Ivanti, Secure and Connect

Zero-day exploits plague Ivanti Connect Secure appliances for second year running
Factory resets and apply patches is the advice amid fortnight delay for other appliances The cybersecurity industry is urging those in charge of defending their orgs to take mitigation efforts "seriously" as Ivanti battles two dangerous new vulnerabilities,
Ivanti zero-day exploited by APT group that previously targeted Connect Secure appliances
Vulnerability revealed by Ivanti has been exploited by the same group that targeted Connect Secure from January 2024.
Ivanti Warns of New Zero-Day Attacks Hitting Connect Secure Product
Ivanti confirms zero-day exploitation of a remotely exploitable code execution vulnerability (CVE-2025-0282) in its Connect Security products.
Zero-Day Patch Alert: Ivanti Connect Secure Under Attack
VPN appliance maker Ivanti has begun releasing updates to patch a zero-day vulnerability being actively exploited by suspected nation-state attackers. Experts are
Google: Chinese hackers likely behind Ivanti VPN zero-day attacks
Hackers exploiting the critical Ivanti Connect Secure zero-day vulnerability disclosed yesterday installed on compromised VPN appliances new malware called 'Dryhook' and 'Phasejam' that is not currently associated with any threat group.
Exploitation of New Ivanti VPN Zero-Day Linked to Chinese Cyberspies
Google Cloud’s Mandiant has linked the exploitation of CVE-2025-0282, a new Ivanti VPN zero-day, to Chinese cyberspies.
Critical Ivanti Zero-Day Exploited in the Wild
Ivanti customers are urged to patch two new bugs in the security vendor's products, one of which is being actively exploited
Ivanti warns another critical security flaw is being attacked
Ivanti has warned customers of a critical vulnerability impacting its VPN appliances that is being actively exploited in the wild to drop malware. In a security advisory, Ivanti said that it uncovered two vulnerabilities recently - CVE-2025-0282 and CVE-2025-0283, both of which are impacting Ivanti Connect Secure VPN appliances.
CVE-2025-0282: Ivanti Connect Secure Zero-Day Vulnerability Exploited In The Wild
Ivanti disclosed two vulnerabilities in its Connect Secure, Policy Secure and Neurons for ZTA gateway devices, including one flaw that was exploited in the wild as a zero-day.BackgroundOn January 8, Ivanti published a security advisory for two vulnerabilities affecting multiple products including Ivanti Connect Secure,
Ivanti warns of new Connect Secure flaw used in zero-day attacks
Ivanti is warning that a new Connect Secure remote code execution vulnerability tracked as CVE-2025-0282 was exploited in zero-day attacks to install malware on appliances.
Ivanti warns of new Connect Secure vulnerability
Ivanti issues urgent alert on a new vulnerability found in their Connect Secure product, urging immediate action to mitigate potential threats.
Hackers are exploiting a new Ivanti VPN security bug to hack into company networks
Mandiant says a Chinese cyberespionage group has been exploiting the critical-rated vulnerability since at least mid-December.
Ivanti customers confront new zero-day with suspected nation-state nexus
The latest attacks come one year after a threat group exploited a pair of zero-days in the same Ivanti product.