Tag: ivanti
-
CISA exposes malware kits deployed in Ivanti EPMM attacks
Tags: attack, cisa, cybersecurity, endpoint, exploit, infrastructure, ivanti, malware, mobile, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis of the malware deployed in attacks exploiting vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM). First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-exposes-malware-kits-deployed-in-ivanti-epmm-attacks/
-
CISA Alerts of Hackers Targeting Ivanti Endpoint Manager Mobile Vulnerabilities to Distribute Malware
Cyber threat actors have weaponized two critical Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities”, CVE-2025-4427 and CVE-2025-4428″, to deploy sophisticated malicious loaders and listeners on compromised servers. The malware consists of two sets of components: Loader 1 (web-install.jar, ReflectUtil.class, SecurityHandlerWanListener.class) and Loader 2 (web-install.jar, WebAndroidAppInstaller.class), both designed to inject arbitrary code and maintain persistence on Apache…
-
CISA Warns of New Malware Campaign Exploiting Ivanti EPMM Vulnerabilities
Tags: attack, cisa, cybersecurity, endpoint, exploit, infrastructure, ivanti, malware, mobile, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) released a Malware Analysis Report (MAR), highlighting a new attack trend targeting Ivanti Endpoint Manager Mobile (EPMM) systems. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cisa-mar-cve-2025-4427-28/
-
CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of two sets of malware that were discovered in an unnamed organization’s network following the exploitation of security flaws in Ivanti Endpoint Manager Mobile (EPMM).”Each set contains loaders for malicious listeners that enable cyber threat actors to run arbitrary code on the compromised…
-
Multiple Vulnerabilities Discovered in Ivanti Connect Secure, Policy Secure, and ZTA Gateways
Ivanti on September 9 released a security advisory detailing six medium and five high severity vulnerabilities impacting Ivanti Connect Secure, Policy Secure, ZTA Gateways, and Neurons for Secure Access. No evidence of customer exploitation has surfaced so far. Patches and fixes are available immediately to address issues ranging from missing authorization checks and cross-site request forgery (CSRF) flaws to…
-
Ivanti Endpoint Manager Vulnerabilities Allow Remote Code Execution by Attackers
Tags: advisory, control, cve, cvss, cyber, endpoint, flaw, ivanti, remote-code-execution, vulnerabilityIvanti released Security Advisory for Endpoint Manager versions 2024 SU3 and 2022 SU8, detailing two high”severity flaws (CVE-2025-9712 and CVE-2025-9872). Both issues stem from insufficient filename validation and require only minimal user interaction, potentially granting full control over affected systems. Vulnerability Overview The two vulnerabilities share identical characteristics and impact: CVE Number Description CVSS Score…
-
Multiple Vulnerabilities Discovered in Ivanti Connect Secure, Policy Secure, and ZTA Gateways
Ivanti on September 9 released a security advisory detailing six medium and five high severity vulnerabilities impacting Ivanti Connect Secure, Policy Secure, ZTA Gateways, and Neurons for Secure Access. No evidence of customer exploitation has surfaced so far. Patches and fixes are available immediately to address issues ranging from missing authorization checks and cross-site request forgery (CSRF) flaws to…
-
Ivanti Endpoint Manager Vulnerabilities Allow Remote Code Execution by Attackers
Tags: advisory, control, cve, cvss, cyber, endpoint, flaw, ivanti, remote-code-execution, vulnerabilityIvanti released Security Advisory for Endpoint Manager versions 2024 SU3 and 2022 SU8, detailing two high”severity flaws (CVE-2025-9712 and CVE-2025-9872). Both issues stem from insufficient filename validation and require only minimal user interaction, potentially granting full control over affected systems. Vulnerability Overview The two vulnerabilities share identical characteristics and impact: CVE Number Description CVSS Score…
-
Chinese hacking group Salt Typhoon expansion prompts multinational advisory
Tags: advisory, attack, authentication, breach, china, cisco, communications, container, corporate, country, cyber, data, exploit, firmware, flaw, government, group, hacking, infrastructure, intelligence, Internet, ivanti, malware, military, monitoring, network, password, router, service, software, technology, threat, update, vulnerability, zero-dayIvanti, Palo Alto Networks, Cisco flaws exploited: Salt Typhoon has been active since at least 2021, targeting critical infrastructure in telecom, transportation, government, and military bodies around the globe. Notably, a “cluster of activity” has been observed in the UK, according to the country’s National Cyber Security Centre.The group has had “considerable success” with “n-days,”…
-
Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks
Tags: access, advisory, attack, authentication, china, cisa, cisco, credentials, cve, cyber, cybersecurity, data, espionage, exploit, firewall, fortinet, germany, government, identity, infrastructure, injection, ivanti, kev, malicious, microsoft, military, mitigation, mitre, network, remote-code-execution, risk, software, tactics, threat, update, vulnerability, zero-dayAn analysis of Tenable telemetry data shows that the vulnerabilities being exploited by Chinese state-sponsored actors remain unremediated on a considerable number of devices, posing major risk to the organizations that have yet to successfully address these flaws. Background Tenable’s Research Special Operations (RSO) team has compiled this blog to answer Frequently Asked Questions (FAQ)…
-
Salt Typhoon Exploits Cisco, Ivanti, Palo Alto Flaws to Breach 600 Organizations Worldwide
The China-linked advanced persistent threat (APT) actor known as Salt Typhoon has continued its attacks targeting networks across the world, including organizations in the telecommunications, government, transportation, lodging, and military infrastructure sectors.”While these actors focus on large backbone routers of major telecommunications providers, as well as provider edge (PE) and First seen on thehackernews.com Jump…
-
ASPM buyer’s guide: 7 products to help secure your applications
Tags: access, ai, api, application-security, attack, business, ceo, cloud, compliance, container, crowdstrike, data, detection, endpoint, exploit, gartner, google, guide, iam, identity, infrastructure, ivanti, marketplace, microsoft, monitoring, okta, open-source, oracle, programming, risk, software, supply-chain, threat, tool, vulnerability, vulnerability-managementProtect the software development lifecycle (SDLC) and supply chain pipelinesAutomate software testingIntegrate with various applications to mitigate and remove various risksFeatures offered by ASPMs vary widely. As a result, tools can prove difficult to evaluate in terms of exactly what is being protected, what data and metadata is being collected to inform security judgments, and…
-
Ivanti Connect Secure, Policy Secure, and ZTA Flaws Allow Attackers to Launch DoS Attacks
Ivanti has released critical security updates addressing multiple vulnerabilities in its Connect Secure, Policy Secure, and ZTA Gateway products that could allow remote attackers to launch denial-of-service attacks. The company disclosed four vulnerabilities on August 12, 2025, with CVSS scores ranging from medium to high severity, though no active exploitation has been detected at the…
-
Fixed Ivanti Bugs Still Haunt Japan Orgs 6 Months Later
Chinese threat actors have been feeding off the same Ivanti RCE vulnerabilities we’ve known about since last year, partly thanks to complications in patching. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/fixed-ivanti-bugs-japan-orgs-6-months-later
-
Ivanti Flaws Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks
Cybersecurity researchers have disclosed details of a new malware called MDifyLoader that has been observed in conjunction with cyber attacks exploiting security flaws in Ivanti Connect Secure (ICS) appliances.According to a report published by JPCERT/CC today, the threat actors behind the exploitation of CVE-2025-0282 and CVE-2025-22457 in intrusions observed between December 2024 and July First…
-
Ivanti Zero-Days Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks
Cybersecurity researchers have disclosed details of a new malware called MDifyLoader that has been observed in conjunction with cyber attacks exploiting security flaws in Ivanti Connect Secure (ICS) appliances.According to a report published by JPCERT/CC today, the threat actors behind the exploitation of CVE-2025-0282 and CVE-2025-22457 in intrusions observed between December 2024 and July First…
-
Threat Actors Exploit Ivanti Connect Secure Flaws to Deploy Cobalt Strike Beacon
Threat actors have been actively exploiting vulnerabilities in Ivanti Connect Secure, specifically CVE-2025-0282 and CVE-2025-22457, to deploy advanced malware including MDifyLoader and Cobalt Strike Beacon. These attacks, observed from December 2024 through July 2025, build on prior incidents involving SPAWNCHIMERA and DslogdRAT, demonstrating persistent targeting of VPN appliances. Attackers leverage these flaws for initial access,…
-
Hackers Exploit Ivanti and Fortinet VPN Vulnerabilities in Attacks on Japanese Companies
Cyber espionage campaigns against Japanese companies have increased in fiscal year 2024, which runs from April 2024 to March 2025, according to a thorough analysis published by Macnica’s Security Research Center. The main objective of these campaigns is to exfiltrate sensitive data, including manufacturing blueprints, policy-related documents, and personal information. Since initiating monitoring in 2014,…
-
âš¡ Weekly Recap: Chrome 0-Day, Ivanti Exploits, MacOS Stealers, Crypto Heists and More
Everything feels secure”, until one small thing slips through. Even strong systems can break if a simple check is missed or a trusted tool is misused. Most threats don’t start with alarms”, they sneak in through the little things we overlook. A tiny bug, a reused password, a quiet connection”, that’s all it takes.Staying safe…
-
China-linked group Houken hit French organizations using zero-days
China-linked group Houken hit French govt, telecom, media, finance and transport sectors using Ivanti CSA zero-days, says France’s ANSSI. France’s cyber agency ANSSI revealed that a Chinese hacking group used Ivanti CSA zero-days to target government, telecom, media, finance, and transport sectors. The campaign, active since September 2024, is linked to the Houken intrusion set,…
-
China-linked attacker hit France’s critical infrastructure via trio of Ivanti zero-days last year
French authorities said government agencies and businesses spanning telecom, media, finance and transportation were impacted by the widely exploited Ivanti vulnerabilities. First seen on cyberscoop.com Jump to article: cyberscoop.com/france-government-ivanti-zero-days-china/
-
Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms
The French cybersecurity agency on Tuesday revealed that a number of entities spanning governmental, telecommunications, media, finance, and transport sectors in the country were impacted by a malicious campaign undertaken by a Chinese hacking group by weaponizing several zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices.The campaign, detected at the beginning of First seen…
-
China Linked Houken Hackers Breach French Systems with Ivanti Zero Days
ANSSI report details the Chinese UNC5174 linked Houken cyberattack using Ivanti zero-days (CVE-2024-8190, 8963, 9380) against the French government, defence and finance sector. First seen on hackread.com Jump to article: hackread.com/china-houken-hackers-breach-french-ivanti-zero-days/
-
Chinese Hackers Exploited Ivanti Flaw in France
Hackers Targeted French Government Entities, ANSSI Said. A hacking campaign linked to Chinese threat actors chained zero-days in Ivanti server software to target French government, defense and media entities, the national cyber agency said. The hacker has similarities to a Chinese threat actor tracked as UNC5174. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/chinese-hackers-exploited-ivanti-flaw-in-france-a-28888
-
Initial Access Broker Self-Patches Zero Days as Turf Control
A likely China-nexus threat actor has been exploiting unpatched Ivanti vulnerabilities to gain initial access to victim networks and then patching the systems to block others from breaking in to the same network. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/initial-access-broker-self-patches-zero-days
-
French cybersecurity agency confirms government affected by Ivanti hacks
ANSSI, France’s cyber agency, says a hacking campaign targeted “organizations from governmental, telecommunications, media, finance, and transport sectors,” using vulnerabilities in an Ivanti appliance. First seen on therecord.media Jump to article: therecord.media/france-anssi-report-ivanti-bugs-exploited
-
Chinese Hackers Target France in Ivanti Zero-Day Exploit Campaign
The French cybersecurity agency identified Houken, a new Chinese intrusion campaign targeting various industries in France First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-hackers-france-ivanti/