Infosecurity-magazine.com

Critical Ivanti Zero-Day Exploited in the Wild

The UK’s National Cyber Security Centre (NCSC) and its US equivalent have urged Ivanti customers to take immediate action to mitigate two new vulnerabilities, one of which is being actively exploited.
Bleeping Computer

Ivanti patches Connect Secure zero-day exploited since mid-March

Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025.
Bleeping Computer

Ivanti warns of two EPMM flaws exploited in zero-day attacks

Ivanti has disclosed two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, that were exploited in zero-day attacks. The flaws are ...
CRN

Ivanti VPN Attacks Started In Mid-December, May Have Links To China: Mandiant

Researchers at the Google Cloud-owned cybersecurity specialist say they know of ‘multiple organizations’ impacted by the exploitation of a critical Ivanti Connect Secure vulnerability. Attacks ...
Dark Reading

Ivanti Gets Poor Marks for Cyber Incident Response

Editor's note: CISA clarified its guidance regarding Ivanti VPN appliances to explain they may be reconnected to government networks following the completion of necessary mitigations. This story has ...