Ivanti has released patches for two EPMM vulnerabilities that have been chained in the wild for remote code execution.
The post Ivanti Patches Two EPMM Zero-Days Exploited to Hack Customers appeared first on SecurityWeek.
Verizon DBIR Flags Major Patch Delays on VPNs, Edge Appliances
The latest Verizon DBIR landed this week with a startling statistic about the security posture of VPNs and network edge devices.
The post Verizon DBIR Flags Major Patch Delays on VPNs, Edge Appliances appeared first on SecurityWeek.
Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle
The CVE-2025-22457 has already been exploited by a China-nexus hacking gang notorious for breaking into edge network devices.
The post Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle appeared first on SecurityWeek.
CISA Analyzes Malware Used in Ivanti Zero-Day Attacks
CISA has published its analysis of Resurge, a SpawnChimera malware variant used in attacks targeting a recent Ivanti Connect Secure zero-day.
The post CISA Analyzes Malware Used in Ivanti Zero-Day Attacks appeared first on SecurityWeek.
CISA Warns of Ivanti EPM Vulnerability Exploitation
CISA has added three critical-severity flaws in Ivanti EPM to its Known Exploited Vulnerabilities catalog.
The post CISA Warns of Ivanti EPM Vulnerability Exploitation appeared first on SecurityWeek.
PoC Exploit Published for Critical Ivanti EPM Vulnerabilities
Proof-of-concept (PoC) code and technical details on four critical-severity Ivanti EPM vulnerabilities are now available.
The post PoC Exploit Published for Critical Ivanti EPM Vulnerabilities appeared first on SecurityWeek.
Third Recent Ivanti Vulnerability Exploited in the Wild
CVE-2024-7593 is the third Ivanti product vulnerability patched in recent months that has been exploited in the wild.
The post Third Recent Ivanti Vulnerability Exploited in the Wild appeared first on SecurityWeek.
Ivanti Warns of Second CSA Vulnerability Exploited in Attacks
In addition to the Ivanti CSA flaw CVE-2024-8190, another vulnerability affecting the same product, tracked as CVE-2024-8963, has been exploited.
The post Ivanti Warns of Second CSA Vulnerability Exploited in Attacks appeared first on SecurityWeek.
Ivanti CSA Vulnerability Exploited in Attacks Days After DIsclosure
The Ivanti Cloud Service Appliance vulnerability CVE-2024-8190 has been exploited in the wild, with attacks starting just days after disclosure.
The post Ivanti CSA Vulnerability Exploited in Attacks Days After DIsclosure appeared first on SecurityWeek.
Ivanti Patches Critical Vulnerabilities in Endpoint Manager
Ivanti has released patches for multiple vulnerabilities in Endpoint Manager, Cloud Service Appliance, and Workspace Control.
The post Ivanti Patches Critical Vulnerabilities in Endpoint Manager appeared first on SecurityWeek.