• The Hacker News

Jul 18, 2025Ravie LakshmananMalware / Vulnerability Cybersecurity researchers have disclosed details of a new malware called MDifyLoader that has been observed in conjunction with cyber attacks expl ... Read more

• CybersecurityNews

A sophisticated malware campaign targeting Ivanti Connect Secure VPN devices has been actively exploiting critical vulnerabilities CVE-2025-0282 and CVE-2025-22457 since December 2024. The ongoing att ... Read more

• The Cyber Express

Japan’s cyber defenders have raised the red flag, once again, for a set of Ivanti Connect Secure vulnerabilities that continue to be exploited to present day, although a patch has been available for t ... Read more

• Daily CyberSecurity

Kaspersky’s latest “Exploits and vulnerabilities in Q1 2025” shows that attackers are doubling down on aging exploits, platform-specific weaknesses, and mismanaged updates. With over 9,700 vulnerabili ... Read more

• Help Net Security

In 2024, threat actors exploited 75 zero-days – i.e., vulnerabilities previously unknown to vendors, thus without a readily available patch – in a wide variety of attacks. Of these, 33 vulnerabilities ... Read more

• Cyber Security News

In today’s hyper-connected world, cyber threats are evolving at breakneck speed, making it more crucial than ever to stay informed and vigilant. Each week, our newsletter delivers a curated roundup of ... Read more

• Daily CyberSecurity

ConnectWise has issued an important security bulletin addressing a critical code injection vulnerability in ScreenConnect versions 25.2.3 and earlier. Tracked as CVE-2025-3935 (CVSS 81), the flaw invo ... Read more

• Daily CyberSecurity

A newly published report by Yuma Masubuchi from the JPCERT Coordination Center (JPCERT/CC) has uncovered the deployment of a stealthy remote access trojan dubbed DslogdRAT, which was installed on comp ... Read more

• The Register

Ivanti VPN users should stay alert as IP scanning for the vendor's Connect Secure and Pulse Secure systems surged by 800 percent last week, according to threat intel biz GreyNoise. The team at the int ... Read more

• The Hacker News

Vulnerability / Network Security Cybersecurity researchers are warning about a new malware called DslogdRAT that's installed following the exploitation of a now-patched security flaw in Ivanti Connect ... Read more

• Cyber Security News

Recent attacks against Japanese organizations have revealed sophisticated hackers exploiting a zero-day vulnerability in Ivanti Connect Secure VPN appliances. The attacks, occurring around December 20 ... Read more

• The Cyber Express

A new wave of attacks targeting Ivanti Connect Secure VPN devices has revealed a stealthy malware strain known as DslogdRAT, deployed alongside a simple but effective Perl web shell. Security research ... Read more

• Daily CyberSecurity

A recent report from Unit 42, the threat intelligence division of Palo Alto Networks, reveals a sophisticated and evasive phishing campaign discovered in December 2024. This campaign, notable for its ... Read more

• The Hacker News

The China-linked threat actor known as UNC5174 has been attributed to a new campaign that leverages a variant of a known malware dubbed SNOWLIGHT and a new open-source tool called VShell to infect Lin ... Read more

• Daily CyberSecurity

A recent report by TeamT5 has uncovered a widespread cyber espionage campaign targeting Ivanti Connect Secure VPN appliances. The report details how a China-nexus Advanced Persistent Threat (APT) grou ... Read more

• Cyber Security News

A China-linked advanced persistent threat (APT) group has exploited critical vulnerabilities in Ivanti Connect Secure VPN appliances to infiltrate organizations across 12 countries and 20 industries, ... Read more

• Daily CyberSecurity

In a recent cybersecurity analysis, ClearSky’s team uncovered a persistent influence campaign originating from Yemen/Houthi, targeting Israel and Gulf states. The campaign, initially exposed in 2019, ... Read more

• Daily CyberSecurity

I. Executive SummaryThe reliance on Virtual Private Networks (VPNs) has grown significantly as organizations embrace remote work and individuals seek enhanced online privacy and security. However, thi ... Read more

• The Cyber Express

On April 3, 2025, Ivanti disclosed an unauthenticated buffer overflow vulnerability tracked as CVE-2025-22457, affecting multiple Ivanti products. Australian organizations using Ivanti solutions such ... Read more

• Daily CyberSecurity

In the past week, several significant cybersecurity incidents have made headlines – including high-impact data breaches, and newly discovered or exploited vulnerabilities. Below is a structured summar ... Read more

• Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Attackers are probing Palo Alto Networks GlobalProtect portals Cybersecurity company GreyNoise is warn ... Read more

• TheCyberThrone

UNC5221 is an advanced and highly sophisticated espionage group believed to have ties to China. This group has demonstrated significant expertise in targeting edge devices and exploiting critical vuln ... Read more

• Dark Reading

Source: David Carillet via ShutterstockA likely China-nexus cyber-espionage group is actively exploiting a vulnerability in certain versions of Ivanti's Connect Secure, Policy Secure, and ZTA gateway ... Read more

• The Register

Suspected Chinese government spies have been exploiting a newly disclosed critical bug in Ivanti VPN appliances since mid-March. This is now at least the third time in three years these snoops have be ... Read more

• Help Net Security

A suspected Chinese APT group has exploited CVE-2025-22457 – a buffer overflow bug that was previously thought not to be exploitable – to compromise appliances running Ivanti Connect Secure (ICS) 22.7 ... Read more

• BleepingComputer

Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025. ... Read more

• Daily CyberSecurity

Ivanti has recently disclosed a critical security vulnerability, identified as CVE-2025-22457, affecting several of its widely-used products. The vulnerability impacts Ivanti Connect Secure (ICS) VPN ... Read more

• The Register

Owners of Ivanti’s Connect Secure, Policy Secure, and ZTA Gateway products have a new strain of malware to fend off, according to the US Cybersecurity and Infrastructure Security Agency, aka CISA. If ... Read more

• The Cyber Express

The U.S. Cybersecurity and Information Security Agency (CISA) has issued an advisory detailing a new malware variant detected in attacks on an Ivanti vulnerability. The CISA advisory says the agency r ... Read more

• Dark Reading

Source: Kristoffer Tripplaar via Alamy Stock PhotoNEWS BRIEFThe Cybersecurity and Infrastructure Security Agency (CISA) has warned that threat actors are exploiting a previously discovered Ivanti vuln ... Read more

• Help Net Security

CISA has released indicators of compromise, detection signatures, and updated mitigation advice for rooting out a newly identified malware variant used by the attackers who breached Ivanti Connect Sec ... Read more

• The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shed light on a new malware called RESURGE that has been deployed as part of exploitation activity targeting a now-patched security ... Read more

• Cyber Security News

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a Malware Analysis Report (MAR-25993211-r1.v1) detailing the exploitation of a critical vulnerability in Ivanti Connect Secure de ... Read more

• Cybersecurity News

The Cybersecurity and Infrastructure Security Agency (CISA) has released a Malware Analysis Report (MAR) detailing a newly identified malware variant named RESURGE. This new malware exhibits capabilit ... Read more

• Dark Reading

Source: Chebakalex7 via ShutterstockThe China-backed cyber-espionage group known as "Silk Typhoon" has begun targeting organizations in the IT supply chain to gain access to their downstream customers ... Read more

• BleepingComputer

Microsoft warns that Chinese cyber-espionage threat group 'Silk Typhoon' has shifted its tactics, now targeting remote management tools and cloud services in supply chain attacks that give them access ... Read more

• The Register

Silk Typhoon, the Chinese government crew believed to be behind the December US Treasury intrusions, has been abusing stolen API keys and cloud credentials in ongoing attacks targeting IT companies an ... Read more

• Cyber Security News

Microsoft Threat Intelligence has identified a significant shift in tactics by Silk Typhoon, a Chinese state-sponsored espionage group that has begun targeting common IT solutions including remote man ... Read more

• The Hacker News

Network Security / Data Breach The China-lined threat actor behind the zero-day exploitation of security flaws in Microsoft Exchange servers in January 2021 has shifted its tactics to target the infor ... Read more

• Cyber Security News

Ivanti disclosed a critical buffer overflow vulnerability (CVE-2025-0282) affecting its Connect Secure VPN appliances. This vulnerability, caused by improper handling of the strncpy function in the we ... Read more

• europa.eu

Cyber Brief (January 2025)February 3, 2025 - Version: 1TLP:CLEARExecutive summaryWe analysed 262 open source reports for this Cyber Brief1.Policy, cooperation, and law enforcement. Lithuania inaugurat ... Read more

• Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Attackers are encrypting AWS S3 data without using ransomware A ransomware gang dubbed Codefinger is e ... Read more

• Cybersecurity News

Palo Alto Networks has issued a detailed threat briefing on two critical vulnerabilities in Ivanti products—CVE-2025-0282 and CVE-2025-0283. The vulnerabilities affect Ivanti’s Connect Secure, Policy ... Read more

• The Hacker News

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has imposed sanctions against a Chinese cybersecurity company and a Shanghai-based cyber actor for their alleged links to the Sal ... Read more

• Cybersecurity News

watchTowr Labs published a detailed analysis of the vulnerability and a proof-of-concept (PoC) exploit for CVE-2025-0282, a critical zero-day vulnerability in Ivanti Connect Secure with active exploit ... Read more

• The Hacker News

Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in attacks. O ... Read more

• Help Net Security

Microsoft has marked January 2025 Patch Tuesday with a hefty load of patches: 157 CVE-numbered security issues have been fixed in various products, three of which (in Hyper-V) are being actively explo ... Read more

• Help Net Security

Fortinet has patched an authentication bypass vulnerability (CVE-2024-55591) affecting its FortiOS firewalls and FortiProxy web gateways that has been exploited as a zero-day by attackers to compromis ... Read more

• The Hacker News

Endpoint Security / Vulnerability Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as "root" to byp ... Read more

• Help Net Security

From zero-day exploits to weaknesses in widely used software and hardware, the vulnerabilities uncovered last year underscore threat actors’ tactics and the critical gaps in organizational defenses. T ... Read more

• The Hacker News

Vulnerability / Cybersecurity The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a second security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Su ... Read more

• Help Net Security

The number of internet-facing Ivanti Connect Secure instances vulnerable to attack via CVE-2025-0282 has fallen from 2,048 to 800 in the last four days, the Shadowserver Foundation shared today. In th ... Read more

• BleepingComputer

Nominet, the official .UK domain registry and one of the largest country code registries, has confirmed that its network was breached two weeks ago using an Ivanti VPN zero-day vulnerability. The comp ... Read more

• The Hacker News

Vulnerability / Cloud Security A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy backdoor ... Read more

• security.nl

De Britse registry Nominet is aangevallen via een kwetsbaarheid in de vpn-software van Ivanti, zo heeft de organisatie die de .uk-domeinnamen beheert zelf bekendgemaakt. In een e-mail aan klanten laat ... Read more

• The Register

UK domain registry Nominet is investigating a potential intrusion into its network related to the latest Ivanti zero-day exploits. Nominet told customers via an email sent on January 8, which was seen ... Read more

• The Cyber Express

Ivanti has released patches to address two significant vulnerabilities in its Ivanti Connect Secure, Policy Secure, and ZTA Gateways products. These Ivanti vulnerabilities, identified as CVE-2025-0282 ... Read more

• Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) Ivanti has fixed two vulnerabili ... Read more

• Cybersecurity News

On January 8, 2025, Ivanti disclosed an actively exploited zero-day vulnerability, tracked as CVE-2025-0282, affecting its Connect Secure appliances. This critical stack-based buffer overflow vulnerab ... Read more

• Dark Reading

Source: Lobro via Alamy Stock PhotoA Chinese threat actor is once again exploiting Ivanti remote access devices at large.If you had a nickel for every high-profile vulnerability affecting Ivanti appli ... Read more

• Dark Reading

Source: Lobro via Alamy Stock PhotoA Chinese threat actor is once again exploiting Ivanti remote access devices at large.If you had a nickel for every high-profile vulnerability affecting Ivanti appli ... Read more

• security.nl

Nederland telt bijna zestig Ivanti vpn-servers die een beveiligingslek bevatten waarvan al weken actief misbruik wordt gemaakt, zo stelt The Shadowserver Foundation op basis van een internetscan. Were ... Read more

• Help Net Security

Welcome to 2025 and a new year of patch excitement! In my December article, I talked about Microsoft’s Secure Future Initiative (SFI) and how it manifested in many of the Microsoft products released i ... Read more

• Ars Technica

Networks protected by Ivanti VPNs are under active attack by well-resourced hackers who are exploiting a critical vulnerability that gives them complete control over the network-connected devices. Har ... Read more

• BleepingComputer

Hackers exploiting the critical Ivanti Connect Secure zero-day vulnerability disclosed yesterday installed on compromised VPN appliances new malware called ‘Dryhook’ and ‘Phasejam’ that is not current ... Read more

• The Register

The cybersecurity industry is urging those in charge of defending their orgs to take mitigation efforts "seriously" as Ivanti battles two dangerous new vulnerabilities, one of which was already being ... Read more

• Help Net Security

The zero-day attacks leveraging the Ivanti Connect Secure (ICS) vulnerability (CVE-2025-0282) made public on Wednesday were first spotted in mid-December 2024, Mandiant researchers have shared. It’s s ... Read more

• security.nl

Een kwetsbaarheid in Ivanti Connect Secure die het mogelijk maakt om vpn-servers op afstand over te nemen en waarvoor gisterenavond een beveiligingsupdate verscheen is sinds halverwege december misbru ... Read more

• security.nl

Softwarebedrijf Ivanti waarschuwt organisaties, net als een jaar geleden, voor een actief aangevallen kwetsbaarheid in Connect Secure VPN en roept op de nu beschikbaar gestelde update te installeren. ... Read more

• The Hacker News

Ivanti is warning that a critical security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA Gateways has come under active exploitation in the wild beginning mid-December 2024. The securit ... Read more

• Cybersecurity News

Ivanti Connect Secure (ICS) VPN appliances have become the focus of advanced threat actors, exploiting a newly disclosed zero-day vulnerability. According to a recent report by Mandiant, the exploitat ... Read more

• TheCyberThrone

OverviewCVE-2025-0282 is a critical stack-based buffer overflow vulnerability. It impacts Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for Zero Trust Access (ZTA) gateways. This vul ... Read more

• Google Cloud

Written by: John Wolfram, Josh Murchie, Matt Lin, Daniel Ainsworth, Robert Wallace, Dimiter Andonov, Dhanesh Kizhakkinan, Jacob Thompson Note: This is a developing campaign under active analysis by Ma ... Read more