Bleeping Computer

Ivanti fixes maximum severity RCE bug in Endpoint Management software

Ivanti has fixed a maximum severity vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers gain remote code execution on the core server. Ivanti EPM helps ...
TechCrunch

CISA issues warning about another Ivanti flaw under active attack

Hackers are exploiting yet another vulnerability in one of Ivanti’s widely used enterprise products, the U.S. government’s cybersecurity agency CISA warned in a fresh alert this week. The remote code ...
Ars Technica

As if 2 Ivanti vulnerabilities under exploit weren’t bad enough, now there are 3

Mass exploitation began over the weekend for yet another critical vulnerability in widely used VPN software sold by Ivanti, as hackers already targeting two previous vulnerabilities diversified, ...
Bleeping Computer

Ivanti warns critical EPM bug lets hackers hijack enrolled devices

Ivanti fixed a critical remote code execution (RCE) vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers hijack enrolled devices or the core server. Ivanti ...
Dark Reading

CISA Adds High-Severity Ivanti Vulnerability to KEV Catalog

One of the latest vulnerabilities that the Cybersecurity and Infrastructure Security Agency has added to the Known Exploited Vulnerabilities Catalog is CVE-2024-29824, found in the Ivanti Endpoint ...
Infosecurity Magazine

LATAM Infrastructure Hit by Fortinet and Ivanti Exploits

Entry came mainly through internet-facing security appliances. The group kept tuned exploits for Fortinet FortiOS SSL-VPN ...
CSOonline

Ivanti EPM vulnerabilities actively exploited in the wild, CISA warns

Three of the four critical path traversal flaws fixed in January in Ivanti Endpoint Manager are being exploited in cyberattacks after proof-of-concept exploit code was released last month. The US ...
TechCrunch

US, Norway say hackers have been exploiting Ivanti zero-day since April

Hackers exploited a zero-day flaw in Ivanti’s mobile endpoint management software undetected for at least three months, U.S. and Norwegian cybersecurity agencies have warned. It was confirmed last ...
Dark Reading

Sunken Ships: Will Orgs Learn From Ivanti EPMM Attacks?

The Ivanti Endpoint Manager Mobile (EPMM) zero-day attacks, which began last spring and lasted well into the summer as attackers took advantage of patching lag, were one of the top cyber-stories of ...
Yahoo Finance

Ivanti Debuts New Ivanti Connect Secure Version 25.X with Modern OS and SELinux Advances that Set New Standard for VPN Security

The rearchitecture of Ivanti Connect Secure will help customers elevate security posture, enhance control and performance, and modernize network security infrastructure. SALT LAKE CITY, Sept. 30, 2025 ...
TechRadar

US government flags major Ivanti security flaw, so patch now

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a known Ivanti bug to its Known Exploited Vulnerabilities (KEV) catalog, signalling that it’s being actively abused in the wild ...
GCN

CISA outlines malware tied to Ivanti flaws and publishes detection guidance

The Cybersecurity and Infrastructure Security Agency published detailed recommendations on two malware versions that targeted the Ivanti Endpoint Manager Mobile. The detailed report can offer ...