Bleeping Computer

Exploit code released for critical Ivanti RCE flaw, patch now

A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly released, making it crucial to update devices. The ...
Ars Technica

Actively exploited 0-days in Ivanti VPN are letting hackers backdoor networks

Unknown threat actors are actively targeting two critical zero-day vulnerabilities that allow them to bypass two-factor authentication and execute malicious code inside networks that use a widely used ...
CRN

Ivanti VPN Attacks Started In Mid-December, May Have Links To China: Mandiant

Researchers at the Google Cloud-owned cybersecurity specialist say they know of ‘multiple organizations’ impacted by the exploitation of a critical Ivanti Connect Secure vulnerability. Attacks ...
Dark Reading

Third Ivanti Bug Comes Under Active Exploit, CISA Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has added a third Ivanti vulnerability to the agency's Known Exploited Vulnerabilities (KEV) Catalog in as many weeks. CVE-2024-7593 is a ...
CSOonline

Ivanti warns customers of new critical flaw exploited in the wild

Chinese APT group UNC5221 appears to have studied a recent Ivanti Connect Secure patch to develop a remote code execution exploit on previous versions, and on end-of-support Pulse Connect Secure ...
Dark Reading

Ivanti EPMM Exploitation Tied to Previous Zero-Day Attacks

A threat actor that exploited two Ivanti zero-day vulnerabilities earlier this month was behind previous zero-day attacks on other edge devices. The Cybersecurity and Infrastructure Security Agency ...
CSOonline

Ivanti zero-day exploited by APT group that previously targeted Connect Secure appliances

Researchers from Google’s Mandiant division believe the critical remote code execution vulnerability patched on Wednesday by software vendor Ivanti has been exploited since mid-December by a Chinese ...