Tag: ivanti
-
Ivanti Flaws Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks
Cybersecurity researchers have disclosed details of a new malware called MDifyLoader that has been observed in conjunction with cyber attacks exploiting security flaws in Ivanti Connect Secure (ICS) appliances.According to a report published by JPCERT/CC today, the threat actors behind the exploitation of CVE-2025-0282 and CVE-2025-22457 in intrusions observed between December 2024 and July First…
-
Ivanti Zero-Days Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks
Cybersecurity researchers have disclosed details of a new malware called MDifyLoader that has been observed in conjunction with cyber attacks exploiting security flaws in Ivanti Connect Secure (ICS) appliances.According to a report published by JPCERT/CC today, the threat actors behind the exploitation of CVE-2025-0282 and CVE-2025-22457 in intrusions observed between December 2024 and July First…
-
Threat Actors Exploit Ivanti Connect Secure Flaws to Deploy Cobalt Strike Beacon
Threat actors have been actively exploiting vulnerabilities in Ivanti Connect Secure, specifically CVE-2025-0282 and CVE-2025-22457, to deploy advanced malware including MDifyLoader and Cobalt Strike Beacon. These attacks, observed from December 2024 through July 2025, build on prior incidents involving SPAWNCHIMERA and DslogdRAT, demonstrating persistent targeting of VPN appliances. Attackers leverage these flaws for initial access,…
-
Hackers Exploit Ivanti and Fortinet VPN Vulnerabilities in Attacks on Japanese Companies
Cyber espionage campaigns against Japanese companies have increased in fiscal year 2024, which runs from April 2024 to March 2025, according to a thorough analysis published by Macnica’s Security Research Center. The main objective of these campaigns is to exfiltrate sensitive data, including manufacturing blueprints, policy-related documents, and personal information. Since initiating monitoring in 2014,…
-
âš¡ Weekly Recap: Chrome 0-Day, Ivanti Exploits, MacOS Stealers, Crypto Heists and More
Everything feels secure”, until one small thing slips through. Even strong systems can break if a simple check is missed or a trusted tool is misused. Most threats don’t start with alarms”, they sneak in through the little things we overlook. A tiny bug, a reused password, a quiet connection”, that’s all it takes.Staying safe…
-
China-linked group Houken hit French organizations using zero-days
China-linked group Houken hit French govt, telecom, media, finance and transport sectors using Ivanti CSA zero-days, says France’s ANSSI. France’s cyber agency ANSSI revealed that a Chinese hacking group used Ivanti CSA zero-days to target government, telecom, media, finance, and transport sectors. The campaign, active since September 2024, is linked to the Houken intrusion set,…
-
China-linked attacker hit France’s critical infrastructure via trio of Ivanti zero-days last year
French authorities said government agencies and businesses spanning telecom, media, finance and transportation were impacted by the widely exploited Ivanti vulnerabilities. First seen on cyberscoop.com Jump to article: cyberscoop.com/france-government-ivanti-zero-days-china/
-
Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms
The French cybersecurity agency on Tuesday revealed that a number of entities spanning governmental, telecommunications, media, finance, and transport sectors in the country were impacted by a malicious campaign undertaken by a Chinese hacking group by weaponizing several zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices.The campaign, detected at the beginning of First seen…
-
China Linked Houken Hackers Breach French Systems with Ivanti Zero Days
ANSSI report details the Chinese UNC5174 linked Houken cyberattack using Ivanti zero-days (CVE-2024-8190, 8963, 9380) against the French government, defence and finance sector. First seen on hackread.com Jump to article: hackread.com/china-houken-hackers-breach-french-ivanti-zero-days/
-
Chinese Hackers Exploited Ivanti Flaw in France
Hackers Targeted French Government Entities, ANSSI Said. A hacking campaign linked to Chinese threat actors chained zero-days in Ivanti server software to target French government, defense and media entities, the national cyber agency said. The hacker has similarities to a Chinese threat actor tracked as UNC5174. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/chinese-hackers-exploited-ivanti-flaw-in-france-a-28888
-
Initial Access Broker Self-Patches Zero Days as Turf Control
A likely China-nexus threat actor has been exploiting unpatched Ivanti vulnerabilities to gain initial access to victim networks and then patching the systems to block others from breaking in to the same network. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/initial-access-broker-self-patches-zero-days
-
French cybersecurity agency confirms government affected by Ivanti hacks
ANSSI, France’s cyber agency, says a hacking campaign targeted “organizations from governmental, telecommunications, media, finance, and transport sectors,” using vulnerabilities in an Ivanti appliance. First seen on therecord.media Jump to article: therecord.media/france-anssi-report-ivanti-bugs-exploited
-
Chinese Hackers Target France in Ivanti Zero-Day Exploit Campaign
The French cybersecurity agency identified Houken, a new Chinese intrusion campaign targeting various industries in France First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-hackers-france-ivanti/
-
Frequently Asked Questions About Iranian Cyber Operations
Tags: access, advisory, api, apt, attack, authentication, awareness, cisa, cloud, credentials, cve, cyber, cybersecurity, data, data-breach, defense, dos, exploit, finance, framework, government, group, Hardware, identity, infrastructure, injection, Internet, iran, ivanti, malware, mfa, microsoft, middle-east, military, mitre, monitoring, network, password, ransomware, rce, remote-code-execution, risk, service, software, supply-chain, tactics, technology, terrorism, threat, tool, update, vpn, vulnerability, windowsTenable’s Research Special Operations team focuses on some frequently asked questions about Iranian cyber operations, including the tactics, techniques and procedures employed by Iran-based threat actors. Background Tenable’s Research Special Operations (RSO) team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding Iranian cyber operations in the wake of the recent conflict and…
-
Ivanti Workspace Control hardcoded key flaws expose SQL credentials
Ivanti has released security updates to fix three high-severity hardcoded key vulnerabilities in the company’s Workspace Control (IWC) solution. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ivanti-workspace-control-hardcoded-key-flaws-expose-sql-credentials/
-
Ivanti Workspace Control Vulnerability Lets Attackers Remotely Exploit To Steal the Credential
Ivanti has released a critical security update for its Workspace Control software, patching three high-severity vulnerabilities that could allow attackers to compromise sensitive credentials. The vulnerabilities, identified as CVE-2025-5353, CVE-2025-22463, and CVE-2025-22455, affect versions of Ivanti Workspace Control prior to 10.19.10.0. CVE Number Description CVSS Score (Severity) CVE-2025-5353 A hardcoded key in Ivanti Workspace Control…
-
Mithilfe von Sicherheitslücken in Ivanti EPMM – Chinesische Hacker greifen KRITIS-Unternehmen in Europa an
First seen on security-insider.de Jump to article: www.security-insider.de/schwachstellen-ivanti-endpoint-manager-mobile-unc5521-hacker-angriffe-a-fee6ab4587af5710c0c0e2fec2e40a8f/
-
CISOs need better tools to turn risk into action
Many organizations are overwhelmed by the complexity of their IT systems, making it difficult to manage cybersecurity risks, according to a new Ivanti report. The … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/04/ciso-exposure-management/
-
Questions mount as Ivanti tackles another round of zero-days
The besieged security vendor maintains the latest exploited vulnerabilities in its products are entirely linked to unspecified security issues in open-source libraries. Some researchers aren’t buying it. First seen on cyberscoop.com Jump to article: cyberscoop.com/ivanti-epmm-defects-exploited/
-
Ivanti Vulnerability Exploit Could Expose UK NHS Data
Two NHS England trusts could see highly sensitive patient records exposed First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ivanti-vulnerability-exploit-could/
-
China-linked APT UNC5221 started exploiting Ivanti EPMM flaws shortly after their disclosure
China-linked APT exploit Ivanti EPMM flaws to target critical sectors across Europe, North America, and Asia-Pacific, according to EclecticIQ. Researchers from EclecticIQ observed a China-linked APT group that chained two Ivanti EPMM flaws, tracked as CVE-2025-4427 and CVE-2025-4428, in attacks against organizations in Europe, North America, and Asia-Pacific. Below is the description of the flaws:…
-
Ivanti EPMM flaws leveraged in global Chinese cyberespionage attacks
First seen on scworld.com Jump to article: www.scworld.com/brief/ivanti-epmm-flaws-leveraged-in-global-chinese-cyberespionage-attacks
-
Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability
Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile (EPMM) version 12.5.0.0 and earlier. These flaws, when chained together, allow unauthenticated remote code execution (RCE) on internet-facing systems, posing a severe risk to enterprise security. EclecticIQ analysts have confirmed active exploitation in the wild since the disclosure date, with…
-
Chinese cyber spies are using Ivanti EPMM flaws to breach EU, US organizations
CVE-2025-4427 and CVE-2025-4428 the two Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities that have been exploited in the wild as zero-days and patched by Ivanti … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/23/chinese-cyber-spies-are-using-ivanti-epmm-flaws-to-breach-eu-us-organizations/
-
Ivanti makes dedicated fans of Chinese spies who just can’t resist attacking its buggy kit
If it ain’t broke? First seen on theregister.com Jump to article: www.theregister.com/2025/05/23/ivanti_chinese_spies_attack/
-
Breach Roundup: US Indicts Qakbot Malware Leader
Also: Signal Blocks Recall, Europe Sanctions Stark Industries. This week, Qakbot leader indicted, Signal blocked Recall and a judge said Trump illegally removed watchdogs. Ivanti and Palo Alto hacks linked, Stark Industries sanctioned, Marks and Spencer’s hack costs 300M pounds. Pro-Ukraine hackers hit a Russian clinic and an outbreak of PureRAT in Russia. First seen…
-
Ivanti EPMM flaw exploited by Chinese hackers to breach govt agencies
Tags: breach, china, endpoint, exploit, flaw, government, hacker, ivanti, mobile, remote-code-executionChinese hackers have been exploiting a remote code execution flaw in Ivanti Endpoint Manager Mobile (EPMM) to breach high-profile organizations worldwide. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ivanti-epmm-flaw-exploited-by-chinese-hackers-to-breach-govt-agencies/