Mandiant researchers have found that zero-day attacks on the Ivanti Connect Secure (ICS) vulnerability were first spotted in mid-December 2024. The attacks seem to originate from China-linked espionage actors UNC5337 and UNC5221. The attackers used malware and exploited the ICS system to gain access to organizational networks. To mitigate the problem, Ivanti recommends customers use monitoring tools in conjunction with their Integrity Checker Tool, while affected appliances should be factory reset before installing a fixed version.
Ivanti VPN users are getting hacked by actors exploiting a critical vulnerability
Highly-resourced hackers are actively exploiting a vulnerability (CVE-2025-0283) in Ivanti VPNs, enabling them to gain control over networked devices. The flaw allows the hackers to
