Bleeping Computer

Ivanti patches Connect Secure zero-day exploited since mid-March

Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025.
CRN

CISA: Attackers Are Bypassing Ivanti VPN Bug Mitigations

As Ivanti Connect Secure customers await delayed patches, threat actors have ‘developed workarounds to current mitigations,’ the U.S. cybersecurity agency says. Malicious actors have “recently” ...
Bleeping Computer

Ivanti fixes three critical flaws in Connect Secure & Policy Secure

Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC) to address multiple vulnerabilities, including three critical ...
CRN

Five Latest Updates On The 2025 Ivanti VPN Attacks

A domain registry provider is the first company to acknowledge a compromise related to the cyberattacks, which have exploited a critical vulnerability in Ivanti Connect Secure. Ivanti has released a ...
SDxCentral

Ivanti updates Connect Secure, Policy Secure for CVE-2025-22457 vulnerabilities

For any instances of Ivanti Connect Secure that were not updated by Feb. 28, 2025, to the latest Ivanti patch (22.7R2.6) and all instances of Pulse Connect Secure (EoS), Policy Secure, and ZTNA ...
Ars Technica

Actively exploited 0-days in Ivanti VPN are letting hackers backdoor networks

Unknown threat actors are actively targeting two critical zero-day vulnerabilities that allow them to bypass two-factor authentication and execute malicious code inside networks that use a widely used ...
Infosecurity-magazine.com

New Ivanti Vulnerability Observed as Widespread Security Concerns Grow

Bad news continues to pile up for Utah-based IT software provider Ivanti as a new vulnerability has been discovered in its products. On February 8, Ivanti disclosed a new authentication bypass ...