Ars Technica

Ongoing attacks on Ivanti VPNs install a ton of sneaky, well-written malware

Networks protected by Ivanti VPNs are under active attack by well-resourced hackers who are exploiting a critical vulnerability that gives them complete control over the network-connected devices.
CRN

Five Latest Updates On The 2025 Ivanti VPN Attacks

A domain registry provider is the first company to acknowledge a compromise related to the cyberattacks, which have exploited a critical vulnerability in Ivanti Connect Secure. Ivanti has released a ...
TechCrunch

Hackers begin mass-exploiting Ivanti VPN zero-day flaws

Malicious hackers have begun mass-exploiting two critical zero-day vulnerabilities in Ivanti’s widely used corporate VPN appliance. That’s according to cybersecurity company Volexity, which first ...
CRN

Ivanti Discloses Exploitation Of ‘Critical’ VPN Vulnerability

The company’s Connect Secure VPN is also vulnerable to a second, high-severity flaw, Ivanti says. Ivanti disclosed Wednesday that a critical-severity, zero-day vulnerability impacting its widely used ...
Bleeping Computer

Ivanti warns of new Connect Secure flaw used in zero-day attacks

Ivanti is warning that hackers exploited a Connect Secure remote code execution vulnerability tracked as CVE-2025-0282 in zero-day attacks to install malware on appliances. The company says it became ...
Dark Reading

Ivanti Keeps Security Teams Scrambling With 2 More Vulns

Ivanti, whose products have been a big target for attackers recently, has disclosed two more critical vulnerabilities in its technologies — raising more questions about the security of its products in ...
Business Wire

Ivanti Neurons for Patch Management Introduces Risk-Based Deployment to Tackle Growing Cyber Threats and Automate Patching Process

SALT LAKE CITY--(BUSINESS WIRE)--Ivanti, the tech company that breaks down barriers between IT and security so that Everywhere Work can thrive, announced new features for Ivanti Neurons for Patch ...
Ars Technica

Actively exploited 0-days in Ivanti VPN are letting hackers backdoor networks

Unknown threat actors are actively targeting two critical zero-day vulnerabilities that allow them to bypass two-factor authentication and execute malicious code inside networks that use a widely used ...
Dark Reading

Ivanti Gets Poor Marks for Cyber Incident Response

Editor's note: CISA clarified its guidance regarding Ivanti VPN appliances to explain they may be reconnected to government networks following the completion of necessary mitigations. This story has ...
Bleeping Computer

Ivanti fixes maximum severity RCE bug in Endpoint Management software

Ivanti has fixed a maximum severity vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers gain remote code execution on the core server. Ivanti EPM helps ...
TechRadar

Ivanti warns it has found another major security flaw in its systems

Ivanti finds 10/10 flaw in the Cloud Services Appliance It allows hackers to gain administrative privileges The bug was fixed in version 5.0.3, with users urged to update now Ivanti is warning ...
Business Wire

Ivanti Names Software Industry Leader Dennis Kozak as CEO

SALT LAKE CITY--(BUSINESS WIRE)--Ivanti, the software company that breaks down barriers between IT and security so that Everywhere Work can thrive, announced today that it has named current Ivanti COO ...