Tag: ivanti
-
Chinese Hackers Target France in Ivanti Zero-Day Exploit Campaign
The French cybersecurity agency identified Houken, a new Chinese intrusion campaign targeting various industries in France First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-hackers-france-ivanti/
-
Frequently Asked Questions About Iranian Cyber Operations
Tags: access, advisory, api, apt, attack, authentication, awareness, cisa, cloud, credentials, cve, cyber, cybersecurity, data, data-breach, defense, dos, exploit, finance, framework, government, group, Hardware, identity, infrastructure, injection, Internet, iran, ivanti, malware, mfa, microsoft, middle-east, military, mitre, monitoring, network, password, ransomware, rce, remote-code-execution, risk, service, software, supply-chain, tactics, technology, terrorism, threat, tool, update, vpn, vulnerability, windowsTenable’s Research Special Operations team focuses on some frequently asked questions about Iranian cyber operations, including the tactics, techniques and procedures employed by Iran-based threat actors. Background Tenable’s Research Special Operations (RSO) team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding Iranian cyber operations in the wake of the recent conflict and…
-
Ivanti Workspace Control hardcoded key flaws expose SQL credentials
Ivanti has released security updates to fix three high-severity hardcoded key vulnerabilities in the company’s Workspace Control (IWC) solution. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ivanti-workspace-control-hardcoded-key-flaws-expose-sql-credentials/
-
Ivanti Workspace Control Vulnerability Lets Attackers Remotely Exploit To Steal the Credential
Ivanti has released a critical security update for its Workspace Control software, patching three high-severity vulnerabilities that could allow attackers to compromise sensitive credentials. The vulnerabilities, identified as CVE-2025-5353, CVE-2025-22463, and CVE-2025-22455, affect versions of Ivanti Workspace Control prior to 10.19.10.0. CVE Number Description CVSS Score (Severity) CVE-2025-5353 A hardcoded key in Ivanti Workspace Control…
-
Mithilfe von Sicherheitslücken in Ivanti EPMM – Chinesische Hacker greifen KRITIS-Unternehmen in Europa an
First seen on security-insider.de Jump to article: www.security-insider.de/schwachstellen-ivanti-endpoint-manager-mobile-unc5521-hacker-angriffe-a-fee6ab4587af5710c0c0e2fec2e40a8f/
-
CISOs need better tools to turn risk into action
Many organizations are overwhelmed by the complexity of their IT systems, making it difficult to manage cybersecurity risks, according to a new Ivanti report. The … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/04/ciso-exposure-management/
-
Questions mount as Ivanti tackles another round of zero-days
The besieged security vendor maintains the latest exploited vulnerabilities in its products are entirely linked to unspecified security issues in open-source libraries. Some researchers aren’t buying it. First seen on cyberscoop.com Jump to article: cyberscoop.com/ivanti-epmm-defects-exploited/
-
Ivanti Vulnerability Exploit Could Expose UK NHS Data
Two NHS England trusts could see highly sensitive patient records exposed First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ivanti-vulnerability-exploit-could/
-
China-linked APT UNC5221 started exploiting Ivanti EPMM flaws shortly after their disclosure
China-linked APT exploit Ivanti EPMM flaws to target critical sectors across Europe, North America, and Asia-Pacific, according to EclecticIQ. Researchers from EclecticIQ observed a China-linked APT group that chained two Ivanti EPMM flaws, tracked as CVE-2025-4427 and CVE-2025-4428, in attacks against organizations in Europe, North America, and Asia-Pacific. Below is the description of the flaws:…
-
Ivanti EPMM flaws leveraged in global Chinese cyberespionage attacks
First seen on scworld.com Jump to article: www.scworld.com/brief/ivanti-epmm-flaws-leveraged-in-global-chinese-cyberespionage-attacks
-
Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability
Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile (EPMM) version 12.5.0.0 and earlier. These flaws, when chained together, allow unauthenticated remote code execution (RCE) on internet-facing systems, posing a severe risk to enterprise security. EclecticIQ analysts have confirmed active exploitation in the wild since the disclosure date, with…
-
Chinese cyber spies are using Ivanti EPMM flaws to breach EU, US organizations
CVE-2025-4427 and CVE-2025-4428 the two Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities that have been exploited in the wild as zero-days and patched by Ivanti … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/23/chinese-cyber-spies-are-using-ivanti-epmm-flaws-to-breach-eu-us-organizations/
-
Ivanti makes dedicated fans of Chinese spies who just can’t resist attacking its buggy kit
If it ain’t broke? First seen on theregister.com Jump to article: www.theregister.com/2025/05/23/ivanti_chinese_spies_attack/
-
Breach Roundup: US Indicts Qakbot Malware Leader
Also: Signal Blocks Recall, Europe Sanctions Stark Industries. This week, Qakbot leader indicted, Signal blocked Recall and a judge said Trump illegally removed watchdogs. Ivanti and Palo Alto hacks linked, Stark Industries sanctioned, Marks and Spencer’s hack costs 300M pounds. Pro-Ukraine hackers hit a Russian clinic and an outbreak of PureRAT in Russia. First seen…
-
Ivanti EPMM flaw exploited by Chinese hackers to breach govt agencies
Tags: breach, china, endpoint, exploit, flaw, government, hacker, ivanti, mobile, remote-code-executionChinese hackers have been exploiting a remote code execution flaw in Ivanti Endpoint Manager Mobile (EPMM) to breach high-profile organizations worldwide. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ivanti-epmm-flaw-exploited-by-chinese-hackers-to-breach-govt-agencies/
-
Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks
A recently patched pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software has been exploited by a China-nexus threat actor to target a wide range of sectors across Europe, North America, and the Asia-Pacific region.The vulnerabilities, tracked as CVE-2025-4427 (CVSS score: 5.3) and CVE-2025-4428 (CVSS score: 7.2), could be chained to execute arbitrary…
-
Ivanti EPMM Exploitation Tied to Previous Zero-Day Attacks
Wiz researchers found an opportunistic threat actor has been targeting vulnerable edge devices, including Ivanti VPNs and Palo Alto firewalls. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/ivanti-epmm-exploitation-previous-zero-day-attacks
-
Attacks leveraging Ivanti EPMM flaws in clouds underway
First seen on scworld.com Jump to article: www.scworld.com/brief/attacks-leveraging-ivanti-epmm-flaws-in-clouds-underway
-
U.S. CISA adds Ivanti EPMM, MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime flaws to its Known Exploited Vulnerabilities catalog
Tags: cisa, cybersecurity, email, exploit, flaw, google, infrastructure, ivanti, kev, router, sap, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti EPMM, MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium, DrayTek routers, and SAP NetWeaver flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions…
-
Ivanti EPMM 0-Day RCE Vulnerability Under Active Attack
Tags: attack, authentication, cyber, endpoint, flaw, ivanti, mobile, rce, remote-code-execution, vulnerability, zero-dayIvanti’s Endpoint Manager Mobile (EPMM) contains a critical vulnerability chain that has been actively abused. The vulnerabilities, initially disclosed by Ivanti on March 13th, 2025, combine an authentication bypass (CVE-2025-4427) and a remote code execution flaw (CVE-2025-4428) to create a critical attack vector that allows unauthenticated attackers to execute arbitrary code on vulnerable systems. While…
-
Ivanti EPMM Bugs Combine for Unauthenticated RCE in the Wild
Summary On March 13, Ivanti disclosed two vulnerabilities which a ect their on-premise Endpoint Manager Mobile product: CVE-2025-4427 (an authentication bypass) and CVE-2025-4428 (an authenticated First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2025/05/21/ivanti-epmm-bugs-combine-for-unauthenticated-rce-in-the-wild/
-
‘Ongoing’ Ivanti hijack bug exploitation reaches clouds
Nothing like insecure code in security suites First seen on theregister.com Jump to article: www.theregister.com/2025/05/21/ivanti_rce_attacks_ongoing/
-
CISA Adds Actively Exploited Ivanti EPMM Zero-Day to KEV Catalog
Tags: authentication, cisa, cve, cyber, cybersecurity, endpoint, exploit, flaw, infrastructure, ivanti, kev, mobile, open-source, remote-code-execution, vulnerability, zero-dayCybersecurity and Infrastructure Security Agency (CISA) has added two critical zero-day vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The flaws CVE-2025-4427 and CVE-2025-4428 enable authentication bypass and remote code execution, respectively, and stem from insecure implementations of widely used open-source…
-
Why legal must lead on AI governance before it’s too late
In this Help Net Security interview, Brooke Johnson, Chief Legal Counsel and SVP of HR and Security, Ivanti, explores the legal responsibilities in AI governance, highlighting … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/20/brooke-johnson-ivanti-ai-governance/
-
Active Exploitation of Ivanti EPMM Zero-Day Vulnerability in the Wild
Tags: cve, cyber, exploit, ivanti, monitoring, remote-code-execution, threat, vulnerability, zero-daySecurity researchers at The Shadowserver Foundation have identified active exploitation attempts targeting a critical zero-day vulnerability in Ivanti’s Enterprise Mobility Management (EPMM) platform. The vulnerability, tracked as CVE-2025-4427, can be chained with CVE-2025-4428 to achieve remote code execution (RCE), posing a significant threat to unpatched systems. Recent monitoring shows a concerning number of vulnerable instances…
-
Ivanti EPMM Hit by Two Actively Exploited 0day Vulnerabilities
Ivanti EPMM users urgently need to patch against actively exploited 0day vulnerabilities (CVE-2025-4427, CVE-2025-4428) that enable pre-authenticated remote… First seen on hackread.com Jump to article: hackread.com/ivanti-epmm-actively-exploited-0day-vulnerabilities/
-
Actively abused Ivanti EPMM zero-days fixed
First seen on scworld.com Jump to article: www.scworld.com/brief/actively-abused-ivanti-epmm-zero-days-fixed
-
Breach Roundup: SAP NetWeaver Flaw Draws Hackers
Tags: breach, conference, credentials, flaw, hacker, ivanti, microsoft, north-korea, russia, sap, zero-dayAlso, DOGE Employee’s Credentials Found in Infostealer Dumps. This week, SAP NetWeaver flaw drew hackers, zero-days in Ivanti EPMM, DOGE employee’s credentials found in infostealer dumps and Nucor halted operations. North Korean hackers targeted South Koreans with fake conference invites, Russian hackers targeted webmail servers and Microsoft fixed 72 flaws. First seen on govinfosecurity.com Jump…