Highly-resourced hackers are actively exploiting a vulnerability (CVE-2025-0283) in Ivanti VPNs, enabling them to gain control over networked devices. The flaw allows the hackers to execute malicious code without authentication. Ivanti has released a security patch addressing the issue. The attackers are using sophisticated malware called PHASEJAM and DRYHOOK, which even simulate a convincing upgrade process. A third malware, SPAWNANT, disables Ivanti’s integrity checker tool for unauthorized file additions.

North Korean Hackers Use Fake U.S. Companies to Spread Malware in Crypto Industry: Report
North Korean hackers reportedly set up shell companies in the US to penetrate the crypto sector and target developers via fake job offers, according to