-
Ivanti warns of critical Endpoint Manager code execution flaw
American IT software company Ivanti warned customers today to patch a newly disclosed vulnerability in its Endpoint Manager (EPM) solution that could allow attackers to execute code remotely.
- December 09, 2025
- 12:10 PM
0
-
CISA exposes malware kits deployed in Ivanti EPMM attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis of the malware deployed in attacks exploiting vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM).
- September 19, 2025
- 11:46 AM
0
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
Ivanti Workspace Control hardcoded key flaws expose SQL credentials
Ivanti has released security updates to fix three high-severity hardcoded key vulnerabilities in the company's Workspace Control (IWC) solution.
- June 10, 2025
- 11:22 AM
- 0
-
Ivanti EPMM flaw exploited by Chinese hackers to breach govt agencies
Chinese hackers have been exploiting a remote code execution flaw in Ivanti Endpoint Manager Mobile (EPMM) to breach high-profile organizations worldwide.
- May 22, 2025
- 10:23 AM
- 1
-
Ivanti fixes EPMM zero-days chained in code execution attacks
Ivanti warned customers today to patch their Ivanti Endpoint Manager Mobile (EPMM) software against two security vulnerabilities chained in attacks to gain remote code execution.
- May 13, 2025
- 02:26 PM
- 0
-
Ivanti warns of critical Neurons for ITSM auth bypass flaw
Ivanti has released security updates for its Neurons for ITSM IT service management solution that mitigate a critical authentication bypass vulnerability.
- May 13, 2025
- 11:54 AM
- 0
-
Ivanti patches Connect Secure zero-day exploited since mid-March
Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025.
- April 03, 2025
- 01:43 PM
- 0
-
CISA tags critical Ivanti EPM flaws as actively exploited in attacks
CISA warned U.S. federal agencies to secure their networks against attacks exploiting three critical vulnerabilities affecting Ivanti Endpoint Manager (EPM) appliances.
- March 11, 2025
- 09:01 AM
- 0
-
Ivanti fixes three critical flaws in Connect Secure & Policy Secure
Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC) to address multiple vulnerabilities, including three critical severity problems.
- February 12, 2025
- 12:26 PM
- 0
-
CISA: Hackers still exploiting older Ivanti bugs to breach networks
CISA and the FBI warned today that attackers are still exploiting Ivanti Cloud Service Appliances (CSA) security flaws patched since September to breach vulnerable networks.
- January 23, 2025
- 11:51 AM
- 0
-
UK domain registry Nominet confirms breach via Ivanti zero-day
Nominet, the official .UK domain registry and one of the largest country code registries, has confirmed that its network was breached two weeks ago using an Ivanti VPN zero-day vulnerability.
- January 13, 2025
- 11:50 AM
- 0
-
Ivanti zero-day attacks infected devices with custom malware
Hackers exploiting the critical Ivanti Connect Secure zero-day vulnerability disclosed yesterday installed on compromised VPN appliances new malware called 'Dryhook' and 'Phasejam' that is not currently associated with any threat group.
- January 09, 2025
- 11:11 AM
- 0
-
Ivanti warns of new Connect Secure flaw used in zero-day attacks
Ivanti is warning that a new Connect Secure remote code execution vulnerability tracked as CVE-2025-0282 was exploited in zero-day attacks to install malware on appliances.
- January 08, 2025
- 03:43 PM
- 1
-
Ivanti warns of maximum severity CSA auth bypass vulnerability
Ivanti warned customers on Tuesday about a new maximum-severity authentication bypass vulnerability in its Cloud Services Appliance (CSA) solution.
- December 10, 2024
- 02:40 PM
- 1
-
Ivanti warns of three more CSA zero-days exploited in attacks
American IT software company Ivanti has released security updates to fix three new Cloud Services Appliance (CSA) zero-days tagged as actively exploited in attacks.
- October 08, 2024
- 12:05 PM
- 1
-
Critical Ivanti RCE flaw with public exploit now used in attacks
CISA warned today that a critical Ivanti vulnerability that can let threat actors gain remote code execution on vulnerable Endpoint Manager (EPM) appliances is now actively exploited in attacks.
- October 02, 2024
- 02:55 PM
- 0
-
Critical Ivanti vTM auth bypass bug now exploited in attacks
CISA has tagged another critical Ivanti security vulnerability, which can let threat actors create rogue admin users on vulnerable Virtual Traffic Manager (vTM) appliances, as actively exploited in attacks.
- September 24, 2024
- 01:03 PM
- 0
-
Ivanti warns of another critical CSA flaw exploited in attacks
Today, Ivanti warned that threat actors are exploiting another Cloud Services Appliance (CSA) security flaw in attacks targeting a limited number of customers.
- September 19, 2024
- 02:39 PM
- 0
-
Exploit code released for critical Ivanti RCE flaw, patch now
A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly released, making it crucial to update devices.
- September 16, 2024
- 03:08 PM
- 0
-
Ivanti warns high severity CSA flaw is now exploited in attacks
Ivanti confirmed on Friday that a high severity vulnerability in its Cloud Services Appliance (CSA) solution is now actively exploited in attacks.
- September 13, 2024
- 01:39 PM
- 0
