news 
Hackers are Exploiting a New Ivanti VPN Security Bug to Hack into Company Networks
Ivanti has issued a warning about a critical-rated zero-day vulnerability in its enterprise VPN appliance, which hackers have already begun exploiting to compromise the networks of its corporate customers. The vulnerability, tracked as CVE-2025-0282, allows attackers to remotely plant malicious code on Ivanti’s Connect Secure, Policy Secure, and ZTA Gateways products without any authentication.
Ivanti has released a patch for the Connect Secure product, but is only set to release patches for Policy Secure and ZTA Gateways on January 21. The company claims it discovered the vulnerability after its Ivanti Integrity Checker Tool flagged malicious activity on some customer appliances.
The exploitation of this vulnerability has reportedly been observed as early as mid-December 2024, with security experts warning that the attacks have “all the hallmarks of an advanced persistent threat” and urging companies to take immediate action to protect themselves from these hack attempts.
Source: techcrunch.com
