Security News > 2024 > January > Ivanti Connect Secure zero-days now under mass exploitation
Two zero-day vulnerabilities affecting Ivanti's Connect Secure VPN and Policy Secure network access control appliances are now under mass exploitation.
While Ivanti is yet to release patches for these two actively exploited zero-days, admins are advised to apply mitigation measures provided by the vendor on all ICS VPNs on their network.
As Ivanti disclosed last week, attackers can run arbitrary commands on all supported versions of ICS VPN and IPS appliances when successfully chaining the two zero days.
Thinspool Dropper: custom shell script dropper that writes the Lightwire web shell onto Ivanti CS, securing persistence.
Ivanti warns of Connect Secure zero-days exploited in attacks.
Ivanti Connect Secure zero-days exploited to deploy custom malware.
News URL
Related news
- Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) (source)
- Ivanti warns of new Connect Secure flaw used in zero-day attacks (source)
- Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282) (source)
- Zero-day exploits plague Ivanti Connect Secure appliances for second year running (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- Zero-Day Vulnerability in Ivanti VPN (source)
- Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast (source)
- Nominet probes network intrusion linked to Ivanti zero-day exploit (source)
- UK domain registry Nominet confirms breach via Ivanti zero-day (source)
- UK domain registry Nominet breached via Ivanti zero-day (source)