News

CISA adds Ivanti Connect Secure vulnerability to KEV catalog
CVE-2025-22457 is a critical stack buffer-overflow vulnerability. Ivanti had initially assessed as a low-level product bug ...
Only classified as a bug: Critical security vulnerability in Ivanti ICS attacked
Ivanti has misjudged a bug in the VPN software Connect Secure. This is a security vulnerability that is under attack.
CRN5d
CISA Urges Patching For ‘Critical’ Ivanti VPN Flaw Exploited In Attacks
The group, UNC5221, is believed to have compromised thousands of Ivanti VPN devices during the wave of 2024 attacks, with the list of victims including CISA. In the latest attacks targeting Ivanti ...
The Hacker News3d
Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware
Ivanti patches CVE-2025-22457 exploited by UNC5221 in March 2025, risking remote code execution and credential theft.
JD Supra6d
CISA Issues Malware Analysis Report on RESURGE Malware
On March 28, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released a Malware Analysis Report (MAR) on RESURGE malware, which ...
SecurityWeek2d
Exploited Vulnerability Puts 5,000 Ivanti VPN Appliances at Risk
More than 5,000 Ivanti Connect Secure appliances are vulnerable to attacks exploiting CVE-2025-22457, which has been used by ...
SecurityWeek6d
Chinese APT Pounces on Misdiagnosed RCE in Ivanti VPN Appliances
Ivanti misdiagnoses a remote code execution vulnerability and Mandiant reports that Chinese hackers are launching in-the-wild ...
The Hacker News1d
Microsoft Patches 126 Flaws Including Actively Exploited Windows CLFS Vulnerability
Microsoft patched 126 vulnerabilities including actively exploited CVE-2025-29824, leaving Windows 10 users exposed.
Infosecurity-magazine.com6d
Chinese State Hackers Exploiting Newly Disclosed Ivanti Flaw
A Chinese state threat actor is actively exploiting a newly disclosed critical Ivanti vulnerability, according to Mandiant researchers. The suspected espionage actor has been targeting CVE-2025-22457, ...