Nextgov

Agencies must disconnect all exposed Ivanti products by Friday, CISA says

The Cybersecurity and Infrastructure Security Agency directed all federal agencies to disconnect themselves from a suite of Ivanti products by Friday, citing the discovery of two additional security ...
TechCrunch

CISA issues warning about another Ivanti flaw under active attack

Hackers are exploiting yet another vulnerability in one of Ivanti’s widely used enterprise products, the U.S. government’s cybersecurity agency CISA warned in a fresh alert this week. The remote code ...
CRN

CISA: Attackers Are Bypassing Ivanti VPN Bug Mitigations

As Ivanti Connect Secure customers await delayed patches, threat actors have ‘developed workarounds to current mitigations,’ the U.S. cybersecurity agency says. Malicious actors have “recently” ...
TechCrunch

Ivanti patches two zero-days under attack, but finds another

Ivanti warned on Wednesday that hackers are exploiting another previously undisclosed zero-day vulnerability affecting its widely used corporate VPN appliance. Since early December, Chinese ...
Computer Weekly

Ivanti vulnerabilities explained: Everything you need to know

At the end of 2023 and into 2024, a series of vulnerabilities in Ivanti Policy Secure network access control (NAC), Ivanti Connect Secure secure socket layer virtual private network (SSL VPN), and ...
Infosecurity-magazine.com

Two Ivanti Zero-Days Actively Exploited in the Wild

Ivanti customers have been urged to follow the security vendor’s suggested workaround after it confirmed that two zero-day vulnerabilities in its Connect Secure and Policy Secure gateways are being ...
Ars Technica

As if 2 Ivanti vulnerabilities under exploit weren’t bad enough, now there are 3

Mass exploitation began over the weekend for yet another critical vulnerability in widely used VPN software sold by Ivanti, as hackers already targeting two previous vulnerabilities diversified, ...