Bleeping Computer

Ivanti patches MobileIron zero-day bug exploited in attacks

US-based IT software company Ivanti has patched an actively exploited zero-day authentication bypass vulnerability impacting its Endpoint Manager Mobile (EPMM) mobile device management software ...
Bleeping Computer

Ivanti warns of new Connect Secure flaw used in zero-day attacks

Ivanti is warning that hackers exploited a Connect Secure remote code execution vulnerability tracked as CVE-2025-0282 in zero-day attacks to install malware on appliances. The company says it became ...
Infosecurity-magazine.com

Critical Ivanti Zero-Day Exploited in the Wild

The UK’s National Cyber Security Centre (NCSC) and its US equivalent have urged Ivanti customers to take immediate action to mitigate two new vulnerabilities, one of which is being actively exploited.
CRN

Five Latest Updates On The 2025 Ivanti VPN Attacks

A domain registry provider is the first company to acknowledge a compromise related to the cyberattacks, which have exploited a critical vulnerability in Ivanti Connect Secure. Ivanti has released a ...
CRN

CISA: Attackers Are Bypassing Ivanti VPN Bug Mitigations

As Ivanti Connect Secure customers await delayed patches, threat actors have ‘developed workarounds to current mitigations,’ the U.S. cybersecurity agency says. Malicious actors have “recently” ...
Ars Technica

Agencies using vulnerable Ivanti products have until Saturday to disconnect them

Federal civilian agencies have until midnight Saturday morning to sever all network connections to Ivanti VPN software, which is currently under mass exploitation by multiple threat groups. The US ...