2023-35078 is picking up as a new critical vulnerability tracked as CVE-2023-35082 is disclosed. Eduard KovacsAugust 4, 2023
Malware & Threats Ivanti Zero-Day Exploited by APT Since at Least April in Norwegian Government Attack The recently patched Ivanti EPMM zero-day CVE-2023-35078 has been exploited to hack the Norwegian government since at least April 2023. Eduard KovacsAugust 2, 2023
Malware & Threats Second Ivanti EPMM Zero-Day Vulnerability Exploited in Targeted Attacks Ivanti EPMM customers have been warned of CVE-2023-35081, a second zero-day vulnerability that has been exploited in targeted attacks. Eduard KovacsJuly 31, 2023
Cybercrime Ivanti Zero-Day Vulnerability Exploited in Attack on Norwegian Government An Ivanti EPMM product zero-day vulnerability tracked as CVE-2023-35078 has been exploited in an attack aimed at the Norwegian government. Eduard KovacsJuly 25, 2023