Cybersecurity firm Mandiant has discovered a zero-day vulnerability in Ivanti Connect Secure VPN appliances being exploited by a potential China-linked cyber-espionage group. With no clear attribution to a specific threat actor, the security flaw has been actively used since December 2024. The vulnerability enables attackers to execute remote code, move within networks and install persistent backdoors. Mandiant suggests that multiple threat actors might be involved and recommends affected users to execute a factory reset to mitigate risks.
Fake CAPTCHA Scams: Ruining Consumer Trust and Driving Website Abandonment
The rise of fake CAPTCHA scams raises security concerns, as cybercriminals trick users into interacting with fake verification pages to spread malware, stealing sensitive data.
