Google’s Mandiant team has issued an alert about a remote code execution flaw in the Ivanti Connect Secure VPN platform. The vulnerability, designated CVE-2025-22457, is being exploited by Chinese threat group UNC5221, allowing it to take full control over target appliances. Although a patch exists, the flaw, which was initially believed to be less serious, has been active since mid-March. Administrators are urged to update their firmware to prevent attacks.
The NHS needs to tighten its third-party supplier cybersecurity
The NHS should proactively fortify cybersecurity within its third-party software suppliers following recent damaging ransomware attacks, says Jonathan Lee from Trend Micro. He suggests implementing
