Despite a global scramble to patch the critical Log4j zero-day vulnerability discovered over two years ago, it remains a persistent threat. Complex software dependencies hinder comprehensive patching, allowing nation-state actors and cybercriminal groups to exploit unpatched systems. In a recent campaign, attackers deployed cryptocurrency miners and installed malicious backdoor scripts to control compromised systems. This highlights the challenge of eradicating longstanding unpatched vulnerabilities.
Chinese Hackers Actively Exploiting Ivanti VPN Vulnerability to Deploy Malware
Security researchers have found a critical vulnerability (CVE-2025-22457) in Ivanti Connect Secure VPN appliances, exploited by suspected Chinese group UNC5221 since mid-March 2025. This buffer
