Security News > 2024 > January > Ivanti Connect Secure zero-days now under mass exploitation
Two zero-day vulnerabilities affecting Ivanti's Connect Secure VPN and Policy Secure network access control appliances are now under mass exploitation.
While Ivanti is yet to release patches for these two actively exploited zero-days, admins are advised to apply mitigation measures provided by the vendor on all ICS VPNs on their network.
As Ivanti disclosed last week, attackers can run arbitrary commands on all supported versions of ICS VPN and IPS appliances when successfully chaining the two zero days.
Thinspool Dropper: custom shell script dropper that writes the Lightwire web shell onto Ivanti CS, securing persistence.
Ivanti warns of Connect Secure zero-days exploited in attacks.
Ivanti Connect Secure zero-days exploited to deploy custom malware.
News URL
Related news
- DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks (source)
- Ivanti fixes EPMM zero-days chained in code execution attacks (source)
- Ivanti patches two zero-days under active attack as intel agency warns customers (source)
- 'Ongoing' Ivanti hijack bug exploitation reaches clouds (source)