Security researchers have found a critical vulnerability (CVE-2025-22457) in Ivanti Connect Secure VPN appliances, exploited by suspected Chinese group UNC5221 since mid-March 2025. This buffer overflow flaw allows remote code execution and leads to the deployment of advanced malware, including TRAILBLAZE and BRUSHFIRE. Organizations are advised to upgrade to version 22.7R2.6 to mitigate risks.
OpenSSH 10.0 Released With Protocol Changes & Security Upgrades
OpenSSH 10.0, released on April 9, 2025, introduces crucial security enhancements, including the hybrid post-quantum algorithm mlkem768x25519-sha256 as the default for key agreement. It fully
