Ars Technica

Ongoing attacks on Ivanti VPNs install a ton of sneaky, well-written malware

Networks protected by Ivanti VPNs are under active attack by well-resourced hackers who are exploiting a critical vulnerability that gives them complete control over the network-connected devices.
TechCrunch

Hackers begin mass-exploiting Ivanti VPN zero-day flaws

Malicious hackers have begun mass-exploiting two critical zero-day vulnerabilities in Ivanti’s widely used corporate VPN appliance. That’s according to cybersecurity company Volexity, which first ...
SiliconANGLE

Ivanti discloses critical VPN vulnerability being actively targeted by hackers

Hackers are actively targeting deployments of some Ivanti Inc. software products using a newly discovered security vulnerability. The company disclosed the exploit, which is tracked as CVE-2025-0282, ...
CRN

Five Latest Updates On The 2025 Ivanti VPN Attacks

A domain registry provider is the first company to acknowledge a compromise related to the cyberattacks, which have exploited a critical vulnerability in Ivanti Connect Secure. Ivanti has released a ...
Bleeping Computer

Ivanti warns of new Connect Secure flaw used in zero-day attacks

Ivanti is warning that hackers exploited a Connect Secure remote code execution vulnerability tracked as CVE-2025-0282 in zero-day attacks to install malware on appliances. The company says it became ...
Business Wire

Ivanti Neurons for Patch Management Introduces Risk-Based Deployment to Tackle Growing Cyber Threats and Automate Patching Process

SALT LAKE CITY--(BUSINESS WIRE)--Ivanti, the tech company that breaks down barriers between IT and security so that Everywhere Work can thrive, announced new features for Ivanti Neurons for Patch ...
Ars Technica

Actively exploited 0-days in Ivanti VPN are letting hackers backdoor networks

Unknown threat actors are actively targeting two critical zero-day vulnerabilities that allow them to bypass two-factor authentication and execute malicious code inside networks that use a widely used ...
CRN

Ivanti VPN Attacks Started In Mid-December, May Have Links To China: Mandiant

Researchers at the Google Cloud-owned cybersecurity specialist say they know of ‘multiple organizations’ impacted by the exploitation of a critical Ivanti Connect Secure vulnerability. Attacks ...
Dark Reading

Ivanti Gets Poor Marks for Cyber Incident Response

Editor's note: CISA clarified its guidance regarding Ivanti VPN appliances to explain they may be reconnected to government networks following the completion of necessary mitigations. This story has ...
Dark Reading

Ivanti Zero-Day Exploits Skyrocket Worldwide; No Patches Yet

Thousands of Ivanti VPN instances have been compromised across the globe in the last five days thanks to two serious, as yet unpatched zero-day vulnerabilities disclosed last week. Ivanti Connect ...
Infosecurity-magazine.com

Ivanti: Three CSA Zero-Days Are Being Exploited in Attacks

Customers of Ivanti’s Cloud Services Appliance (CSA) have been urged to update their product immediately after the vendor released details of three zero-day vulnerabilities that are being exploited in ...