Highly-resourced hackers are actively exploiting a vulnerability (CVE-2025-0283) in Ivanti VPNs, enabling them to gain control over networked devices. The flaw allows the hackers to execute malicious code without authentication. Ivanti has released a security patch addressing the issue. The attackers are using sophisticated malware called PHASEJAM and DRYHOOK, which even simulate a convincing upgrade process. A third malware, SPAWNANT, disables Ivanti’s integrity checker tool for unauthorized file additions.

Warning issued over ‘fast flux’ techniques used to obscure malicious signals on compromised networks
Law enforcement agencies have warned that organizations face a common network vulnerability that allows hackers to dodge detection and distribute malicious software indiscriminately. Referred to